Documentation ¶
Index ¶
- type AADCheckRequirements
- type AADCheckRequirementsProperties
- type AADDataConnector
- type AADDataConnectorProperties
- type AATPCheckRequirements
- type AATPCheckRequirementsProperties
- type AATPDataConnector
- type AATPDataConnectorProperties
- type APIPollingParameters
- type ASCCheckRequirements
- type ASCCheckRequirementsProperties
- type ASCDataConnector
- type ASCDataConnectorProperties
- type AccountEntity
- type AccountEntityProperties
- type ActionPropertiesBase
- type ActionRequest
- type ActionRequestProperties
- type ActionResponse
- type ActionResponseProperties
- type ActionsClient
- func (client *ActionsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ActionsClientCreateOrUpdateResponse, error)
- func (client *ActionsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ActionsClientDeleteResponse, error)
- func (client *ActionsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ActionsClientGetResponse, error)
- func (client *ActionsClient) ListByAlertRule(resourceGroupName string, workspaceName string, ruleID string, ...) *ActionsClientListByAlertRulePager
- type ActionsClientCreateOrUpdateOptions
- type ActionsClientCreateOrUpdateResponse
- type ActionsClientCreateOrUpdateResult
- type ActionsClientDeleteOptions
- type ActionsClientDeleteResponse
- type ActionsClientGetOptions
- type ActionsClientGetResponse
- type ActionsClientGetResult
- type ActionsClientListByAlertRuleOptions
- type ActionsClientListByAlertRulePager
- type ActionsClientListByAlertRuleResponse
- type ActionsClientListByAlertRuleResult
- type ActionsList
- type ActivityCustomEntityQuery
- type ActivityEntityQueriesProperties
- type ActivityEntityQueriesPropertiesQueryDefinitions
- type ActivityEntityQuery
- type ActivityEntityQueryTemplate
- type ActivityEntityQueryTemplateProperties
- type ActivityEntityQueryTemplatePropertiesQueryDefinitions
- type ActivityTimelineItem
- type AlertDetail
- type AlertDetailsOverride
- type AlertRule
- type AlertRuleClassification
- type AlertRuleKind
- type AlertRuleTemplate
- type AlertRuleTemplateClassification
- type AlertRuleTemplateDataSource
- type AlertRuleTemplatePropertiesBase
- type AlertRuleTemplatesClient
- type AlertRuleTemplatesClientGetOptions
- type AlertRuleTemplatesClientGetResponse
- type AlertRuleTemplatesClientGetResult
- type AlertRuleTemplatesClientListOptions
- type AlertRuleTemplatesClientListPager
- type AlertRuleTemplatesClientListResponse
- type AlertRuleTemplatesClientListResult
- type AlertRuleTemplatesList
- type AlertRulesClient
- func (client *AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (AlertRulesClientCreateOrUpdateResponse, error)
- func (client *AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (AlertRulesClientDeleteResponse, error)
- func (client *AlertRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (AlertRulesClientGetResponse, error)
- func (client *AlertRulesClient) List(resourceGroupName string, workspaceName string, ...) *AlertRulesClientListPager
- type AlertRulesClientCreateOrUpdateOptions
- type AlertRulesClientCreateOrUpdateResponse
- type AlertRulesClientCreateOrUpdateResult
- type AlertRulesClientDeleteOptions
- type AlertRulesClientDeleteResponse
- type AlertRulesClientGetOptions
- type AlertRulesClientGetResponse
- type AlertRulesClientGetResult
- type AlertRulesClientListOptions
- type AlertRulesClientListPager
- type AlertRulesClientListResponse
- type AlertRulesClientListResult
- type AlertRulesList
- type AlertSeverity
- type AlertStatus
- type AlertsDataTypeOfDataConnector
- type Anomalies
- type AnomaliesSettingsProperties
- type AntispamMailDirection
- type AttackTactic
- type AutomationRule
- type AutomationRuleAction
- type AutomationRuleActionClassification
- type AutomationRuleActionType
- type AutomationRuleCondition
- type AutomationRuleConditionClassification
- type AutomationRuleConditionType
- type AutomationRuleModifyPropertiesAction
- type AutomationRuleModifyPropertiesActionConfiguration
- type AutomationRuleProperties
- type AutomationRulePropertyConditionSupportedOperator
- type AutomationRulePropertyConditionSupportedProperty
- type AutomationRulePropertyValuesCondition
- type AutomationRulePropertyValuesConditionProperties
- type AutomationRuleRunPlaybookAction
- type AutomationRuleRunPlaybookActionConfiguration
- type AutomationRuleTriggeringLogic
- type AutomationRulesClient
- func (client *AutomationRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (AutomationRulesClientCreateOrUpdateResponse, error)
- func (client *AutomationRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (AutomationRulesClientDeleteResponse, error)
- func (client *AutomationRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (AutomationRulesClientGetResponse, error)
- func (client *AutomationRulesClient) List(resourceGroupName string, workspaceName string, ...) *AutomationRulesClientListPager
- type AutomationRulesClientCreateOrUpdateOptions
- type AutomationRulesClientCreateOrUpdateResponse
- type AutomationRulesClientCreateOrUpdateResult
- type AutomationRulesClientDeleteOptions
- type AutomationRulesClientDeleteResponse
- type AutomationRulesClientGetOptions
- type AutomationRulesClientGetResponse
- type AutomationRulesClientGetResult
- type AutomationRulesClientListOptions
- type AutomationRulesClientListPager
- type AutomationRulesClientListResponse
- type AutomationRulesClientListResult
- type AutomationRulesList
- type Availability
- type AwsCloudTrailCheckRequirements
- type AwsCloudTrailDataConnector
- type AwsCloudTrailDataConnectorDataTypes
- type AwsCloudTrailDataConnectorDataTypesLogs
- type AwsCloudTrailDataConnectorProperties
- type AwsS3CheckRequirements
- type AwsS3DataConnector
- type AwsS3DataConnectorDataTypes
- type AwsS3DataConnectorDataTypesLogs
- type AwsS3DataConnectorProperties
- type AzureResourceEntity
- type AzureResourceEntityProperties
- type Bookmark
- type BookmarkClient
- type BookmarkClientExpandOptions
- type BookmarkClientExpandResponse
- type BookmarkClientExpandResult
- type BookmarkExpandParameters
- type BookmarkExpandResponse
- type BookmarkExpandResponseValue
- type BookmarkList
- type BookmarkProperties
- type BookmarkRelationsClient
- func (client *BookmarkRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (BookmarkRelationsClientCreateOrUpdateResponse, error)
- func (client *BookmarkRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (BookmarkRelationsClientDeleteResponse, error)
- func (client *BookmarkRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (BookmarkRelationsClientGetResponse, error)
- func (client *BookmarkRelationsClient) List(resourceGroupName string, workspaceName string, bookmarkID string, ...) *BookmarkRelationsClientListPager
- type BookmarkRelationsClientCreateOrUpdateOptions
- type BookmarkRelationsClientCreateOrUpdateResponse
- type BookmarkRelationsClientCreateOrUpdateResult
- type BookmarkRelationsClientDeleteOptions
- type BookmarkRelationsClientDeleteResponse
- type BookmarkRelationsClientGetOptions
- type BookmarkRelationsClientGetResponse
- type BookmarkRelationsClientGetResult
- type BookmarkRelationsClientListOptions
- type BookmarkRelationsClientListPager
- type BookmarkRelationsClientListResponse
- type BookmarkRelationsClientListResult
- type BookmarkTimelineItem
- type BookmarksClient
- func (client *BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (BookmarksClientCreateOrUpdateResponse, error)
- func (client *BookmarksClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (BookmarksClientDeleteResponse, error)
- func (client *BookmarksClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (BookmarksClientGetResponse, error)
- func (client *BookmarksClient) List(resourceGroupName string, workspaceName string, ...) *BookmarksClientListPager
- type BookmarksClientCreateOrUpdateOptions
- type BookmarksClientCreateOrUpdateResponse
- type BookmarksClientCreateOrUpdateResult
- type BookmarksClientDeleteOptions
- type BookmarksClientDeleteResponse
- type BookmarksClientGetOptions
- type BookmarksClientGetResponse
- type BookmarksClientGetResult
- type BookmarksClientListOptions
- type BookmarksClientListPager
- type BookmarksClientListResponse
- type BookmarksClientListResult
- type ClientInfo
- type CloudApplicationEntity
- type CloudApplicationEntityProperties
- type CloudError
- type CloudErrorBody
- type CodelessAPIPollingDataConnector
- type CodelessConnectorPollingAuthProperties
- type CodelessConnectorPollingConfigProperties
- type CodelessConnectorPollingPagingProperties
- type CodelessConnectorPollingRequestProperties
- type CodelessConnectorPollingResponseProperties
- type CodelessParameters
- type CodelessUIConnectorConfigProperties
- type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem
- type CodelessUIConnectorConfigPropertiesDataTypesItem
- type CodelessUIConnectorConfigPropertiesGraphQueriesItem
- type CodelessUIConnectorConfigPropertiesInstructionStepsItem
- type CodelessUIConnectorConfigPropertiesSampleQueriesItem
- type CodelessUIDataConnector
- type ConfidenceLevel
- type ConfidenceScoreStatus
- type ConnectAuthKind
- type ConnectedEntity
- type ConnectivityCriteria
- type ConnectivityType
- type ConnectorInstructionModelBase
- type ContentPathMap
- type ContentType
- type CreatedByType
- type CustomEntityQuery
- type CustomEntityQueryClassification
- type CustomEntityQueryKind
- type Customs
- type CustomsPermission
- type DNSEntity
- type DNSEntityProperties
- type DataConnector
- type DataConnectorAuthorizationState
- type DataConnectorClassification
- type DataConnectorConnectBody
- type DataConnectorDataTypeCommon
- type DataConnectorKind
- type DataConnectorLicenseState
- type DataConnectorList
- type DataConnectorRequirementsState
- type DataConnectorTenantID
- type DataConnectorWithAlertsProperties
- type DataConnectorsCheckRequirements
- type DataConnectorsCheckRequirementsClassification
- type DataConnectorsCheckRequirementsClient
- type DataConnectorsCheckRequirementsClientPostOptions
- type DataConnectorsCheckRequirementsClientPostResponse
- type DataConnectorsCheckRequirementsClientPostResult
- type DataConnectorsClient
- func (client *DataConnectorsClient) Connect(ctx context.Context, resourceGroupName string, workspaceName string, ...) (DataConnectorsClientConnectResponse, error)
- func (client *DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (DataConnectorsClientCreateOrUpdateResponse, error)
- func (client *DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (DataConnectorsClientDeleteResponse, error)
- func (client *DataConnectorsClient) Disconnect(ctx context.Context, resourceGroupName string, workspaceName string, ...) (DataConnectorsClientDisconnectResponse, error)
- func (client *DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (DataConnectorsClientGetResponse, error)
- func (client *DataConnectorsClient) List(resourceGroupName string, workspaceName string, ...) *DataConnectorsClientListPager
- type DataConnectorsClientConnectOptions
- type DataConnectorsClientConnectResponse
- type DataConnectorsClientCreateOrUpdateOptions
- type DataConnectorsClientCreateOrUpdateResponse
- type DataConnectorsClientCreateOrUpdateResult
- type DataConnectorsClientDeleteOptions
- type DataConnectorsClientDeleteResponse
- type DataConnectorsClientDisconnectOptions
- type DataConnectorsClientDisconnectResponse
- type DataConnectorsClientGetOptions
- type DataConnectorsClientGetResponse
- type DataConnectorsClientGetResult
- type DataConnectorsClientListOptions
- type DataConnectorsClientListPager
- type DataConnectorsClientListResponse
- type DataConnectorsClientListResult
- type DataTypeDefinitions
- type DataTypeState
- type DeliveryAction
- type DeliveryLocation
- type DomainWhoisClient
- type DomainWhoisClientGetOptions
- type DomainWhoisClientGetResponse
- type DomainWhoisClientGetResult
- type Dynamics365CheckRequirements
- type Dynamics365CheckRequirementsProperties
- type Dynamics365DataConnector
- type Dynamics365DataConnectorDataTypes
- type Dynamics365DataConnectorDataTypesDynamics365CdsActivities
- type Dynamics365DataConnectorProperties
- type ElevationToken
- type EnrichmentDomainWhois
- type EnrichmentDomainWhoisContact
- type EnrichmentDomainWhoisContacts
- type EnrichmentDomainWhoisDetails
- type EnrichmentDomainWhoisRegistrarDetails
- type EnrichmentIPGeodata
- type EntitiesClient
- func (client *EntitiesClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, ...) (EntitiesClientExpandResponse, error)
- func (client *EntitiesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (EntitiesClientGetResponse, error)
- func (client *EntitiesClient) GetInsights(ctx context.Context, resourceGroupName string, workspaceName string, ...) (EntitiesClientGetInsightsResponse, error)
- func (client *EntitiesClient) List(resourceGroupName string, workspaceName string, ...) *EntitiesClientListPager
- func (client *EntitiesClient) Queries(ctx context.Context, resourceGroupName string, workspaceName string, ...) (EntitiesClientQueriesResponse, error)
- type EntitiesClientExpandOptions
- type EntitiesClientExpandResponse
- type EntitiesClientExpandResult
- type EntitiesClientGetInsightsOptions
- type EntitiesClientGetInsightsResponse
- type EntitiesClientGetInsightsResult
- type EntitiesClientGetOptions
- type EntitiesClientGetResponse
- type EntitiesClientGetResult
- type EntitiesClientListOptions
- type EntitiesClientListPager
- type EntitiesClientListResponse
- type EntitiesClientListResult
- type EntitiesClientQueriesOptions
- type EntitiesClientQueriesResponse
- type EntitiesClientQueriesResult
- type EntitiesGetTimelineClient
- type EntitiesGetTimelineClientListOptions
- type EntitiesGetTimelineClientListResponse
- type EntitiesGetTimelineClientListResult
- type EntitiesRelationsClient
- type EntitiesRelationsClientListOptions
- type EntitiesRelationsClientListPager
- type EntitiesRelationsClientListResponse
- type EntitiesRelationsClientListResult
- type Entity
- type EntityAnalytics
- type EntityAnalyticsProperties
- type EntityClassification
- type EntityCommonProperties
- type EntityEdges
- type EntityExpandParameters
- type EntityExpandResponse
- type EntityExpandResponseValue
- type EntityGetInsightsParameters
- type EntityGetInsightsResponse
- type EntityInsightItem
- type EntityInsightItemQueryTimeInterval
- type EntityItemQueryKind
- type EntityKind
- type EntityList
- type EntityMapping
- type EntityMappingType
- type EntityQueriesClient
- func (client *EntityQueriesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (EntityQueriesClientCreateOrUpdateResponse, error)
- func (client *EntityQueriesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (EntityQueriesClientDeleteResponse, error)
- func (client *EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (EntityQueriesClientGetResponse, error)
- func (client *EntityQueriesClient) List(resourceGroupName string, workspaceName string, ...) *EntityQueriesClientListPager
- type EntityQueriesClientCreateOrUpdateOptions
- type EntityQueriesClientCreateOrUpdateResponse
- type EntityQueriesClientCreateOrUpdateResult
- type EntityQueriesClientDeleteOptions
- type EntityQueriesClientDeleteResponse
- type EntityQueriesClientGetOptions
- type EntityQueriesClientGetResponse
- type EntityQueriesClientGetResult
- type EntityQueriesClientListOptions
- type EntityQueriesClientListPager
- type EntityQueriesClientListResponse
- type EntityQueriesClientListResult
- type EntityQuery
- type EntityQueryClassification
- type EntityQueryItem
- type EntityQueryItemClassification
- type EntityQueryItemProperties
- type EntityQueryItemPropertiesDataTypesItem
- type EntityQueryKind
- type EntityQueryList
- type EntityQueryTemplate
- type EntityQueryTemplateClassification
- type EntityQueryTemplateKind
- type EntityQueryTemplateList
- type EntityQueryTemplatesClient
- func (client *EntityQueryTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (EntityQueryTemplatesClientGetResponse, error)
- func (client *EntityQueryTemplatesClient) List(resourceGroupName string, workspaceName string, ...) *EntityQueryTemplatesClientListPager
- type EntityQueryTemplatesClientGetOptions
- type EntityQueryTemplatesClientGetResponse
- type EntityQueryTemplatesClientGetResult
- type EntityQueryTemplatesClientListOptions
- type EntityQueryTemplatesClientListPager
- type EntityQueryTemplatesClientListResponse
- type EntityQueryTemplatesClientListResult
- type EntityRelationsClient
- type EntityRelationsClientGetRelationOptions
- type EntityRelationsClientGetRelationResponse
- type EntityRelationsClientGetRelationResult
- type EntityTimelineItem
- type EntityTimelineItemClassification
- type EntityTimelineKind
- type EntityTimelineParameters
- type EntityTimelineResponse
- type EntityType
- type Enum39
- type Enum8
- type ErrorAdditionalInfo
- type ErrorDetail
- type ErrorResponse
- type EventGroupingAggregationKind
- type EventGroupingSettings
- type ExpansionEntityQueriesProperties
- type ExpansionEntityQuery
- type ExpansionResultAggregation
- type ExpansionResultsMetadata
- type EyesOn
- type EyesOnSettingsProperties
- type FieldMapping
- type FileEntity
- type FileEntityProperties
- type FileHashAlgorithm
- type FileHashEntity
- type FileHashEntityProperties
- type FusionAlertRule
- type FusionAlertRuleProperties
- type FusionAlertRuleTemplate
- type FusionAlertRuleTemplateProperties
- type GeoLocation
- type GetInsightsError
- type GetInsightsErrorKind
- type GetInsightsResultsMetadata
- type GetQueriesResponse
- type GraphQueries
- type GroupingConfiguration
- type HostEntity
- type HostEntityProperties
- type HuntingBookmark
- type HuntingBookmarkProperties
- type IPEntity
- type IPEntityProperties
- type IPGeodataClient
- type IPGeodataClientGetOptions
- type IPGeodataClientGetResponse
- type IPGeodataClientGetResult
- type Incident
- type IncidentAdditionalData
- type IncidentAlertList
- type IncidentBookmarkList
- type IncidentClassification
- type IncidentClassificationReason
- type IncidentComment
- type IncidentCommentList
- type IncidentCommentProperties
- type IncidentCommentsClient
- func (client *IncidentCommentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentCommentsClientCreateOrUpdateResponse, error)
- func (client *IncidentCommentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentCommentsClientDeleteResponse, error)
- func (client *IncidentCommentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentCommentsClientGetResponse, error)
- func (client *IncidentCommentsClient) List(resourceGroupName string, workspaceName string, incidentID string, ...) *IncidentCommentsClientListPager
- type IncidentCommentsClientCreateOrUpdateOptions
- type IncidentCommentsClientCreateOrUpdateResponse
- type IncidentCommentsClientCreateOrUpdateResult
- type IncidentCommentsClientDeleteOptions
- type IncidentCommentsClientDeleteResponse
- type IncidentCommentsClientGetOptions
- type IncidentCommentsClientGetResponse
- type IncidentCommentsClientGetResult
- type IncidentCommentsClientListOptions
- type IncidentCommentsClientListPager
- type IncidentCommentsClientListResponse
- type IncidentCommentsClientListResult
- type IncidentConfiguration
- type IncidentEntitiesResponse
- type IncidentEntitiesResultsMetadata
- type IncidentInfo
- type IncidentLabel
- type IncidentLabelType
- type IncidentList
- type IncidentOwnerInfo
- type IncidentProperties
- type IncidentRelationsClient
- func (client *IncidentRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentRelationsClientCreateOrUpdateResponse, error)
- func (client *IncidentRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentRelationsClientDeleteResponse, error)
- func (client *IncidentRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentRelationsClientGetResponse, error)
- func (client *IncidentRelationsClient) List(resourceGroupName string, workspaceName string, incidentID string, ...) *IncidentRelationsClientListPager
- type IncidentRelationsClientCreateOrUpdateOptions
- type IncidentRelationsClientCreateOrUpdateResponse
- type IncidentRelationsClientCreateOrUpdateResult
- type IncidentRelationsClientDeleteOptions
- type IncidentRelationsClientDeleteResponse
- type IncidentRelationsClientGetOptions
- type IncidentRelationsClientGetResponse
- type IncidentRelationsClientGetResult
- type IncidentRelationsClientListOptions
- type IncidentRelationsClientListPager
- type IncidentRelationsClientListResponse
- type IncidentRelationsClientListResult
- type IncidentSeverity
- type IncidentStatus
- type IncidentsClient
- func (client *IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentsClientCreateOrUpdateResponse, error)
- func (client *IncidentsClient) CreateTeam(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentsClientCreateTeamResponse, error)
- func (client *IncidentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentsClientDeleteResponse, error)
- func (client *IncidentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentsClientGetResponse, error)
- func (client *IncidentsClient) List(resourceGroupName string, workspaceName string, ...) *IncidentsClientListPager
- func (client *IncidentsClient) ListAlerts(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentsClientListAlertsResponse, error)
- func (client *IncidentsClient) ListBookmarks(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentsClientListBookmarksResponse, error)
- func (client *IncidentsClient) ListEntities(ctx context.Context, resourceGroupName string, workspaceName string, ...) (IncidentsClientListEntitiesResponse, error)
- type IncidentsClientCreateOrUpdateOptions
- type IncidentsClientCreateOrUpdateResponse
- type IncidentsClientCreateOrUpdateResult
- type IncidentsClientCreateTeamOptions
- type IncidentsClientCreateTeamResponse
- type IncidentsClientCreateTeamResult
- type IncidentsClientDeleteOptions
- type IncidentsClientDeleteResponse
- type IncidentsClientGetOptions
- type IncidentsClientGetResponse
- type IncidentsClientGetResult
- type IncidentsClientListAlertsOptions
- type IncidentsClientListAlertsResponse
- type IncidentsClientListAlertsResult
- type IncidentsClientListBookmarksOptions
- type IncidentsClientListBookmarksResponse
- type IncidentsClientListBookmarksResult
- type IncidentsClientListEntitiesOptions
- type IncidentsClientListEntitiesResponse
- type IncidentsClientListEntitiesResult
- type IncidentsClientListOptions
- type IncidentsClientListPager
- type IncidentsClientListResponse
- type IncidentsClientListResult
- type InsightQueryItem
- type InsightQueryItemProperties
- type InsightQueryItemPropertiesAdditionalQuery
- type InsightQueryItemPropertiesDefaultTimeRange
- type InsightQueryItemPropertiesReferenceTimeRange
- type InsightQueryItemPropertiesTableQuery
- type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem
- type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem
- type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem
- type InsightsTableResult
- type InsightsTableResultColumnsItem
- type InstructionSteps
- type InstructionStepsInstructionsItem
- type IoTDeviceEntity
- type IoTDeviceEntityProperties
- type KillChainIntent
- type Kind
- type LastDataReceivedDataType
- type MCASCheckRequirements
- type MCASCheckRequirementsProperties
- type MCASDataConnector
- type MCASDataConnectorDataTypes
- type MCASDataConnectorProperties
- type MDATPCheckRequirements
- type MDATPCheckRequirementsProperties
- type MDATPDataConnector
- type MDATPDataConnectorProperties
- type MLBehaviorAnalyticsAlertRule
- type MLBehaviorAnalyticsAlertRuleProperties
- type MLBehaviorAnalyticsAlertRuleTemplate
- type MLBehaviorAnalyticsAlertRuleTemplateProperties
- type MSTICheckRequirements
- type MSTICheckRequirementsProperties
- type MSTIDataConnector
- type MSTIDataConnectorDataTypes
- type MSTIDataConnectorDataTypesBingSafetyPhishingURL
- type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed
- type MSTIDataConnectorProperties
- type MTPCheckRequirementsProperties
- type MTPDataConnector
- type MTPDataConnectorDataTypes
- type MTPDataConnectorDataTypesIncidents
- type MTPDataConnectorProperties
- type MailClusterEntity
- type MailClusterEntityProperties
- type MailMessageEntity
- type MailMessageEntityProperties
- type MailboxEntity
- type MailboxEntityProperties
- type MalwareEntity
- type MalwareEntityProperties
- type MatchingMethod
- type MetadataAuthor
- type MetadataCategories
- type MetadataClient
- func (client *MetadataClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, ...) (MetadataClientCreateResponse, error)
- func (client *MetadataClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (MetadataClientDeleteResponse, error)
- func (client *MetadataClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (MetadataClientGetResponse, error)
- func (client *MetadataClient) List(resourceGroupName string, workspaceName string, ...) *MetadataClientListPager
- func (client *MetadataClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, ...) (MetadataClientUpdateResponse, error)
- type MetadataClientCreateOptions
- type MetadataClientCreateResponse
- type MetadataClientCreateResult
- type MetadataClientDeleteOptions
- type MetadataClientDeleteResponse
- type MetadataClientGetOptions
- type MetadataClientGetResponse
- type MetadataClientGetResult
- type MetadataClientListOptions
- type MetadataClientListPager
- type MetadataClientListResponse
- type MetadataClientListResult
- type MetadataClientUpdateOptions
- type MetadataClientUpdateResponse
- type MetadataClientUpdateResult
- type MetadataDependencies
- type MetadataList
- type MetadataModel
- type MetadataPatch
- type MetadataProperties
- type MetadataPropertiesPatch
- type MetadataSource
- type MetadataSupport
- type MicrosoftSecurityIncidentCreationAlertRule
- type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties
- type MicrosoftSecurityIncidentCreationAlertRuleProperties
- type MicrosoftSecurityIncidentCreationAlertRuleTemplate
- type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties
- type MicrosoftSecurityProductName
- type MtpCheckRequirements
- type NrtAlertRule
- type NrtAlertRuleProperties
- type NrtAlertRuleTemplate
- type NrtAlertRuleTemplateProperties
- type OSFamily
- type OfficeATPCheckRequirements
- type OfficeATPCheckRequirementsProperties
- type OfficeATPDataConnector
- type OfficeATPDataConnectorProperties
- type OfficeConsent
- type OfficeConsentList
- type OfficeConsentProperties
- type OfficeConsentsClient
- func (client *OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (OfficeConsentsClientDeleteResponse, error)
- func (client *OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (OfficeConsentsClientGetResponse, error)
- func (client *OfficeConsentsClient) List(resourceGroupName string, workspaceName string, ...) *OfficeConsentsClientListPager
- type OfficeConsentsClientDeleteOptions
- type OfficeConsentsClientDeleteResponse
- type OfficeConsentsClientGetOptions
- type OfficeConsentsClientGetResponse
- type OfficeConsentsClientGetResult
- type OfficeConsentsClientListOptions
- type OfficeConsentsClientListPager
- type OfficeConsentsClientListResponse
- type OfficeConsentsClientListResult
- type OfficeDataConnector
- type OfficeDataConnectorDataTypes
- type OfficeDataConnectorDataTypesExchange
- type OfficeDataConnectorDataTypesSharePoint
- type OfficeDataConnectorDataTypesTeams
- type OfficeDataConnectorProperties
- type OfficeIRMCheckRequirements
- type OfficeIRMCheckRequirementsProperties
- type OfficeIRMDataConnector
- type OfficeIRMDataConnectorProperties
- type Operation
- type OperationDisplay
- type OperationsClient
- type OperationsClientListOptions
- type OperationsClientListPager
- type OperationsClientListResponse
- type OperationsClientListResult
- type OperationsList
- type Operator
- type OutputType
- type OwnerType
- type PermissionProviderScope
- type Permissions
- type PermissionsCustomsItem
- type PermissionsResourceProviderItem
- type PollingFrequency
- type ProcessEntity
- type ProcessEntityProperties
- type ProductSettingsClient
- func (client *ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ProductSettingsClientDeleteResponse, error)
- func (client *ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ProductSettingsClientGetResponse, error)
- func (client *ProductSettingsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ProductSettingsClientListResponse, error)
- func (client *ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ProductSettingsClientUpdateResponse, error)
- type ProductSettingsClientDeleteOptions
- type ProductSettingsClientDeleteResponse
- type ProductSettingsClientGetOptions
- type ProductSettingsClientGetResponse
- type ProductSettingsClientGetResult
- type ProductSettingsClientListOptions
- type ProductSettingsClientListResponse
- type ProductSettingsClientListResult
- type ProductSettingsClientUpdateOptions
- type ProductSettingsClientUpdateResponse
- type ProductSettingsClientUpdateResult
- type ProviderName
- type QueryBasedAlertRuleProperties
- type QueryBasedAlertRuleTemplateProperties
- type RegistryHive
- type RegistryKeyEntity
- type RegistryKeyEntityProperties
- type RegistryValueEntity
- type RegistryValueEntityProperties
- type RegistryValueKind
- type Relation
- type RelationList
- type RelationProperties
- type Repo
- type RepoList
- type RepoType
- type Repository
- type RequiredPermissions
- type Resource
- type ResourceProvider
- type ResourceWithEtag
- type SKU
- type SKUKind
- type SampleQueries
- type ScheduledAlertRule
- type ScheduledAlertRuleCommonProperties
- type ScheduledAlertRuleProperties
- type ScheduledAlertRuleTemplate
- type ScheduledAlertRuleTemplateProperties
- type SecurityAlert
- type SecurityAlertProperties
- type SecurityAlertPropertiesConfidenceReasonsItem
- type SecurityAlertTimelineItem
- type SecurityGroupEntity
- type SecurityGroupEntityProperties
- type SentinelOnboardingState
- type SentinelOnboardingStateProperties
- type SentinelOnboardingStatesClient
- func (client *SentinelOnboardingStatesClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, ...) (SentinelOnboardingStatesClientCreateResponse, error)
- func (client *SentinelOnboardingStatesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (SentinelOnboardingStatesClientDeleteResponse, error)
- func (client *SentinelOnboardingStatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (SentinelOnboardingStatesClientGetResponse, error)
- func (client *SentinelOnboardingStatesClient) List(ctx context.Context, resourceGroupName string, workspaceName string, ...) (SentinelOnboardingStatesClientListResponse, error)
- type SentinelOnboardingStatesClientCreateOptions
- type SentinelOnboardingStatesClientCreateResponse
- type SentinelOnboardingStatesClientCreateResult
- type SentinelOnboardingStatesClientDeleteOptions
- type SentinelOnboardingStatesClientDeleteResponse
- type SentinelOnboardingStatesClientGetOptions
- type SentinelOnboardingStatesClientGetResponse
- type SentinelOnboardingStatesClientGetResult
- type SentinelOnboardingStatesClientListOptions
- type SentinelOnboardingStatesClientListResponse
- type SentinelOnboardingStatesClientListResult
- type SentinelOnboardingStatesList
- type SettingKind
- type SettingList
- type SettingType
- type Settings
- type SettingsClassification
- type Source
- type SourceControl
- type SourceControlClient
- type SourceControlClientListRepositoriesOptions
- type SourceControlClientListRepositoriesPager
- type SourceControlClientListRepositoriesResponse
- type SourceControlClientListRepositoriesResult
- type SourceControlList
- type SourceControlProperties
- type SourceControlsClient
- func (client *SourceControlsClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, ...) (SourceControlsClientCreateResponse, error)
- func (client *SourceControlsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (SourceControlsClientDeleteResponse, error)
- func (client *SourceControlsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (SourceControlsClientGetResponse, error)
- func (client *SourceControlsClient) List(resourceGroupName string, workspaceName string, ...) *SourceControlsClientListPager
- type SourceControlsClientCreateOptions
- type SourceControlsClientCreateResponse
- type SourceControlsClientCreateResult
- type SourceControlsClientDeleteOptions
- type SourceControlsClientDeleteResponse
- type SourceControlsClientGetOptions
- type SourceControlsClientGetResponse
- type SourceControlsClientGetResult
- type SourceControlsClientListOptions
- type SourceControlsClientListPager
- type SourceControlsClientListResponse
- type SourceControlsClientListResult
- type SourceKind
- type SubmissionMailEntity
- type SubmissionMailEntityProperties
- type SupportTier
- type SystemData
- type TICheckRequirements
- type TICheckRequirementsProperties
- type TIDataConnector
- type TIDataConnectorDataTypes
- type TIDataConnectorDataTypesIndicators
- type TIDataConnectorProperties
- type TeamInformation
- type TeamProperties
- type TemplateStatus
- type ThreatIntelligence
- type ThreatIntelligenceAlertRule
- type ThreatIntelligenceAlertRuleProperties
- type ThreatIntelligenceAlertRuleTemplate
- type ThreatIntelligenceAlertRuleTemplateProperties
- type ThreatIntelligenceAppendTags
- type ThreatIntelligenceExternalReference
- type ThreatIntelligenceFilteringCriteria
- type ThreatIntelligenceGranularMarkingModel
- type ThreatIntelligenceIndicatorClient
- func (client *ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ThreatIntelligenceIndicatorClientAppendTagsResponse, error)
- func (client *ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ThreatIntelligenceIndicatorClientCreateResponse, error)
- func (client *ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ThreatIntelligenceIndicatorClientCreateIndicatorResponse, error)
- func (client *ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ThreatIntelligenceIndicatorClientDeleteResponse, error)
- func (client *ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ThreatIntelligenceIndicatorClientGetResponse, error)
- func (client *ThreatIntelligenceIndicatorClient) QueryIndicators(resourceGroupName string, workspaceName string, ...) *ThreatIntelligenceIndicatorClientQueryIndicatorsPager
- func (client *ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, workspaceName string, ...) (ThreatIntelligenceIndicatorClientReplaceTagsResponse, error)
- type ThreatIntelligenceIndicatorClientAppendTagsOptions
- type ThreatIntelligenceIndicatorClientAppendTagsResponse
- type ThreatIntelligenceIndicatorClientCreateIndicatorOptions
- type ThreatIntelligenceIndicatorClientCreateIndicatorResponse
- type ThreatIntelligenceIndicatorClientCreateIndicatorResult
- type ThreatIntelligenceIndicatorClientCreateOptions
- type ThreatIntelligenceIndicatorClientCreateResponse
- type ThreatIntelligenceIndicatorClientCreateResult
- type ThreatIntelligenceIndicatorClientDeleteOptions
- type ThreatIntelligenceIndicatorClientDeleteResponse
- type ThreatIntelligenceIndicatorClientGetOptions
- type ThreatIntelligenceIndicatorClientGetResponse
- type ThreatIntelligenceIndicatorClientGetResult
- type ThreatIntelligenceIndicatorClientQueryIndicatorsOptions
- type ThreatIntelligenceIndicatorClientQueryIndicatorsPager
- func (p *ThreatIntelligenceIndicatorClientQueryIndicatorsPager) Err() error
- func (p *ThreatIntelligenceIndicatorClientQueryIndicatorsPager) NextPage(ctx context.Context) bool
- func (p *ThreatIntelligenceIndicatorClientQueryIndicatorsPager) PageResponse() ThreatIntelligenceIndicatorClientQueryIndicatorsResponse
- type ThreatIntelligenceIndicatorClientQueryIndicatorsResponse
- type ThreatIntelligenceIndicatorClientQueryIndicatorsResult
- type ThreatIntelligenceIndicatorClientReplaceTagsOptions
- type ThreatIntelligenceIndicatorClientReplaceTagsResponse
- type ThreatIntelligenceIndicatorClientReplaceTagsResult
- type ThreatIntelligenceIndicatorMetricsClient
- type ThreatIntelligenceIndicatorMetricsClientListOptions
- type ThreatIntelligenceIndicatorMetricsClientListResponse
- type ThreatIntelligenceIndicatorMetricsClientListResult
- type ThreatIntelligenceIndicatorModel
- type ThreatIntelligenceIndicatorModelForRequestBody
- type ThreatIntelligenceIndicatorProperties
- type ThreatIntelligenceIndicatorsClient
- type ThreatIntelligenceIndicatorsClientListOptions
- type ThreatIntelligenceIndicatorsClientListPager
- type ThreatIntelligenceIndicatorsClientListResponse
- type ThreatIntelligenceIndicatorsClientListResult
- type ThreatIntelligenceInformation
- type ThreatIntelligenceInformationList
- type ThreatIntelligenceKillChainPhase
- type ThreatIntelligenceMetric
- type ThreatIntelligenceMetricEntity
- type ThreatIntelligenceMetrics
- type ThreatIntelligenceMetricsList
- type ThreatIntelligenceParsedPattern
- type ThreatIntelligenceParsedPatternTypeValue
- type ThreatIntelligenceResourceKind
- type ThreatIntelligenceResourceKindEnum
- type ThreatIntelligenceSortingCriteria
- type ThreatIntelligenceSortingCriteriaEnum
- type TiTaxiiCheckRequirements
- type TiTaxiiCheckRequirementsProperties
- type TiTaxiiDataConnector
- type TiTaxiiDataConnectorDataTypes
- type TiTaxiiDataConnectorDataTypesTaxiiClient
- type TiTaxiiDataConnectorProperties
- type TimelineAggregation
- type TimelineError
- type TimelineResultsMetadata
- type TriggerOperator
- type TriggersOn
- type TriggersWhen
- type URLEntity
- type URLEntityProperties
- type Ueba
- type UebaDataSources
- type UebaProperties
- type UserInfo
- type Watchlist
- type WatchlistItem
- type WatchlistItemList
- type WatchlistItemProperties
- type WatchlistItemsClient
- func (client *WatchlistItemsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (WatchlistItemsClientCreateOrUpdateResponse, error)
- func (client *WatchlistItemsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (WatchlistItemsClientDeleteResponse, error)
- func (client *WatchlistItemsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (WatchlistItemsClientGetResponse, error)
- func (client *WatchlistItemsClient) List(resourceGroupName string, workspaceName string, watchlistAlias string, ...) *WatchlistItemsClientListPager
- type WatchlistItemsClientCreateOrUpdateOptions
- type WatchlistItemsClientCreateOrUpdateResponse
- type WatchlistItemsClientCreateOrUpdateResult
- type WatchlistItemsClientDeleteOptions
- type WatchlistItemsClientDeleteResponse
- type WatchlistItemsClientGetOptions
- type WatchlistItemsClientGetResponse
- type WatchlistItemsClientGetResult
- type WatchlistItemsClientListOptions
- type WatchlistItemsClientListPager
- type WatchlistItemsClientListResponse
- type WatchlistItemsClientListResult
- type WatchlistList
- type WatchlistProperties
- type WatchlistsClient
- func (client *WatchlistsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ...) (WatchlistsClientCreateOrUpdateResponse, error)
- func (client *WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ...) (WatchlistsClientDeleteResponse, error)
- func (client *WatchlistsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ...) (WatchlistsClientGetResponse, error)
- func (client *WatchlistsClient) List(resourceGroupName string, workspaceName string, ...) *WatchlistsClientListPager
- type WatchlistsClientCreateOrUpdateOptions
- type WatchlistsClientCreateOrUpdateResponse
- type WatchlistsClientCreateOrUpdateResult
- type WatchlistsClientDeleteOptions
- type WatchlistsClientDeleteResponse
- type WatchlistsClientGetOptions
- type WatchlistsClientGetResponse
- type WatchlistsClientGetResult
- type WatchlistsClientListOptions
- type WatchlistsClientListPager
- type WatchlistsClientListResponse
- type WatchlistsClientListResult
Examples ¶
- ActionsClient.CreateOrUpdate
- ActionsClient.Delete
- ActionsClient.Get
- ActionsClient.ListByAlertRule
- AlertRuleTemplatesClient.Get
- AlertRuleTemplatesClient.List
- AlertRulesClient.CreateOrUpdate
- AlertRulesClient.Delete
- AlertRulesClient.Get
- AlertRulesClient.List
- AutomationRulesClient.CreateOrUpdate
- AutomationRulesClient.Delete
- AutomationRulesClient.Get
- AutomationRulesClient.List
- BookmarkClient.Expand
- BookmarkRelationsClient.CreateOrUpdate
- BookmarkRelationsClient.Delete
- BookmarkRelationsClient.Get
- BookmarkRelationsClient.List
- BookmarksClient.CreateOrUpdate
- BookmarksClient.Delete
- BookmarksClient.Get
- BookmarksClient.List
- DataConnectorsCheckRequirementsClient.Post
- DataConnectorsClient.Connect
- DataConnectorsClient.CreateOrUpdate
- DataConnectorsClient.Delete
- DataConnectorsClient.Disconnect
- DataConnectorsClient.Get
- DataConnectorsClient.List
- DomainWhoisClient.Get
- EntitiesClient.Expand
- EntitiesClient.Get
- EntitiesClient.GetInsights
- EntitiesClient.List
- EntitiesClient.Queries
- EntitiesGetTimelineClient.List
- EntitiesRelationsClient.List
- EntityQueriesClient.CreateOrUpdate
- EntityQueriesClient.Delete
- EntityQueriesClient.Get
- EntityQueriesClient.List
- EntityQueryTemplatesClient.Get
- EntityQueryTemplatesClient.List
- EntityRelationsClient.GetRelation
- IPGeodataClient.Get
- IncidentCommentsClient.CreateOrUpdate
- IncidentCommentsClient.Delete
- IncidentCommentsClient.Get
- IncidentCommentsClient.List
- IncidentRelationsClient.CreateOrUpdate
- IncidentRelationsClient.Delete
- IncidentRelationsClient.Get
- IncidentRelationsClient.List
- IncidentsClient.CreateOrUpdate
- IncidentsClient.CreateTeam
- IncidentsClient.Delete
- IncidentsClient.Get
- IncidentsClient.List
- IncidentsClient.ListAlerts
- IncidentsClient.ListBookmarks
- IncidentsClient.ListEntities
- MetadataClient.Create
- MetadataClient.Delete
- MetadataClient.Get
- MetadataClient.List
- MetadataClient.Update
- OfficeConsentsClient.Delete
- OfficeConsentsClient.Get
- OfficeConsentsClient.List
- ProductSettingsClient.Delete
- ProductSettingsClient.Get
- ProductSettingsClient.List
- ProductSettingsClient.Update
- SentinelOnboardingStatesClient.Create
- SentinelOnboardingStatesClient.Delete
- SentinelOnboardingStatesClient.Get
- SentinelOnboardingStatesClient.List
- SourceControlClient.ListRepositories
- SourceControlsClient.Create
- SourceControlsClient.Delete
- SourceControlsClient.Get
- SourceControlsClient.List
- ThreatIntelligenceIndicatorClient.AppendTags
- ThreatIntelligenceIndicatorClient.Create
- ThreatIntelligenceIndicatorClient.CreateIndicator
- ThreatIntelligenceIndicatorClient.Delete
- ThreatIntelligenceIndicatorClient.Get
- ThreatIntelligenceIndicatorClient.QueryIndicators
- ThreatIntelligenceIndicatorClient.ReplaceTags
- ThreatIntelligenceIndicatorMetricsClient.List
- ThreatIntelligenceIndicatorsClient.List
- WatchlistItemsClient.CreateOrUpdate
- WatchlistItemsClient.Delete
- WatchlistItemsClient.Get
- WatchlistItemsClient.List
- WatchlistsClient.CreateOrUpdate
- WatchlistsClient.Delete
- WatchlistsClient.Get
- WatchlistsClient.List
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AADCheckRequirements ¶ added in v0.2.0
type AADCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // AAD (Azure Active Directory) requirements check properties. Properties *AADCheckRequirementsProperties `json:"properties,omitempty"` }
AADCheckRequirements - Represents AAD (Azure Active Directory) requirements check request.
func (*AADCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (a *AADCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AADCheckRequirements.
func (AADCheckRequirements) MarshalJSON ¶ added in v0.2.0
func (a AADCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AADCheckRequirements.
func (*AADCheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (a *AADCheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AADCheckRequirements.
type AADCheckRequirementsProperties ¶ added in v0.2.0
type AADCheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties.
type AADDataConnector ¶
type AADDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // AAD (Azure Active Directory) data connector properties. Properties *AADDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
AADDataConnector - Represents AAD (Azure Active Directory) data connector.
func (*AADDataConnector) GetDataConnector ¶ added in v0.2.0
func (a *AADDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type AADDataConnector.
func (AADDataConnector) MarshalJSON ¶
func (a AADDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AADDataConnector.
func (*AADDataConnector) UnmarshalJSON ¶
func (a *AADDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AADDataConnector.
type AADDataConnectorProperties ¶
type AADDataConnectorProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties.
type AATPCheckRequirements ¶ added in v0.2.0
type AATPCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // AATP (Azure Advanced Threat Protection) requirements check properties. Properties *AATPCheckRequirementsProperties `json:"properties,omitempty"` }
AATPCheckRequirements - Represents AATP (Azure Advanced Threat Protection) requirements check request.
func (*AATPCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (a *AATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AATPCheckRequirements.
func (AATPCheckRequirements) MarshalJSON ¶ added in v0.2.0
func (a AATPCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AATPCheckRequirements.
func (*AATPCheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (a *AATPCheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AATPCheckRequirements.
type AATPCheckRequirementsProperties ¶ added in v0.2.0
type AATPCheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties.
type AATPDataConnector ¶
type AATPDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // AATP (Azure Advanced Threat Protection) data connector properties. Properties *AATPDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
AATPDataConnector - Represents AATP (Azure Advanced Threat Protection) data connector.
func (*AATPDataConnector) GetDataConnector ¶ added in v0.2.0
func (a *AATPDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type AATPDataConnector.
func (AATPDataConnector) MarshalJSON ¶
func (a AATPDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AATPDataConnector.
func (*AATPDataConnector) UnmarshalJSON ¶
func (a *AATPDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AATPDataConnector.
type AATPDataConnectorProperties ¶
type AATPDataConnectorProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties.
type APIPollingParameters ¶ added in v0.2.0
type APIPollingParameters struct { // Config to describe the instructions blade ConnectorUIConfig *CodelessUIConnectorConfigProperties `json:"connectorUiConfig,omitempty"` // Config to describe the polling instructions PollingConfig *CodelessConnectorPollingConfigProperties `json:"pollingConfig,omitempty"` }
APIPollingParameters - Represents Codeless API Polling data connector
type ASCCheckRequirements ¶ added in v0.2.0
type ASCCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // ASC (Azure Security Center) requirements check properties. Properties *ASCCheckRequirementsProperties `json:"properties,omitempty"` }
ASCCheckRequirements - Represents ASC (Azure Security Center) requirements check request.
func (*ASCCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (a *ASCCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type ASCCheckRequirements.
func (ASCCheckRequirements) MarshalJSON ¶ added in v0.2.0
func (a ASCCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ASCCheckRequirements.
func (*ASCCheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (a *ASCCheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ASCCheckRequirements.
type ASCCheckRequirementsProperties ¶ added in v0.2.0
type ASCCheckRequirementsProperties struct { // The subscription id to connect to, and get the data from. SubscriptionID *string `json:"subscriptionId,omitempty"` }
ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties.
type ASCDataConnector ¶
type ASCDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // ASC (Azure Security Center) data connector properties. Properties *ASCDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ASCDataConnector - Represents ASC (Azure Security Center) data connector.
func (*ASCDataConnector) GetDataConnector ¶ added in v0.2.0
func (a *ASCDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type ASCDataConnector.
func (ASCDataConnector) MarshalJSON ¶
func (a ASCDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ASCDataConnector.
func (*ASCDataConnector) UnmarshalJSON ¶
func (a *ASCDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ASCDataConnector.
type ASCDataConnectorProperties ¶
type ASCDataConnectorProperties struct { // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` // The subscription id to connect to, and get the data from. SubscriptionID *string `json:"subscriptionId,omitempty"` }
ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties.
type AccountEntity ¶ added in v0.2.0
type AccountEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // Account entity properties Properties *AccountEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
AccountEntity - Represents an account entity.
func (*AccountEntity) GetEntity ¶ added in v0.2.0
func (a *AccountEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type AccountEntity.
func (AccountEntity) MarshalJSON ¶ added in v0.2.0
func (a AccountEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AccountEntity.
func (*AccountEntity) UnmarshalJSON ¶ added in v0.2.0
func (a *AccountEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AccountEntity.
type AccountEntityProperties ¶ added in v0.2.0
type AccountEntityProperties struct { // READ-ONLY; The Azure Active Directory tenant id. AADTenantID *string `json:"aadTenantId,omitempty" azure:"ro"` // READ-ONLY; The Azure Active Directory user id. AADUserID *string `json:"aadUserId,omitempty" azure:"ro"` // READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. AccountName *string `json:"accountName,omitempty" azure:"ro"` // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The fully qualified domain DNS name. DNSDomain *string `json:"dnsDomain,omitempty" azure:"ro"` // READ-ONLY; The display name of the account. DisplayName *string `json:"displayName,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined) HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"` // READ-ONLY; Determines whether this is a domain account. IsDomainJoined *bool `json:"isDomainJoined,omitempty" azure:"ro"` // READ-ONLY; The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY. NtDomain *string `json:"ntDomain,omitempty" azure:"ro"` // READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned // by active directory. ObjectGUID *string `json:"objectGuid,omitempty" azure:"ro"` // READ-ONLY; The Azure Active Directory Passport User ID. Puid *string `json:"puid,omitempty" azure:"ro"` // READ-ONLY; The account security identifier, e.g. S-1-5-18. Sid *string `json:"sid,omitempty" azure:"ro"` // READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. UpnSuffix *string `json:"upnSuffix,omitempty" azure:"ro"` }
AccountEntityProperties - Account entity property bag.
func (AccountEntityProperties) MarshalJSON ¶ added in v0.2.0
func (a AccountEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AccountEntityProperties.
type ActionPropertiesBase ¶
type ActionPropertiesBase struct { // REQUIRED; Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` }
ActionPropertiesBase - Action property bag base.
type ActionRequest ¶
type ActionRequest struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Action properties for put request Properties *ActionRequestProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ActionRequest - Action for alert rule.
type ActionRequestProperties ¶
type ActionRequestProperties struct { // REQUIRED; Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` // REQUIRED; Logic App Callback URL for this specific workflow. TriggerURI *string `json:"triggerUri,omitempty"` }
ActionRequestProperties - Action property bag.
type ActionResponse ¶
type ActionResponse struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Action properties for get request Properties *ActionResponseProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ActionResponse - Action for alert rule.
type ActionResponseProperties ¶
type ActionResponseProperties struct { // REQUIRED; Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` // The name of the logic app's workflow. WorkflowID *string `json:"workflowId,omitempty"` }
ActionResponseProperties - Action property bag.
type ActionsClient ¶
type ActionsClient struct {
// contains filtered or unexported fields
}
ActionsClient contains the methods for the Actions group. Don't use this type directly, use NewActionsClient() instead.
func NewActionsClient ¶
func NewActionsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *ActionsClient
NewActionsClient creates a new instance of ActionsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*ActionsClient) CreateOrUpdate ¶
func (client *ActionsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest, options *ActionsClientCreateOrUpdateOptions) (ActionsClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates the action of alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID actionID - Action ID action - The action options - ActionsClientCreateOrUpdateOptions contains the optional parameters for the ActionsClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/CreateActionOfAlertRule.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewActionsClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<rule-id>", "<action-id>", armsecurityinsight.ActionRequest{ Etag: to.StringPtr("<etag>"), Properties: &armsecurityinsight.ActionRequestProperties{ LogicAppResourceID: to.StringPtr("<logic-app-resource-id>"), TriggerURI: to.StringPtr("<trigger-uri>"), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.ActionsClientCreateOrUpdateResult) }
Output:
func (*ActionsClient) Delete ¶
func (client *ActionsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, options *ActionsClientDeleteOptions) (ActionsClientDeleteResponse, error)
Delete - Delete the action of alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID actionID - Action ID options - ActionsClientDeleteOptions contains the optional parameters for the ActionsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/DeleteActionOfAlertRule.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewActionsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<rule-id>", "<action-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*ActionsClient) Get ¶
func (client *ActionsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, options *ActionsClientGetOptions) (ActionsClientGetResponse, error)
Get - Gets the action of alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID actionID - Action ID options - ActionsClientGetOptions contains the optional parameters for the ActionsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/GetActionOfAlertRuleById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewActionsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<rule-id>", "<action-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.ActionsClientGetResult) }
Output:
func (*ActionsClient) ListByAlertRule ¶
func (client *ActionsClient) ListByAlertRule(resourceGroupName string, workspaceName string, ruleID string, options *ActionsClientListByAlertRuleOptions) *ActionsClientListByAlertRulePager
ListByAlertRule - Gets all actions of alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID options - ActionsClientListByAlertRuleOptions contains the optional parameters for the ActionsClient.ListByAlertRule method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/GetAllActionsByAlertRule.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewActionsClient("<subscription-id>", cred, nil) pager := client.ListByAlertRule("<resource-group-name>", "<workspace-name>", "<rule-id>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type ActionsClientCreateOrUpdateOptions ¶ added in v0.2.0
type ActionsClientCreateOrUpdateOptions struct { }
ActionsClientCreateOrUpdateOptions contains the optional parameters for the ActionsClient.CreateOrUpdate method.
type ActionsClientCreateOrUpdateResponse ¶ added in v0.2.0
type ActionsClientCreateOrUpdateResponse struct { ActionsClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ActionsClientCreateOrUpdateResponse contains the response from method ActionsClient.CreateOrUpdate.
type ActionsClientCreateOrUpdateResult ¶ added in v0.2.0
type ActionsClientCreateOrUpdateResult struct {
ActionResponse
}
ActionsClientCreateOrUpdateResult contains the result from method ActionsClient.CreateOrUpdate.
type ActionsClientDeleteOptions ¶ added in v0.2.0
type ActionsClientDeleteOptions struct { }
ActionsClientDeleteOptions contains the optional parameters for the ActionsClient.Delete method.
type ActionsClientDeleteResponse ¶ added in v0.2.0
type ActionsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ActionsClientDeleteResponse contains the response from method ActionsClient.Delete.
type ActionsClientGetOptions ¶ added in v0.2.0
type ActionsClientGetOptions struct { }
ActionsClientGetOptions contains the optional parameters for the ActionsClient.Get method.
type ActionsClientGetResponse ¶ added in v0.2.0
type ActionsClientGetResponse struct { ActionsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ActionsClientGetResponse contains the response from method ActionsClient.Get.
type ActionsClientGetResult ¶ added in v0.2.0
type ActionsClientGetResult struct {
ActionResponse
}
ActionsClientGetResult contains the result from method ActionsClient.Get.
type ActionsClientListByAlertRuleOptions ¶ added in v0.2.0
type ActionsClientListByAlertRuleOptions struct { }
ActionsClientListByAlertRuleOptions contains the optional parameters for the ActionsClient.ListByAlertRule method.
type ActionsClientListByAlertRulePager ¶ added in v0.2.0
type ActionsClientListByAlertRulePager struct {
// contains filtered or unexported fields
}
ActionsClientListByAlertRulePager provides operations for iterating over paged responses.
func (*ActionsClientListByAlertRulePager) Err ¶ added in v0.2.0
func (p *ActionsClientListByAlertRulePager) Err() error
Err returns the last error encountered while paging.
func (*ActionsClientListByAlertRulePager) NextPage ¶ added in v0.2.0
func (p *ActionsClientListByAlertRulePager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*ActionsClientListByAlertRulePager) PageResponse ¶ added in v0.2.0
func (p *ActionsClientListByAlertRulePager) PageResponse() ActionsClientListByAlertRuleResponse
PageResponse returns the current ActionsClientListByAlertRuleResponse page.
type ActionsClientListByAlertRuleResponse ¶ added in v0.2.0
type ActionsClientListByAlertRuleResponse struct { ActionsClientListByAlertRuleResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ActionsClientListByAlertRuleResponse contains the response from method ActionsClient.ListByAlertRule.
type ActionsClientListByAlertRuleResult ¶ added in v0.2.0
type ActionsClientListByAlertRuleResult struct {
ActionsList
}
ActionsClientListByAlertRuleResult contains the result from method ActionsClient.ListByAlertRule.
type ActionsList ¶
type ActionsList struct { // REQUIRED; Array of actions. Value []*ActionResponse `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of actions. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
ActionsList - List all the actions.
func (ActionsList) MarshalJSON ¶
func (a ActionsList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ActionsList.
type ActivityCustomEntityQuery ¶ added in v0.2.0
type ActivityCustomEntityQuery struct { // REQUIRED; the entity query kind Kind *CustomEntityQueryKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Activity entity query properties Properties *ActivityEntityQueriesProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ActivityCustomEntityQuery - Represents Activity entity query.
func (*ActivityCustomEntityQuery) GetCustomEntityQuery ¶ added in v0.2.0
func (a *ActivityCustomEntityQuery) GetCustomEntityQuery() *CustomEntityQuery
GetCustomEntityQuery implements the CustomEntityQueryClassification interface for type ActivityCustomEntityQuery.
func (ActivityCustomEntityQuery) MarshalJSON ¶ added in v0.2.0
func (a ActivityCustomEntityQuery) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ActivityCustomEntityQuery.
func (*ActivityCustomEntityQuery) UnmarshalJSON ¶ added in v0.2.0
func (a *ActivityCustomEntityQuery) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ActivityCustomEntityQuery.
type ActivityEntityQueriesProperties ¶ added in v0.2.0
type ActivityEntityQueriesProperties struct { // The entity query content to display in timeline Content *string `json:"content,omitempty"` // The entity query description Description *string `json:"description,omitempty"` // Determines whether this activity is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // The query applied only to entities matching to all filters EntitiesFilter map[string][]*string `json:"entitiesFilter,omitempty"` // The type of the query's source entity InputEntityType *EntityType `json:"inputEntityType,omitempty"` // The Activity query definitions QueryDefinitions *ActivityEntityQueriesPropertiesQueryDefinitions `json:"queryDefinitions,omitempty"` // List of the fields of the source entity that are required to run the query RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"` // The template id this activity was created from TemplateName *string `json:"templateName,omitempty"` // The entity query title Title *string `json:"title,omitempty"` // READ-ONLY; The time the activity was created CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"` // READ-ONLY; The last time the activity was updated LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"` }
ActivityEntityQueriesProperties - Describes activity entity query properties
func (ActivityEntityQueriesProperties) MarshalJSON ¶ added in v0.2.0
func (a ActivityEntityQueriesProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueriesProperties.
func (*ActivityEntityQueriesProperties) UnmarshalJSON ¶ added in v0.2.0
func (a *ActivityEntityQueriesProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueriesProperties.
type ActivityEntityQueriesPropertiesQueryDefinitions ¶ added in v0.2.0
type ActivityEntityQueriesPropertiesQueryDefinitions struct { // The Activity query to run on a given entity Query *string `json:"query,omitempty"` }
ActivityEntityQueriesPropertiesQueryDefinitions - The Activity query definitions
type ActivityEntityQuery ¶ added in v0.2.0
type ActivityEntityQuery struct { // REQUIRED; the entity query kind Kind *EntityQueryKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Activity entity query properties Properties *ActivityEntityQueriesProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ActivityEntityQuery - Represents Activity entity query.
func (*ActivityEntityQuery) GetEntityQuery ¶ added in v0.2.0
func (a *ActivityEntityQuery) GetEntityQuery() *EntityQuery
GetEntityQuery implements the EntityQueryClassification interface for type ActivityEntityQuery.
func (ActivityEntityQuery) MarshalJSON ¶ added in v0.2.0
func (a ActivityEntityQuery) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ActivityEntityQuery.
func (*ActivityEntityQuery) UnmarshalJSON ¶ added in v0.2.0
func (a *ActivityEntityQuery) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQuery.
type ActivityEntityQueryTemplate ¶ added in v0.2.0
type ActivityEntityQueryTemplate struct { // REQUIRED; the entity query template kind Kind *EntityQueryTemplateKind `json:"kind,omitempty"` // Activity entity query properties Properties *ActivityEntityQueryTemplateProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ActivityEntityQueryTemplate - Represents Activity entity query.
func (*ActivityEntityQueryTemplate) GetEntityQueryTemplate ¶ added in v0.2.0
func (a *ActivityEntityQueryTemplate) GetEntityQueryTemplate() *EntityQueryTemplate
GetEntityQueryTemplate implements the EntityQueryTemplateClassification interface for type ActivityEntityQueryTemplate.
func (ActivityEntityQueryTemplate) MarshalJSON ¶ added in v0.2.0
func (a ActivityEntityQueryTemplate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplate.
func (*ActivityEntityQueryTemplate) UnmarshalJSON ¶ added in v0.2.0
func (a *ActivityEntityQueryTemplate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueryTemplate.
type ActivityEntityQueryTemplateProperties ¶ added in v0.2.0
type ActivityEntityQueryTemplateProperties struct { // The entity query content to display in timeline Content *string `json:"content,omitempty"` // List of required data types for the given entity query template DataTypes []*DataTypeDefinitions `json:"dataTypes,omitempty"` // The entity query description Description *string `json:"description,omitempty"` // The query applied only to entities matching to all filters EntitiesFilter map[string][]*string `json:"entitiesFilter,omitempty"` // The type of the query's source entity InputEntityType *EntityType `json:"inputEntityType,omitempty"` // The Activity query definitions QueryDefinitions *ActivityEntityQueryTemplatePropertiesQueryDefinitions `json:"queryDefinitions,omitempty"` // List of the fields of the source entity that are required to run the query RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"` // The entity query title Title *string `json:"title,omitempty"` }
ActivityEntityQueryTemplateProperties - Describes activity entity query properties
func (ActivityEntityQueryTemplateProperties) MarshalJSON ¶ added in v0.2.0
func (a ActivityEntityQueryTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplateProperties.
type ActivityEntityQueryTemplatePropertiesQueryDefinitions ¶ added in v0.2.0
type ActivityEntityQueryTemplatePropertiesQueryDefinitions struct { // The Activity query to run on a given entity Query *string `json:"query,omitempty"` // The dimensions we want to summarize the timeline results on, this is comma separated list SummarizeBy *string `json:"summarizeBy,omitempty"` }
ActivityEntityQueryTemplatePropertiesQueryDefinitions - The Activity query definitions
type ActivityTimelineItem ¶ added in v0.2.0
type ActivityTimelineItem struct { // REQUIRED; The grouping bucket end time. BucketEndTimeUTC *time.Time `json:"bucketEndTimeUTC,omitempty"` // REQUIRED; The grouping bucket start time. BucketStartTimeUTC *time.Time `json:"bucketStartTimeUTC,omitempty"` // REQUIRED; The activity timeline content. Content *string `json:"content,omitempty"` // REQUIRED; The time of the first activity in the grouping bucket. FirstActivityTimeUTC *time.Time `json:"firstActivityTimeUTC,omitempty"` // REQUIRED; The entity query kind type. Kind *EntityTimelineKind `json:"kind,omitempty"` // REQUIRED; The time of the last activity in the grouping bucket. LastActivityTimeUTC *time.Time `json:"lastActivityTimeUTC,omitempty"` // REQUIRED; The activity query id. QueryID *string `json:"queryId,omitempty"` // REQUIRED; The activity timeline title. Title *string `json:"title,omitempty"` }
ActivityTimelineItem - Represents Activity timeline item.
func (*ActivityTimelineItem) GetEntityTimelineItem ¶ added in v0.2.0
func (a *ActivityTimelineItem) GetEntityTimelineItem() *EntityTimelineItem
GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type ActivityTimelineItem.
func (ActivityTimelineItem) MarshalJSON ¶ added in v0.2.0
func (a ActivityTimelineItem) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ActivityTimelineItem.
func (*ActivityTimelineItem) UnmarshalJSON ¶ added in v0.2.0
func (a *ActivityTimelineItem) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ActivityTimelineItem.
type AlertDetail ¶ added in v0.2.0
type AlertDetail string
AlertDetail - Alert detail
const ( // AlertDetailDisplayName - Alert display name AlertDetailDisplayName AlertDetail = "DisplayName" // AlertDetailSeverity - Alert severity AlertDetailSeverity AlertDetail = "Severity" )
func PossibleAlertDetailValues ¶ added in v0.2.0
func PossibleAlertDetailValues() []AlertDetail
PossibleAlertDetailValues returns the possible values for the AlertDetail const type.
func (AlertDetail) ToPtr ¶ added in v0.2.0
func (c AlertDetail) ToPtr() *AlertDetail
ToPtr returns a *AlertDetail pointing to the current value.
type AlertDetailsOverride ¶ added in v0.2.0
type AlertDetailsOverride struct { // the format containing columns name(s) to override the alert description AlertDescriptionFormat *string `json:"alertDescriptionFormat,omitempty"` // the format containing columns name(s) to override the alert name AlertDisplayNameFormat *string `json:"alertDisplayNameFormat,omitempty"` // the column name to take the alert severity from AlertSeverityColumnName *string `json:"alertSeverityColumnName,omitempty"` // the column name to take the alert tactics from AlertTacticsColumnName *string `json:"alertTacticsColumnName,omitempty"` }
AlertDetailsOverride - Settings for how to dynamically override alert static details
type AlertRule ¶
type AlertRule struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
AlertRule - Alert rule.
func (*AlertRule) GetAlertRule ¶
GetAlertRule implements the AlertRuleClassification interface for type AlertRule.
type AlertRuleClassification ¶
type AlertRuleClassification interface { // GetAlertRule returns the AlertRule content of the underlying type. GetAlertRule() *AlertRule }
AlertRuleClassification provides polymorphic access to related types. Call the interface's GetAlertRule() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AlertRule, *FusionAlertRule, *MLBehaviorAnalyticsAlertRule, *MicrosoftSecurityIncidentCreationAlertRule, *NrtAlertRule, - *ScheduledAlertRule, *ThreatIntelligenceAlertRule
type AlertRuleKind ¶
type AlertRuleKind string
AlertRuleKind - The kind of the alert rule
const ( AlertRuleKindFusion AlertRuleKind = "Fusion" AlertRuleKindMLBehaviorAnalytics AlertRuleKind = "MLBehaviorAnalytics" AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" AlertRuleKindNRT AlertRuleKind = "NRT" AlertRuleKindScheduled AlertRuleKind = "Scheduled" AlertRuleKindThreatIntelligence AlertRuleKind = "ThreatIntelligence" )
func PossibleAlertRuleKindValues ¶
func PossibleAlertRuleKindValues() []AlertRuleKind
PossibleAlertRuleKindValues returns the possible values for the AlertRuleKind const type.
func (AlertRuleKind) ToPtr ¶
func (c AlertRuleKind) ToPtr() *AlertRuleKind
ToPtr returns a *AlertRuleKind pointing to the current value.
type AlertRuleTemplate ¶
type AlertRuleTemplate struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
AlertRuleTemplate - Alert rule template.
func (*AlertRuleTemplate) GetAlertRuleTemplate ¶
func (a *AlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate
GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type AlertRuleTemplate.
type AlertRuleTemplateClassification ¶
type AlertRuleTemplateClassification interface { // GetAlertRuleTemplate returns the AlertRuleTemplate content of the underlying type. GetAlertRuleTemplate() *AlertRuleTemplate }
AlertRuleTemplateClassification provides polymorphic access to related types. Call the interface's GetAlertRuleTemplate() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AlertRuleTemplate, *FusionAlertRuleTemplate, *MLBehaviorAnalyticsAlertRuleTemplate, *MicrosoftSecurityIncidentCreationAlertRuleTemplate, - *NrtAlertRuleTemplate, *ScheduledAlertRuleTemplate, *ThreatIntelligenceAlertRuleTemplate
type AlertRuleTemplateDataSource ¶
type AlertRuleTemplateDataSource struct { // The connector id that provides the following data types ConnectorID *string `json:"connectorId,omitempty"` // The data types used by the alert rule template DataTypes []*string `json:"dataTypes,omitempty"` }
AlertRuleTemplateDataSource - alert rule template data sources
func (AlertRuleTemplateDataSource) MarshalJSON ¶
func (a AlertRuleTemplateDataSource) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplateDataSource.
type AlertRuleTemplatePropertiesBase ¶ added in v0.2.0
type AlertRuleTemplatePropertiesBase struct { // the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // The description of the alert rule template. Description *string `json:"description,omitempty"` // The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // The required data sources for this template RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // The alert rule template status. Status *TemplateStatus `json:"status,omitempty"` // READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` // READ-ONLY; The last time that this alert rule template has been updated. LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` }
AlertRuleTemplatePropertiesBase - Base alert rule template property bag.
func (AlertRuleTemplatePropertiesBase) MarshalJSON ¶ added in v0.2.0
func (a AlertRuleTemplatePropertiesBase) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplatePropertiesBase.
func (*AlertRuleTemplatePropertiesBase) UnmarshalJSON ¶ added in v0.2.0
func (a *AlertRuleTemplatePropertiesBase) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatePropertiesBase.
type AlertRuleTemplatesClient ¶
type AlertRuleTemplatesClient struct {
// contains filtered or unexported fields
}
AlertRuleTemplatesClient contains the methods for the AlertRuleTemplates group. Don't use this type directly, use NewAlertRuleTemplatesClient() instead.
func NewAlertRuleTemplatesClient ¶
func NewAlertRuleTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *AlertRuleTemplatesClient
NewAlertRuleTemplatesClient creates a new instance of AlertRuleTemplatesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*AlertRuleTemplatesClient) Get ¶
func (client *AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string, options *AlertRuleTemplatesClientGetOptions) (AlertRuleTemplatesClientGetResponse, error)
Get - Gets the alert rule template. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. alertRuleTemplateID - Alert rule template ID options - AlertRuleTemplatesClientGetOptions contains the optional parameters for the AlertRuleTemplatesClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewAlertRuleTemplatesClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<alert-rule-template-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.AlertRuleTemplatesClientGetResult) }
Output:
func (*AlertRuleTemplatesClient) List ¶
func (client *AlertRuleTemplatesClient) List(resourceGroupName string, workspaceName string, options *AlertRuleTemplatesClientListOptions) *AlertRuleTemplatesClientListPager
List - Gets all alert rule templates. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - AlertRuleTemplatesClientListOptions contains the optional parameters for the AlertRuleTemplatesClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewAlertRuleTemplatesClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type AlertRuleTemplatesClientGetOptions ¶ added in v0.2.0
type AlertRuleTemplatesClientGetOptions struct { }
AlertRuleTemplatesClientGetOptions contains the optional parameters for the AlertRuleTemplatesClient.Get method.
type AlertRuleTemplatesClientGetResponse ¶ added in v0.2.0
type AlertRuleTemplatesClientGetResponse struct { AlertRuleTemplatesClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
AlertRuleTemplatesClientGetResponse contains the response from method AlertRuleTemplatesClient.Get.
type AlertRuleTemplatesClientGetResult ¶ added in v0.2.0
type AlertRuleTemplatesClientGetResult struct {
AlertRuleTemplateClassification
}
AlertRuleTemplatesClientGetResult contains the result from method AlertRuleTemplatesClient.Get.
func (*AlertRuleTemplatesClientGetResult) UnmarshalJSON ¶ added in v0.2.0
func (a *AlertRuleTemplatesClientGetResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesClientGetResult.
type AlertRuleTemplatesClientListOptions ¶ added in v0.2.0
type AlertRuleTemplatesClientListOptions struct { }
AlertRuleTemplatesClientListOptions contains the optional parameters for the AlertRuleTemplatesClient.List method.
type AlertRuleTemplatesClientListPager ¶ added in v0.2.0
type AlertRuleTemplatesClientListPager struct {
// contains filtered or unexported fields
}
AlertRuleTemplatesClientListPager provides operations for iterating over paged responses.
func (*AlertRuleTemplatesClientListPager) Err ¶ added in v0.2.0
func (p *AlertRuleTemplatesClientListPager) Err() error
Err returns the last error encountered while paging.
func (*AlertRuleTemplatesClientListPager) NextPage ¶ added in v0.2.0
func (p *AlertRuleTemplatesClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*AlertRuleTemplatesClientListPager) PageResponse ¶ added in v0.2.0
func (p *AlertRuleTemplatesClientListPager) PageResponse() AlertRuleTemplatesClientListResponse
PageResponse returns the current AlertRuleTemplatesClientListResponse page.
type AlertRuleTemplatesClientListResponse ¶ added in v0.2.0
type AlertRuleTemplatesClientListResponse struct { AlertRuleTemplatesClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
AlertRuleTemplatesClientListResponse contains the response from method AlertRuleTemplatesClient.List.
type AlertRuleTemplatesClientListResult ¶ added in v0.2.0
type AlertRuleTemplatesClientListResult struct {
AlertRuleTemplatesList
}
AlertRuleTemplatesClientListResult contains the result from method AlertRuleTemplatesClient.List.
type AlertRuleTemplatesList ¶
type AlertRuleTemplatesList struct { // REQUIRED; Array of alert rule templates. Value []AlertRuleTemplateClassification `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of alert rule templates. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
AlertRuleTemplatesList - List all the alert rule templates.
func (AlertRuleTemplatesList) MarshalJSON ¶
func (a AlertRuleTemplatesList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplatesList.
func (*AlertRuleTemplatesList) UnmarshalJSON ¶
func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesList.
type AlertRulesClient ¶
type AlertRulesClient struct {
// contains filtered or unexported fields
}
AlertRulesClient contains the methods for the AlertRules group. Don't use this type directly, use NewAlertRulesClient() instead.
func NewAlertRulesClient ¶
func NewAlertRulesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *AlertRulesClient
NewAlertRulesClient creates a new instance of AlertRulesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*AlertRulesClient) CreateOrUpdate ¶
func (client *AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule AlertRuleClassification, options *AlertRulesClientCreateOrUpdateOptions) (AlertRulesClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates the alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID alertRule - The alert rule options - AlertRulesClientCreateOrUpdateOptions contains the optional parameters for the AlertRulesClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/CreateFusionAlertRule.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewAlertRulesClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<rule-id>", &armsecurityinsight.FusionAlertRule{ Etag: to.StringPtr("<etag>"), Kind: armsecurityinsight.AlertRuleKind("Fusion").ToPtr(), Properties: &armsecurityinsight.FusionAlertRuleProperties{ AlertRuleTemplateName: to.StringPtr("<alert-rule-template-name>"), Enabled: to.BoolPtr(true), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.AlertRulesClientCreateOrUpdateResult) }
Output:
func (*AlertRulesClient) Delete ¶
func (client *AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, options *AlertRulesClientDeleteOptions) (AlertRulesClientDeleteResponse, error)
Delete - Delete the alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID options - AlertRulesClientDeleteOptions contains the optional parameters for the AlertRulesClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/DeleteAlertRule.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewAlertRulesClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<rule-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*AlertRulesClient) Get ¶
func (client *AlertRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, options *AlertRulesClientGetOptions) (AlertRulesClientGetResponse, error)
Get - Gets the alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID options - AlertRulesClientGetOptions contains the optional parameters for the AlertRulesClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/GetFusionAlertRule.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewAlertRulesClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<rule-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.AlertRulesClientGetResult) }
Output:
func (*AlertRulesClient) List ¶
func (client *AlertRulesClient) List(resourceGroupName string, workspaceName string, options *AlertRulesClientListOptions) *AlertRulesClientListPager
List - Gets all alert rules. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - AlertRulesClientListOptions contains the optional parameters for the AlertRulesClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/GetAllAlertRules.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewAlertRulesClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type AlertRulesClientCreateOrUpdateOptions ¶ added in v0.2.0
type AlertRulesClientCreateOrUpdateOptions struct { }
AlertRulesClientCreateOrUpdateOptions contains the optional parameters for the AlertRulesClient.CreateOrUpdate method.
type AlertRulesClientCreateOrUpdateResponse ¶ added in v0.2.0
type AlertRulesClientCreateOrUpdateResponse struct { AlertRulesClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
AlertRulesClientCreateOrUpdateResponse contains the response from method AlertRulesClient.CreateOrUpdate.
type AlertRulesClientCreateOrUpdateResult ¶ added in v0.2.0
type AlertRulesClientCreateOrUpdateResult struct {
AlertRuleClassification
}
AlertRulesClientCreateOrUpdateResult contains the result from method AlertRulesClient.CreateOrUpdate.
func (*AlertRulesClientCreateOrUpdateResult) UnmarshalJSON ¶ added in v0.2.0
func (a *AlertRulesClientCreateOrUpdateResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesClientCreateOrUpdateResult.
type AlertRulesClientDeleteOptions ¶ added in v0.2.0
type AlertRulesClientDeleteOptions struct { }
AlertRulesClientDeleteOptions contains the optional parameters for the AlertRulesClient.Delete method.
type AlertRulesClientDeleteResponse ¶ added in v0.2.0
type AlertRulesClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
AlertRulesClientDeleteResponse contains the response from method AlertRulesClient.Delete.
type AlertRulesClientGetOptions ¶ added in v0.2.0
type AlertRulesClientGetOptions struct { }
AlertRulesClientGetOptions contains the optional parameters for the AlertRulesClient.Get method.
type AlertRulesClientGetResponse ¶ added in v0.2.0
type AlertRulesClientGetResponse struct { AlertRulesClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
AlertRulesClientGetResponse contains the response from method AlertRulesClient.Get.
type AlertRulesClientGetResult ¶ added in v0.2.0
type AlertRulesClientGetResult struct {
AlertRuleClassification
}
AlertRulesClientGetResult contains the result from method AlertRulesClient.Get.
func (*AlertRulesClientGetResult) UnmarshalJSON ¶ added in v0.2.0
func (a *AlertRulesClientGetResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesClientGetResult.
type AlertRulesClientListOptions ¶ added in v0.2.0
type AlertRulesClientListOptions struct { }
AlertRulesClientListOptions contains the optional parameters for the AlertRulesClient.List method.
type AlertRulesClientListPager ¶ added in v0.2.0
type AlertRulesClientListPager struct {
// contains filtered or unexported fields
}
AlertRulesClientListPager provides operations for iterating over paged responses.
func (*AlertRulesClientListPager) Err ¶ added in v0.2.0
func (p *AlertRulesClientListPager) Err() error
Err returns the last error encountered while paging.
func (*AlertRulesClientListPager) NextPage ¶ added in v0.2.0
func (p *AlertRulesClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*AlertRulesClientListPager) PageResponse ¶ added in v0.2.0
func (p *AlertRulesClientListPager) PageResponse() AlertRulesClientListResponse
PageResponse returns the current AlertRulesClientListResponse page.
type AlertRulesClientListResponse ¶ added in v0.2.0
type AlertRulesClientListResponse struct { AlertRulesClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
AlertRulesClientListResponse contains the response from method AlertRulesClient.List.
type AlertRulesClientListResult ¶ added in v0.2.0
type AlertRulesClientListResult struct {
AlertRulesList
}
AlertRulesClientListResult contains the result from method AlertRulesClient.List.
type AlertRulesList ¶
type AlertRulesList struct { // REQUIRED; Array of alert rules. Value []AlertRuleClassification `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of alert rules. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
AlertRulesList - List all the alert rules.
func (AlertRulesList) MarshalJSON ¶
func (a AlertRulesList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AlertRulesList.
func (*AlertRulesList) UnmarshalJSON ¶
func (a *AlertRulesList) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesList.
type AlertSeverity ¶
type AlertSeverity string
AlertSeverity - The severity of the alert
const ( // AlertSeverityHigh - High severity AlertSeverityHigh AlertSeverity = "High" // AlertSeverityInformational - Informational severity AlertSeverityInformational AlertSeverity = "Informational" // AlertSeverityLow - Low severity AlertSeverityLow AlertSeverity = "Low" // AlertSeverityMedium - Medium severity AlertSeverityMedium AlertSeverity = "Medium" )
func PossibleAlertSeverityValues ¶
func PossibleAlertSeverityValues() []AlertSeverity
PossibleAlertSeverityValues returns the possible values for the AlertSeverity const type.
func (AlertSeverity) ToPtr ¶
func (c AlertSeverity) ToPtr() *AlertSeverity
ToPtr returns a *AlertSeverity pointing to the current value.
type AlertStatus ¶ added in v0.2.0
type AlertStatus string
AlertStatus - The lifecycle status of the alert.
const ( // AlertStatusDismissed - Alert dismissed as false positive AlertStatusDismissed AlertStatus = "Dismissed" // AlertStatusInProgress - Alert is being handled AlertStatusInProgress AlertStatus = "InProgress" // AlertStatusNew - New alert AlertStatusNew AlertStatus = "New" // AlertStatusResolved - Alert closed after handling AlertStatusResolved AlertStatus = "Resolved" // AlertStatusUnknown - Unknown value AlertStatusUnknown AlertStatus = "Unknown" )
func PossibleAlertStatusValues ¶ added in v0.2.0
func PossibleAlertStatusValues() []AlertStatus
PossibleAlertStatusValues returns the possible values for the AlertStatus const type.
func (AlertStatus) ToPtr ¶ added in v0.2.0
func (c AlertStatus) ToPtr() *AlertStatus
ToPtr returns a *AlertStatus pointing to the current value.
type AlertsDataTypeOfDataConnector ¶
type AlertsDataTypeOfDataConnector struct { // REQUIRED; Alerts data type connection. Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"` }
AlertsDataTypeOfDataConnector - Alerts data type for data connectors.
type Anomalies ¶ added in v0.2.0
type Anomalies struct { // REQUIRED; The kind of the setting Kind *SettingKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Anomalies properties Properties *AnomaliesSettingsProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
Anomalies - Settings with single toggle.
func (*Anomalies) GetSettings ¶ added in v0.2.0
GetSettings implements the SettingsClassification interface for type Anomalies.
func (Anomalies) MarshalJSON ¶ added in v0.2.0
MarshalJSON implements the json.Marshaller interface for type Anomalies.
func (*Anomalies) UnmarshalJSON ¶ added in v0.2.0
UnmarshalJSON implements the json.Unmarshaller interface for type Anomalies.
type AnomaliesSettingsProperties ¶ added in v0.2.0
type AnomaliesSettingsProperties struct { // READ-ONLY; Determines whether the setting is enable or disabled. IsEnabled *bool `json:"isEnabled,omitempty" azure:"ro"` }
AnomaliesSettingsProperties - Anomalies property bag.
type AntispamMailDirection ¶ added in v0.2.0
type AntispamMailDirection string
AntispamMailDirection - The directionality of this mail message
const ( // AntispamMailDirectionInbound - Inbound AntispamMailDirectionInbound AntispamMailDirection = "Inbound" // AntispamMailDirectionIntraorg - Intraorg AntispamMailDirectionIntraorg AntispamMailDirection = "Intraorg" // AntispamMailDirectionOutbound - Outbound AntispamMailDirectionOutbound AntispamMailDirection = "Outbound" // AntispamMailDirectionUnknown - Unknown AntispamMailDirectionUnknown AntispamMailDirection = "Unknown" )
func PossibleAntispamMailDirectionValues ¶ added in v0.2.0
func PossibleAntispamMailDirectionValues() []AntispamMailDirection
PossibleAntispamMailDirectionValues returns the possible values for the AntispamMailDirection const type.
func (AntispamMailDirection) ToPtr ¶ added in v0.2.0
func (c AntispamMailDirection) ToPtr() *AntispamMailDirection
ToPtr returns a *AntispamMailDirection pointing to the current value.
type AttackTactic ¶
type AttackTactic string
AttackTactic - The severity for alerts created by this alert rule.
const ( AttackTacticCollection AttackTactic = "Collection" AttackTacticCommandAndControl AttackTactic = "CommandAndControl" AttackTacticCredentialAccess AttackTactic = "CredentialAccess" AttackTacticDefenseEvasion AttackTactic = "DefenseEvasion" AttackTacticDiscovery AttackTactic = "Discovery" AttackTacticExecution AttackTactic = "Execution" AttackTacticExfiltration AttackTactic = "Exfiltration" AttackTacticImpact AttackTactic = "Impact" AttackTacticInitialAccess AttackTactic = "InitialAccess" AttackTacticLateralMovement AttackTactic = "LateralMovement" AttackTacticPersistence AttackTactic = "Persistence" AttackTacticPreAttack AttackTactic = "PreAttack" AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation" )
func PossibleAttackTacticValues ¶
func PossibleAttackTacticValues() []AttackTactic
PossibleAttackTacticValues returns the possible values for the AttackTactic const type.
func (AttackTactic) ToPtr ¶
func (c AttackTactic) ToPtr() *AttackTactic
ToPtr returns a *AttackTactic pointing to the current value.
type AutomationRule ¶ added in v0.2.0
type AutomationRule struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Automation rule properties Properties *AutomationRuleProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
AutomationRule - Represents an automation rule.
type AutomationRuleAction ¶ added in v0.2.0
type AutomationRuleAction struct { // REQUIRED; The type of the automation rule action ActionType *AutomationRuleActionType `json:"actionType,omitempty"` // REQUIRED; The order of execution of the automation rule action Order *int32 `json:"order,omitempty"` }
AutomationRuleAction - Describes an automation rule action
func (*AutomationRuleAction) GetAutomationRuleAction ¶ added in v0.2.0
func (a *AutomationRuleAction) GetAutomationRuleAction() *AutomationRuleAction
GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleAction.
type AutomationRuleActionClassification ¶ added in v0.2.0
type AutomationRuleActionClassification interface { // GetAutomationRuleAction returns the AutomationRuleAction content of the underlying type. GetAutomationRuleAction() *AutomationRuleAction }
AutomationRuleActionClassification provides polymorphic access to related types. Call the interface's GetAutomationRuleAction() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AutomationRuleAction, *AutomationRuleModifyPropertiesAction, *AutomationRuleRunPlaybookAction
type AutomationRuleActionType ¶ added in v0.2.0
type AutomationRuleActionType string
AutomationRuleActionType - The type of the automation rule action
const ( // AutomationRuleActionTypeModifyProperties - Modify an object's properties AutomationRuleActionTypeModifyProperties AutomationRuleActionType = "ModifyProperties" // AutomationRuleActionTypeRunPlaybook - Run a playbook on an object AutomationRuleActionTypeRunPlaybook AutomationRuleActionType = "RunPlaybook" )
func PossibleAutomationRuleActionTypeValues ¶ added in v0.2.0
func PossibleAutomationRuleActionTypeValues() []AutomationRuleActionType
PossibleAutomationRuleActionTypeValues returns the possible values for the AutomationRuleActionType const type.
func (AutomationRuleActionType) ToPtr ¶ added in v0.2.0
func (c AutomationRuleActionType) ToPtr() *AutomationRuleActionType
ToPtr returns a *AutomationRuleActionType pointing to the current value.
type AutomationRuleCondition ¶ added in v0.2.0
type AutomationRuleCondition struct { // REQUIRED; The type of the automation rule condition ConditionType *AutomationRuleConditionType `json:"conditionType,omitempty"` }
AutomationRuleCondition - Describes an automation rule condition
func (*AutomationRuleCondition) GetAutomationRuleCondition ¶ added in v0.2.0
func (a *AutomationRuleCondition) GetAutomationRuleCondition() *AutomationRuleCondition
GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type AutomationRuleCondition.
type AutomationRuleConditionClassification ¶ added in v0.2.0
type AutomationRuleConditionClassification interface { // GetAutomationRuleCondition returns the AutomationRuleCondition content of the underlying type. GetAutomationRuleCondition() *AutomationRuleCondition }
AutomationRuleConditionClassification provides polymorphic access to related types. Call the interface's GetAutomationRuleCondition() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AutomationRuleCondition, *AutomationRulePropertyValuesCondition
type AutomationRuleConditionType ¶ added in v0.2.0
type AutomationRuleConditionType string
AutomationRuleConditionType - The type of the automation rule condition
const ( // AutomationRuleConditionTypeProperty - Evaluate an object property value AutomationRuleConditionTypeProperty AutomationRuleConditionType = "Property" )
func PossibleAutomationRuleConditionTypeValues ¶ added in v0.2.0
func PossibleAutomationRuleConditionTypeValues() []AutomationRuleConditionType
PossibleAutomationRuleConditionTypeValues returns the possible values for the AutomationRuleConditionType const type.
func (AutomationRuleConditionType) ToPtr ¶ added in v0.2.0
func (c AutomationRuleConditionType) ToPtr() *AutomationRuleConditionType
ToPtr returns a *AutomationRuleConditionType pointing to the current value.
type AutomationRuleModifyPropertiesAction ¶ added in v0.2.0
type AutomationRuleModifyPropertiesAction struct { // REQUIRED; The configuration of the modify properties automation rule action ActionConfiguration *AutomationRuleModifyPropertiesActionConfiguration `json:"actionConfiguration,omitempty"` // REQUIRED; The type of the automation rule action ActionType *AutomationRuleActionType `json:"actionType,omitempty"` // REQUIRED; The order of execution of the automation rule action Order *int32 `json:"order,omitempty"` }
AutomationRuleModifyPropertiesAction - Describes an automation rule action to modify an object's properties
func (*AutomationRuleModifyPropertiesAction) GetAutomationRuleAction ¶ added in v0.2.0
func (a *AutomationRuleModifyPropertiesAction) GetAutomationRuleAction() *AutomationRuleAction
GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleModifyPropertiesAction.
func (AutomationRuleModifyPropertiesAction) MarshalJSON ¶ added in v0.2.0
func (a AutomationRuleModifyPropertiesAction) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AutomationRuleModifyPropertiesAction.
func (*AutomationRuleModifyPropertiesAction) UnmarshalJSON ¶ added in v0.2.0
func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleModifyPropertiesAction.
type AutomationRuleModifyPropertiesActionConfiguration ¶ added in v0.2.0
type AutomationRuleModifyPropertiesActionConfiguration struct { // The reason the incident was closed Classification *IncidentClassification `json:"classification,omitempty"` // Describes the reason the incident was closed ClassificationComment *string `json:"classificationComment,omitempty"` // The classification reason the incident was closed with ClassificationReason *IncidentClassificationReason `json:"classificationReason,omitempty"` // List of labels to add to the incident Labels []*IncidentLabel `json:"labels,omitempty"` // Describes a user that the incident is assigned to Owner *IncidentOwnerInfo `json:"owner,omitempty"` // The severity of the incident Severity *IncidentSeverity `json:"severity,omitempty"` // The status of the incident Status *IncidentStatus `json:"status,omitempty"` }
AutomationRuleModifyPropertiesActionConfiguration - The configuration of the modify properties automation rule action
func (AutomationRuleModifyPropertiesActionConfiguration) MarshalJSON ¶ added in v0.2.0
func (a AutomationRuleModifyPropertiesActionConfiguration) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AutomationRuleModifyPropertiesActionConfiguration.
type AutomationRuleProperties ¶ added in v0.2.0
type AutomationRuleProperties struct { // REQUIRED; The actions to execute when the automation rule is triggered Actions []AutomationRuleActionClassification `json:"actions,omitempty"` // REQUIRED; The display name of the automation rule DisplayName *string `json:"displayName,omitempty"` // REQUIRED; The order of execution of the automation rule Order *int32 `json:"order,omitempty"` // REQUIRED; The triggering logic of the automation rule TriggeringLogic *AutomationRuleTriggeringLogic `json:"triggeringLogic,omitempty"` // READ-ONLY; Describes the client that created the automation rule CreatedBy *ClientInfo `json:"createdBy,omitempty" azure:"ro"` // READ-ONLY; The time the automation rule was created CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"` // READ-ONLY; Describes the client that last updated the automation rule LastModifiedBy *ClientInfo `json:"lastModifiedBy,omitempty" azure:"ro"` // READ-ONLY; The last time the automation rule was updated LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"` }
AutomationRuleProperties - Describes automation rule properties
func (AutomationRuleProperties) MarshalJSON ¶ added in v0.2.0
func (a AutomationRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AutomationRuleProperties.
func (*AutomationRuleProperties) UnmarshalJSON ¶ added in v0.2.0
func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleProperties.
type AutomationRulePropertyConditionSupportedOperator ¶ added in v0.2.0
type AutomationRulePropertyConditionSupportedOperator string
AutomationRulePropertyConditionSupportedOperator - The operator to use for evaluation the condition
const ( // AutomationRulePropertyConditionSupportedOperatorContains - Evaluates if the property contains at least one of the condition // values AutomationRulePropertyConditionSupportedOperatorContains AutomationRulePropertyConditionSupportedOperator = "Contains" // AutomationRulePropertyConditionSupportedOperatorEndsWith - Evaluates if the property ends with any of the condition values AutomationRulePropertyConditionSupportedOperatorEndsWith AutomationRulePropertyConditionSupportedOperator = "EndsWith" // AutomationRulePropertyConditionSupportedOperatorEquals - Evaluates if the property equals at least one of the condition // values AutomationRulePropertyConditionSupportedOperatorEquals AutomationRulePropertyConditionSupportedOperator = "Equals" // AutomationRulePropertyConditionSupportedOperatorNotContains - Evaluates if the property does not contain any of the condition // values AutomationRulePropertyConditionSupportedOperatorNotContains AutomationRulePropertyConditionSupportedOperator = "NotContains" // AutomationRulePropertyConditionSupportedOperatorNotEndsWith - Evaluates if the property does not end with any of the condition // values AutomationRulePropertyConditionSupportedOperatorNotEndsWith AutomationRulePropertyConditionSupportedOperator = "NotEndsWith" // AutomationRulePropertyConditionSupportedOperatorNotEquals - Evaluates if the property does not equal any of the condition // values AutomationRulePropertyConditionSupportedOperatorNotEquals AutomationRulePropertyConditionSupportedOperator = "NotEquals" // AutomationRulePropertyConditionSupportedOperatorNotStartsWith - Evaluates if the property does not start with any of the // condition values AutomationRulePropertyConditionSupportedOperatorNotStartsWith AutomationRulePropertyConditionSupportedOperator = "NotStartsWith" // AutomationRulePropertyConditionSupportedOperatorStartsWith - Evaluates if the property starts with any of the condition // values AutomationRulePropertyConditionSupportedOperatorStartsWith AutomationRulePropertyConditionSupportedOperator = "StartsWith" )
func PossibleAutomationRulePropertyConditionSupportedOperatorValues ¶ added in v0.2.0
func PossibleAutomationRulePropertyConditionSupportedOperatorValues() []AutomationRulePropertyConditionSupportedOperator
PossibleAutomationRulePropertyConditionSupportedOperatorValues returns the possible values for the AutomationRulePropertyConditionSupportedOperator const type.
func (AutomationRulePropertyConditionSupportedOperator) ToPtr ¶ added in v0.2.0
func (c AutomationRulePropertyConditionSupportedOperator) ToPtr() *AutomationRulePropertyConditionSupportedOperator
ToPtr returns a *AutomationRulePropertyConditionSupportedOperator pointing to the current value.
type AutomationRulePropertyConditionSupportedProperty ¶ added in v0.2.0
type AutomationRulePropertyConditionSupportedProperty string
AutomationRulePropertyConditionSupportedProperty - The property to evaluate in an automation rule property condition
const ( // AutomationRulePropertyConditionSupportedPropertyAccountAADTenantID - The account Azure Active Directory tenant id AutomationRulePropertyConditionSupportedPropertyAccountAADTenantID AutomationRulePropertyConditionSupportedProperty = "AccountAadTenantId" // AutomationRulePropertyConditionSupportedPropertyAccountAADUserID - The account Azure Active Directory user id. AutomationRulePropertyConditionSupportedPropertyAccountAADUserID AutomationRulePropertyConditionSupportedProperty = "AccountAadUserId" // AutomationRulePropertyConditionSupportedPropertyAccountNTDomain - The account NetBIOS domain name AutomationRulePropertyConditionSupportedPropertyAccountNTDomain AutomationRulePropertyConditionSupportedProperty = "AccountNTDomain" // AutomationRulePropertyConditionSupportedPropertyAccountName - The account name AutomationRulePropertyConditionSupportedPropertyAccountName AutomationRulePropertyConditionSupportedProperty = "AccountName" // AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID - The account unique identifier AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID AutomationRulePropertyConditionSupportedProperty = "AccountObjectGuid" // AutomationRulePropertyConditionSupportedPropertyAccountPUID - The account Azure Active Directory Passport User ID AutomationRulePropertyConditionSupportedPropertyAccountPUID AutomationRulePropertyConditionSupportedProperty = "AccountPUID" // AutomationRulePropertyConditionSupportedPropertyAccountSid - The account security identifier AutomationRulePropertyConditionSupportedPropertyAccountSid AutomationRulePropertyConditionSupportedProperty = "AccountSid" // AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix - The account user principal name suffix AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix AutomationRulePropertyConditionSupportedProperty = "AccountUPNSuffix" // AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID - The Azure resource id AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID AutomationRulePropertyConditionSupportedProperty = "AzureResourceResourceId" // AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID - The Azure resource subscription id AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID AutomationRulePropertyConditionSupportedProperty = "AzureResourceSubscriptionId" // AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID - The cloud application identifier AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppId" // AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName - The cloud application name AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppName" // AutomationRulePropertyConditionSupportedPropertyDNSDomainName - The dns record domain name AutomationRulePropertyConditionSupportedPropertyDNSDomainName AutomationRulePropertyConditionSupportedProperty = "DNSDomainName" // AutomationRulePropertyConditionSupportedPropertyFileDirectory - The file directory full path AutomationRulePropertyConditionSupportedPropertyFileDirectory AutomationRulePropertyConditionSupportedProperty = "FileDirectory" // AutomationRulePropertyConditionSupportedPropertyFileHashValue - The file hash value AutomationRulePropertyConditionSupportedPropertyFileHashValue AutomationRulePropertyConditionSupportedProperty = "FileHashValue" // AutomationRulePropertyConditionSupportedPropertyFileName - The file name without path AutomationRulePropertyConditionSupportedPropertyFileName AutomationRulePropertyConditionSupportedProperty = "FileName" // AutomationRulePropertyConditionSupportedPropertyHostAzureID - The host Azure resource id AutomationRulePropertyConditionSupportedPropertyHostAzureID AutomationRulePropertyConditionSupportedProperty = "HostAzureID" // AutomationRulePropertyConditionSupportedPropertyHostNTDomain - The host NT domain AutomationRulePropertyConditionSupportedPropertyHostNTDomain AutomationRulePropertyConditionSupportedProperty = "HostNTDomain" // AutomationRulePropertyConditionSupportedPropertyHostName - The host name without domain AutomationRulePropertyConditionSupportedPropertyHostName AutomationRulePropertyConditionSupportedProperty = "HostName" // AutomationRulePropertyConditionSupportedPropertyHostNetBiosName - The host NetBIOS name AutomationRulePropertyConditionSupportedPropertyHostNetBiosName AutomationRulePropertyConditionSupportedProperty = "HostNetBiosName" // AutomationRulePropertyConditionSupportedPropertyHostOSVersion - The host operating system AutomationRulePropertyConditionSupportedPropertyHostOSVersion AutomationRulePropertyConditionSupportedProperty = "HostOSVersion" // AutomationRulePropertyConditionSupportedPropertyIPAddress - The IP address AutomationRulePropertyConditionSupportedPropertyIPAddress AutomationRulePropertyConditionSupportedProperty = "IPAddress" // AutomationRulePropertyConditionSupportedPropertyIncidentDescription - The description of the incident AutomationRulePropertyConditionSupportedPropertyIncidentDescription AutomationRulePropertyConditionSupportedProperty = "IncidentDescription" // AutomationRulePropertyConditionSupportedPropertyIncidentProviderName - The provider name of the incident AutomationRulePropertyConditionSupportedPropertyIncidentProviderName AutomationRulePropertyConditionSupportedProperty = "IncidentProviderName" // AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs - The related Analytic rule ids of the incident AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs AutomationRulePropertyConditionSupportedProperty = "IncidentRelatedAnalyticRuleIds" // AutomationRulePropertyConditionSupportedPropertyIncidentSeverity - The severity of the incident AutomationRulePropertyConditionSupportedPropertyIncidentSeverity AutomationRulePropertyConditionSupportedProperty = "IncidentSeverity" // AutomationRulePropertyConditionSupportedPropertyIncidentStatus - The status of the incident AutomationRulePropertyConditionSupportedPropertyIncidentStatus AutomationRulePropertyConditionSupportedProperty = "IncidentStatus" // AutomationRulePropertyConditionSupportedPropertyIncidentTactics - The tactics of the incident AutomationRulePropertyConditionSupportedPropertyIncidentTactics AutomationRulePropertyConditionSupportedProperty = "IncidentTactics" // AutomationRulePropertyConditionSupportedPropertyIncidentTitle - The title of the incident AutomationRulePropertyConditionSupportedPropertyIncidentTitle AutomationRulePropertyConditionSupportedProperty = "IncidentTitle" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceID - The IoT device id AutomationRulePropertyConditionSupportedPropertyIoTDeviceID AutomationRulePropertyConditionSupportedProperty = "IoTDeviceId" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel - The IoT device model AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel AutomationRulePropertyConditionSupportedProperty = "IoTDeviceModel" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceName - The IoT device name AutomationRulePropertyConditionSupportedPropertyIoTDeviceName AutomationRulePropertyConditionSupportedProperty = "IoTDeviceName" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem - The IoT device operating system AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem AutomationRulePropertyConditionSupportedProperty = "IoTDeviceOperatingSystem" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceType - The IoT device type AutomationRulePropertyConditionSupportedPropertyIoTDeviceType AutomationRulePropertyConditionSupportedProperty = "IoTDeviceType" // AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor - The IoT device vendor AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor AutomationRulePropertyConditionSupportedProperty = "IoTDeviceVendor" // AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction - The mail message delivery action AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryAction" // AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation - The mail message delivery location AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryLocation" // AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender - The mail message P1 sender AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP1Sender" // AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender - The mail message P2 sender AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP2Sender" // AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient - The mail message recipient AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient AutomationRulePropertyConditionSupportedProperty = "MailMessageRecipient" // AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP - The mail message sender IP address AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP AutomationRulePropertyConditionSupportedProperty = "MailMessageSenderIP" // AutomationRulePropertyConditionSupportedPropertyMailMessageSubject - The mail message subject AutomationRulePropertyConditionSupportedPropertyMailMessageSubject AutomationRulePropertyConditionSupportedProperty = "MailMessageSubject" // AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName - The mailbox display name AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName AutomationRulePropertyConditionSupportedProperty = "MailboxDisplayName" // AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress - The mailbox primary address AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress AutomationRulePropertyConditionSupportedProperty = "MailboxPrimaryAddress" // AutomationRulePropertyConditionSupportedPropertyMailboxUPN - The mailbox user principal name AutomationRulePropertyConditionSupportedPropertyMailboxUPN AutomationRulePropertyConditionSupportedProperty = "MailboxUPN" // AutomationRulePropertyConditionSupportedPropertyMalwareCategory - The malware category AutomationRulePropertyConditionSupportedPropertyMalwareCategory AutomationRulePropertyConditionSupportedProperty = "MalwareCategory" // AutomationRulePropertyConditionSupportedPropertyMalwareName - The malware name AutomationRulePropertyConditionSupportedPropertyMalwareName AutomationRulePropertyConditionSupportedProperty = "MalwareName" // AutomationRulePropertyConditionSupportedPropertyProcessCommandLine - The process execution command line AutomationRulePropertyConditionSupportedPropertyProcessCommandLine AutomationRulePropertyConditionSupportedProperty = "ProcessCommandLine" // AutomationRulePropertyConditionSupportedPropertyProcessID - The process id AutomationRulePropertyConditionSupportedPropertyProcessID AutomationRulePropertyConditionSupportedProperty = "ProcessId" // AutomationRulePropertyConditionSupportedPropertyRegistryKey - The registry key path AutomationRulePropertyConditionSupportedPropertyRegistryKey AutomationRulePropertyConditionSupportedProperty = "RegistryKey" // AutomationRulePropertyConditionSupportedPropertyRegistryValueData - The registry key value in string formatted representation AutomationRulePropertyConditionSupportedPropertyRegistryValueData AutomationRulePropertyConditionSupportedProperty = "RegistryValueData" // AutomationRulePropertyConditionSupportedPropertyURL - The url AutomationRulePropertyConditionSupportedPropertyURL AutomationRulePropertyConditionSupportedProperty = "Url" )
func PossibleAutomationRulePropertyConditionSupportedPropertyValues ¶ added in v0.2.0
func PossibleAutomationRulePropertyConditionSupportedPropertyValues() []AutomationRulePropertyConditionSupportedProperty
PossibleAutomationRulePropertyConditionSupportedPropertyValues returns the possible values for the AutomationRulePropertyConditionSupportedProperty const type.
func (AutomationRulePropertyConditionSupportedProperty) ToPtr ¶ added in v0.2.0
func (c AutomationRulePropertyConditionSupportedProperty) ToPtr() *AutomationRulePropertyConditionSupportedProperty
ToPtr returns a *AutomationRulePropertyConditionSupportedProperty pointing to the current value.
type AutomationRulePropertyValuesCondition ¶ added in v0.2.0
type AutomationRulePropertyValuesCondition struct { // REQUIRED; The configuration of the automation rule condition ConditionProperties *AutomationRulePropertyValuesConditionProperties `json:"conditionProperties,omitempty"` // REQUIRED; The type of the automation rule condition ConditionType *AutomationRuleConditionType `json:"conditionType,omitempty"` }
AutomationRulePropertyValuesCondition - Describes an automation rule condition that evaluates a property's value
func (*AutomationRulePropertyValuesCondition) GetAutomationRuleCondition ¶ added in v0.2.0
func (a *AutomationRulePropertyValuesCondition) GetAutomationRuleCondition() *AutomationRuleCondition
GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type AutomationRulePropertyValuesCondition.
func (AutomationRulePropertyValuesCondition) MarshalJSON ¶ added in v0.2.0
func (a AutomationRulePropertyValuesCondition) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesCondition.
func (*AutomationRulePropertyValuesCondition) UnmarshalJSON ¶ added in v0.2.0
func (a *AutomationRulePropertyValuesCondition) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyValuesCondition.
type AutomationRulePropertyValuesConditionProperties ¶ added in v0.2.0
type AutomationRulePropertyValuesConditionProperties struct { // The operator to use for evaluation the condition Operator *AutomationRulePropertyConditionSupportedOperator `json:"operator,omitempty"` // The property to evaluate PropertyName *AutomationRulePropertyConditionSupportedProperty `json:"propertyName,omitempty"` // The values to use for evaluating the condition PropertyValues []*string `json:"propertyValues,omitempty"` }
AutomationRulePropertyValuesConditionProperties - The configuration of the automation rule condition
func (AutomationRulePropertyValuesConditionProperties) MarshalJSON ¶ added in v0.2.0
func (a AutomationRulePropertyValuesConditionProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesConditionProperties.
type AutomationRuleRunPlaybookAction ¶ added in v0.2.0
type AutomationRuleRunPlaybookAction struct { // REQUIRED; The configuration of the run playbook automation rule action ActionConfiguration *AutomationRuleRunPlaybookActionConfiguration `json:"actionConfiguration,omitempty"` // REQUIRED; The type of the automation rule action ActionType *AutomationRuleActionType `json:"actionType,omitempty"` // REQUIRED; The order of execution of the automation rule action Order *int32 `json:"order,omitempty"` }
AutomationRuleRunPlaybookAction - Describes an automation rule action to run a playbook
func (*AutomationRuleRunPlaybookAction) GetAutomationRuleAction ¶ added in v0.2.0
func (a *AutomationRuleRunPlaybookAction) GetAutomationRuleAction() *AutomationRuleAction
GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleRunPlaybookAction.
func (AutomationRuleRunPlaybookAction) MarshalJSON ¶ added in v0.2.0
func (a AutomationRuleRunPlaybookAction) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AutomationRuleRunPlaybookAction.
func (*AutomationRuleRunPlaybookAction) UnmarshalJSON ¶ added in v0.2.0
func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleRunPlaybookAction.
type AutomationRuleRunPlaybookActionConfiguration ¶ added in v0.2.0
type AutomationRuleRunPlaybookActionConfiguration struct { // The resource id of the playbook resource LogicAppResourceID *string `json:"logicAppResourceId,omitempty"` // The tenant id of the playbook resource TenantID *string `json:"tenantId,omitempty"` }
AutomationRuleRunPlaybookActionConfiguration - The configuration of the run playbook automation rule action
type AutomationRuleTriggeringLogic ¶ added in v0.2.0
type AutomationRuleTriggeringLogic struct { // REQUIRED; Determines whether the automation rule is enabled or disabled. IsEnabled *bool `json:"isEnabled,omitempty"` // REQUIRED; The type of object the automation rule triggers on TriggersOn *TriggersOn `json:"triggersOn,omitempty"` // REQUIRED; The type of event the automation rule triggers on TriggersWhen *TriggersWhen `json:"triggersWhen,omitempty"` // The conditions to evaluate to determine if the automation rule should be triggered on a given object Conditions []AutomationRuleConditionClassification `json:"conditions,omitempty"` // Determines when the automation rule should automatically expire and be disabled. ExpirationTimeUTC *time.Time `json:"expirationTimeUtc,omitempty"` }
AutomationRuleTriggeringLogic - Describes automation rule triggering logic
func (AutomationRuleTriggeringLogic) MarshalJSON ¶ added in v0.2.0
func (a AutomationRuleTriggeringLogic) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AutomationRuleTriggeringLogic.
func (*AutomationRuleTriggeringLogic) UnmarshalJSON ¶ added in v0.2.0
func (a *AutomationRuleTriggeringLogic) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleTriggeringLogic.
type AutomationRulesClient ¶ added in v0.2.0
type AutomationRulesClient struct {
// contains filtered or unexported fields
}
AutomationRulesClient contains the methods for the AutomationRules group. Don't use this type directly, use NewAutomationRulesClient() instead.
func NewAutomationRulesClient ¶ added in v0.2.0
func NewAutomationRulesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *AutomationRulesClient
NewAutomationRulesClient creates a new instance of AutomationRulesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*AutomationRulesClient) CreateOrUpdate ¶ added in v0.2.0
func (client *AutomationRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, automationRule AutomationRule, options *AutomationRulesClientCreateOrUpdateOptions) (AutomationRulesClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates the automation rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. automationRuleID - Automation rule ID automationRule - The automation rule options - AutomationRulesClientCreateOrUpdateOptions contains the optional parameters for the AutomationRulesClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/CreateAutomationRule.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewAutomationRulesClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<automation-rule-id>", armsecurityinsight.AutomationRule{ Etag: to.StringPtr("<etag>"), Properties: &armsecurityinsight.AutomationRuleProperties{ Actions: []armsecurityinsight.AutomationRuleActionClassification{ &armsecurityinsight.AutomationRuleModifyPropertiesAction{ ActionType: armsecurityinsight.AutomationRuleActionType("ModifyProperties").ToPtr(), Order: to.Int32Ptr(1), ActionConfiguration: &armsecurityinsight.AutomationRuleModifyPropertiesActionConfiguration{ Severity: armsecurityinsight.IncidentSeverity("High").ToPtr(), }, }, &armsecurityinsight.AutomationRuleRunPlaybookAction{ ActionType: armsecurityinsight.AutomationRuleActionType("RunPlaybook").ToPtr(), Order: to.Int32Ptr(2), ActionConfiguration: &armsecurityinsight.AutomationRuleRunPlaybookActionConfiguration{ LogicAppResourceID: to.StringPtr("<logic-app-resource-id>"), TenantID: to.StringPtr("<tenant-id>"), }, }}, DisplayName: to.StringPtr("<display-name>"), Order: to.Int32Ptr(1), TriggeringLogic: &armsecurityinsight.AutomationRuleTriggeringLogic{ Conditions: []armsecurityinsight.AutomationRuleConditionClassification{ &armsecurityinsight.AutomationRulePropertyValuesCondition{ ConditionType: armsecurityinsight.AutomationRuleConditionType("Property").ToPtr(), ConditionProperties: &armsecurityinsight.AutomationRulePropertyValuesConditionProperties{ Operator: armsecurityinsight.AutomationRulePropertyConditionSupportedOperator("Contains").ToPtr(), PropertyName: armsecurityinsight.AutomationRulePropertyConditionSupportedProperty("IncidentRelatedAnalyticRuleIds").ToPtr(), PropertyValues: []*string{ to.StringPtr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"), to.StringPtr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")}, }, }}, IsEnabled: to.BoolPtr(true), TriggersOn: armsecurityinsight.TriggersOn("Incidents").ToPtr(), TriggersWhen: armsecurityinsight.TriggersWhen("Created").ToPtr(), }, }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.AutomationRulesClientCreateOrUpdateResult) }
Output:
func (*AutomationRulesClient) Delete ¶ added in v0.2.0
func (client *AutomationRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, options *AutomationRulesClientDeleteOptions) (AutomationRulesClientDeleteResponse, error)
Delete - Delete the automation rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. automationRuleID - Automation rule ID options - AutomationRulesClientDeleteOptions contains the optional parameters for the AutomationRulesClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/DeleteAutomationRule.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewAutomationRulesClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<automation-rule-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*AutomationRulesClient) Get ¶ added in v0.2.0
func (client *AutomationRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, options *AutomationRulesClientGetOptions) (AutomationRulesClientGetResponse, error)
Get - Gets the automation rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. automationRuleID - Automation rule ID options - AutomationRulesClientGetOptions contains the optional parameters for the AutomationRulesClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/GetAutomationRule.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewAutomationRulesClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<automation-rule-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.AutomationRulesClientGetResult) }
Output:
func (*AutomationRulesClient) List ¶ added in v0.2.0
func (client *AutomationRulesClient) List(resourceGroupName string, workspaceName string, options *AutomationRulesClientListOptions) *AutomationRulesClientListPager
List - Gets all automation rules. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - AutomationRulesClientListOptions contains the optional parameters for the AutomationRulesClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/GetAllAutomationRules.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewAutomationRulesClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type AutomationRulesClientCreateOrUpdateOptions ¶ added in v0.2.0
type AutomationRulesClientCreateOrUpdateOptions struct { }
AutomationRulesClientCreateOrUpdateOptions contains the optional parameters for the AutomationRulesClient.CreateOrUpdate method.
type AutomationRulesClientCreateOrUpdateResponse ¶ added in v0.2.0
type AutomationRulesClientCreateOrUpdateResponse struct { AutomationRulesClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
AutomationRulesClientCreateOrUpdateResponse contains the response from method AutomationRulesClient.CreateOrUpdate.
type AutomationRulesClientCreateOrUpdateResult ¶ added in v0.2.0
type AutomationRulesClientCreateOrUpdateResult struct {
AutomationRule
}
AutomationRulesClientCreateOrUpdateResult contains the result from method AutomationRulesClient.CreateOrUpdate.
type AutomationRulesClientDeleteOptions ¶ added in v0.2.0
type AutomationRulesClientDeleteOptions struct { }
AutomationRulesClientDeleteOptions contains the optional parameters for the AutomationRulesClient.Delete method.
type AutomationRulesClientDeleteResponse ¶ added in v0.2.0
type AutomationRulesClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
AutomationRulesClientDeleteResponse contains the response from method AutomationRulesClient.Delete.
type AutomationRulesClientGetOptions ¶ added in v0.2.0
type AutomationRulesClientGetOptions struct { }
AutomationRulesClientGetOptions contains the optional parameters for the AutomationRulesClient.Get method.
type AutomationRulesClientGetResponse ¶ added in v0.2.0
type AutomationRulesClientGetResponse struct { AutomationRulesClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
AutomationRulesClientGetResponse contains the response from method AutomationRulesClient.Get.
type AutomationRulesClientGetResult ¶ added in v0.2.0
type AutomationRulesClientGetResult struct {
AutomationRule
}
AutomationRulesClientGetResult contains the result from method AutomationRulesClient.Get.
type AutomationRulesClientListOptions ¶ added in v0.2.0
type AutomationRulesClientListOptions struct { }
AutomationRulesClientListOptions contains the optional parameters for the AutomationRulesClient.List method.
type AutomationRulesClientListPager ¶ added in v0.2.0
type AutomationRulesClientListPager struct {
// contains filtered or unexported fields
}
AutomationRulesClientListPager provides operations for iterating over paged responses.
func (*AutomationRulesClientListPager) Err ¶ added in v0.2.0
func (p *AutomationRulesClientListPager) Err() error
Err returns the last error encountered while paging.
func (*AutomationRulesClientListPager) NextPage ¶ added in v0.2.0
func (p *AutomationRulesClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*AutomationRulesClientListPager) PageResponse ¶ added in v0.2.0
func (p *AutomationRulesClientListPager) PageResponse() AutomationRulesClientListResponse
PageResponse returns the current AutomationRulesClientListResponse page.
type AutomationRulesClientListResponse ¶ added in v0.2.0
type AutomationRulesClientListResponse struct { AutomationRulesClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
AutomationRulesClientListResponse contains the response from method AutomationRulesClient.List.
type AutomationRulesClientListResult ¶ added in v0.2.0
type AutomationRulesClientListResult struct {
AutomationRulesList
}
AutomationRulesClientListResult contains the result from method AutomationRulesClient.List.
type AutomationRulesList ¶ added in v0.2.0
type AutomationRulesList struct { // REQUIRED; Array of automation rules. Value []*AutomationRule `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of automation rules. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
AutomationRulesList - List all the automation rules.
func (AutomationRulesList) MarshalJSON ¶ added in v0.2.0
func (a AutomationRulesList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AutomationRulesList.
type Availability ¶ added in v0.2.0
type Availability struct { // Set connector as preview IsPreview *bool `json:"isPreview,omitempty"` // The connector Availability Status Status *int32 `json:"status,omitempty"` }
Availability - Connector Availability Status
type AwsCloudTrailCheckRequirements ¶ added in v0.2.0
type AwsCloudTrailCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` }
AwsCloudTrailCheckRequirements - Amazon Web Services CloudTrail requirements check request.
func (*AwsCloudTrailCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (a *AwsCloudTrailCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AwsCloudTrailCheckRequirements.
func (AwsCloudTrailCheckRequirements) MarshalJSON ¶ added in v0.2.0
func (a AwsCloudTrailCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailCheckRequirements.
func (*AwsCloudTrailCheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (a *AwsCloudTrailCheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailCheckRequirements.
type AwsCloudTrailDataConnector ¶
type AwsCloudTrailDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Amazon Web Services CloudTrail data connector properties. Properties *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
AwsCloudTrailDataConnector - Represents Amazon Web Services CloudTrail data connector.
func (*AwsCloudTrailDataConnector) GetDataConnector ¶ added in v0.2.0
func (a *AwsCloudTrailDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) MarshalJSON ¶
func (a AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnector.
func (*AwsCloudTrailDataConnector) UnmarshalJSON ¶
func (a *AwsCloudTrailDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnector.
type AwsCloudTrailDataConnectorDataTypes ¶
type AwsCloudTrailDataConnectorDataTypes struct { // REQUIRED; Logs data type. Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"` }
AwsCloudTrailDataConnectorDataTypes - The available data types for Amazon Web Services CloudTrail data connector.
type AwsCloudTrailDataConnectorDataTypesLogs ¶
type AwsCloudTrailDataConnectorDataTypesLogs struct { // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
AwsCloudTrailDataConnectorDataTypesLogs - Logs data type.
type AwsCloudTrailDataConnectorProperties ¶
type AwsCloudTrailDataConnectorProperties struct { // REQUIRED; The available data types for the connector. DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` // The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. AwsRoleArn *string `json:"awsRoleArn,omitempty"` }
AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.
type AwsS3CheckRequirements ¶ added in v0.2.0
type AwsS3CheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` }
AwsS3CheckRequirements - Amazon Web Services S3 requirements check request.
func (*AwsS3CheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (a *AwsS3CheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AwsS3CheckRequirements.
func (AwsS3CheckRequirements) MarshalJSON ¶ added in v0.2.0
func (a AwsS3CheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AwsS3CheckRequirements.
func (*AwsS3CheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (a *AwsS3CheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3CheckRequirements.
type AwsS3DataConnector ¶ added in v0.2.0
type AwsS3DataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Amazon Web Services S3 data connector properties. Properties *AwsS3DataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
AwsS3DataConnector - Represents Amazon Web Services S3 data connector.
func (*AwsS3DataConnector) GetDataConnector ¶ added in v0.2.0
func (a *AwsS3DataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type AwsS3DataConnector.
func (AwsS3DataConnector) MarshalJSON ¶ added in v0.2.0
func (a AwsS3DataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnector.
func (*AwsS3DataConnector) UnmarshalJSON ¶ added in v0.2.0
func (a *AwsS3DataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnector.
type AwsS3DataConnectorDataTypes ¶ added in v0.2.0
type AwsS3DataConnectorDataTypes struct { // REQUIRED; Logs data type. Logs *AwsS3DataConnectorDataTypesLogs `json:"logs,omitempty"` }
AwsS3DataConnectorDataTypes - The available data types for Amazon Web Services S3 data connector.
type AwsS3DataConnectorDataTypesLogs ¶ added in v0.2.0
type AwsS3DataConnectorDataTypesLogs struct { // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
AwsS3DataConnectorDataTypesLogs - Logs data type.
type AwsS3DataConnectorProperties ¶ added in v0.2.0
type AwsS3DataConnectorProperties struct { // REQUIRED; The available data types for the connector. DataTypes *AwsS3DataConnectorDataTypes `json:"dataTypes,omitempty"` // REQUIRED; The logs destination table name in LogAnalytics. DestinationTable *string `json:"destinationTable,omitempty"` // REQUIRED; The Aws Role Arn that is used to access the Aws account. RoleArn *string `json:"roleArn,omitempty"` // REQUIRED; The AWS sqs urls for the connector. SqsUrls []*string `json:"sqsUrls,omitempty"` }
AwsS3DataConnectorProperties - Amazon Web Services S3 data connector properties.
func (AwsS3DataConnectorProperties) MarshalJSON ¶ added in v0.2.0
func (a AwsS3DataConnectorProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnectorProperties.
type AzureResourceEntity ¶ added in v0.2.0
type AzureResourceEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // AzureResource entity properties Properties *AzureResourceEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
AzureResourceEntity - Represents an azure resource entity.
func (*AzureResourceEntity) GetEntity ¶ added in v0.2.0
func (a *AzureResourceEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type AzureResourceEntity.
func (AzureResourceEntity) MarshalJSON ¶ added in v0.2.0
func (a AzureResourceEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AzureResourceEntity.
func (*AzureResourceEntity) UnmarshalJSON ¶ added in v0.2.0
func (a *AzureResourceEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntity.
type AzureResourceEntityProperties ¶ added in v0.2.0
type AzureResourceEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The azure resource id of the resource ResourceID *string `json:"resourceId,omitempty" azure:"ro"` // READ-ONLY; The subscription id of the resource SubscriptionID *string `json:"subscriptionId,omitempty" azure:"ro"` }
AzureResourceEntityProperties - AzureResource entity property bag.
func (AzureResourceEntityProperties) MarshalJSON ¶ added in v0.2.0
func (a AzureResourceEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type AzureResourceEntityProperties.
type Bookmark ¶
type Bookmark struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Bookmark properties Properties *BookmarkProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
Bookmark - Represents a bookmark in Azure Security Insights.
type BookmarkClient ¶ added in v0.2.0
type BookmarkClient struct {
// contains filtered or unexported fields
}
BookmarkClient contains the methods for the Bookmark group. Don't use this type directly, use NewBookmarkClient() instead.
func NewBookmarkClient ¶ added in v0.2.0
func NewBookmarkClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *BookmarkClient
NewBookmarkClient creates a new instance of BookmarkClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*BookmarkClient) Expand ¶ added in v0.2.0
func (client *BookmarkClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters, options *BookmarkClientExpandOptions) (BookmarkClientExpandResponse, error)
Expand - Expand an bookmark If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID parameters - The parameters required to execute an expand operation on the given bookmark. options - BookmarkClientExpandOptions contains the optional parameters for the BookmarkClient.Expand method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json
package main import ( "context" "log" "time" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewBookmarkClient("<subscription-id>", cred, nil) res, err := client.Expand(ctx, "<resource-group-name>", "<workspace-name>", "<bookmark-id>", armsecurityinsight.BookmarkExpandParameters{ EndTime: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-24T17:21:00.000Z"); return t }()), ExpansionID: to.StringPtr("<expansion-id>"), StartTime: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-25T17:21:00.000Z"); return t }()), }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.BookmarkClientExpandResult) }
Output:
type BookmarkClientExpandOptions ¶ added in v0.2.0
type BookmarkClientExpandOptions struct { }
BookmarkClientExpandOptions contains the optional parameters for the BookmarkClient.Expand method.
type BookmarkClientExpandResponse ¶ added in v0.2.0
type BookmarkClientExpandResponse struct { BookmarkClientExpandResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
BookmarkClientExpandResponse contains the response from method BookmarkClient.Expand.
type BookmarkClientExpandResult ¶ added in v0.2.0
type BookmarkClientExpandResult struct {
BookmarkExpandResponse
}
BookmarkClientExpandResult contains the result from method BookmarkClient.Expand.
type BookmarkExpandParameters ¶ added in v0.2.0
type BookmarkExpandParameters struct { // The end date filter, so the only expansion results returned are before this date. EndTime *time.Time `json:"endTime,omitempty"` // The Id of the expansion to perform. ExpansionID *string `json:"expansionId,omitempty"` // The start date filter, so the only expansion results returned are after this date. StartTime *time.Time `json:"startTime,omitempty"` }
BookmarkExpandParameters - The parameters required to execute an expand operation on the given bookmark.
func (BookmarkExpandParameters) MarshalJSON ¶ added in v0.2.0
func (b BookmarkExpandParameters) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type BookmarkExpandParameters.
func (*BookmarkExpandParameters) UnmarshalJSON ¶ added in v0.2.0
func (b *BookmarkExpandParameters) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandParameters.
type BookmarkExpandResponse ¶ added in v0.2.0
type BookmarkExpandResponse struct { // The metadata from the expansion operation results. MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` // The expansion result values. Value *BookmarkExpandResponseValue `json:"value,omitempty"` }
BookmarkExpandResponse - The entity expansion result operation response.
type BookmarkExpandResponseValue ¶ added in v0.2.0
type BookmarkExpandResponseValue struct { // Array of expansion result connected entities Edges []*ConnectedEntity `json:"edges,omitempty"` // Array of the expansion result entities. Entities []EntityClassification `json:"entities,omitempty"` }
BookmarkExpandResponseValue - The expansion result values.
func (BookmarkExpandResponseValue) MarshalJSON ¶ added in v0.2.0
func (b BookmarkExpandResponseValue) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type BookmarkExpandResponseValue.
func (*BookmarkExpandResponseValue) UnmarshalJSON ¶ added in v0.2.0
func (b *BookmarkExpandResponseValue) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandResponseValue.
type BookmarkList ¶
type BookmarkList struct { // REQUIRED; Array of bookmarks. Value []*Bookmark `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of cases. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
BookmarkList - List all the bookmarks.
func (BookmarkList) MarshalJSON ¶
func (b BookmarkList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type BookmarkList.
type BookmarkProperties ¶
type BookmarkProperties struct { // REQUIRED; The display name of the bookmark DisplayName *string `json:"displayName,omitempty"` // REQUIRED; The query of the bookmark. Query *string `json:"query,omitempty"` // The time the bookmark was created Created *time.Time `json:"created,omitempty"` // Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` // The bookmark event time EventTime *time.Time `json:"eventTime,omitempty"` // Describes an incident that relates to bookmark IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` // List of labels relevant to this bookmark Labels []*string `json:"labels,omitempty"` // The notes of the bookmark Notes *string `json:"notes,omitempty"` // The end time for the query QueryEndTime *time.Time `json:"queryEndTime,omitempty"` // The query result of the bookmark. QueryResult *string `json:"queryResult,omitempty"` // The start time for the query QueryStartTime *time.Time `json:"queryStartTime,omitempty"` // The last time the bookmark was updated Updated *time.Time `json:"updated,omitempty"` // Describes a user that updated the bookmark UpdatedBy *UserInfo `json:"updatedBy,omitempty"` }
BookmarkProperties - Describes bookmark properties
func (BookmarkProperties) MarshalJSON ¶
func (b BookmarkProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type BookmarkProperties.
func (*BookmarkProperties) UnmarshalJSON ¶
func (b *BookmarkProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkProperties.
type BookmarkRelationsClient ¶ added in v0.2.0
type BookmarkRelationsClient struct {
// contains filtered or unexported fields
}
BookmarkRelationsClient contains the methods for the BookmarkRelations group. Don't use this type directly, use NewBookmarkRelationsClient() instead.
func NewBookmarkRelationsClient ¶ added in v0.2.0
func NewBookmarkRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *BookmarkRelationsClient
NewBookmarkRelationsClient creates a new instance of BookmarkRelationsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*BookmarkRelationsClient) CreateOrUpdate ¶ added in v0.2.0
func (client *BookmarkRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, relation Relation, options *BookmarkRelationsClientCreateOrUpdateOptions) (BookmarkRelationsClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates the bookmark relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID relationName - Relation Name relation - The relation model options - BookmarkRelationsClientCreateOrUpdateOptions contains the optional parameters for the BookmarkRelationsClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewBookmarkRelationsClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<bookmark-id>", "<relation-name>", armsecurityinsight.Relation{ Properties: &armsecurityinsight.RelationProperties{ RelatedResourceID: to.StringPtr("<related-resource-id>"), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.BookmarkRelationsClientCreateOrUpdateResult) }
Output:
func (*BookmarkRelationsClient) Delete ¶ added in v0.2.0
func (client *BookmarkRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientDeleteOptions) (BookmarkRelationsClientDeleteResponse, error)
Delete - Delete the bookmark relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID relationName - Relation Name options - BookmarkRelationsClientDeleteOptions contains the optional parameters for the BookmarkRelationsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewBookmarkRelationsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<bookmark-id>", "<relation-name>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*BookmarkRelationsClient) Get ¶ added in v0.2.0
func (client *BookmarkRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientGetOptions) (BookmarkRelationsClientGetResponse, error)
Get - Gets a bookmark relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID relationName - Relation Name options - BookmarkRelationsClientGetOptions contains the optional parameters for the BookmarkRelationsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewBookmarkRelationsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<bookmark-id>", "<relation-name>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.BookmarkRelationsClientGetResult) }
Output:
func (*BookmarkRelationsClient) List ¶ added in v0.2.0
func (client *BookmarkRelationsClient) List(resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarkRelationsClientListOptions) *BookmarkRelationsClientListPager
List - Gets all bookmark relations. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID options - BookmarkRelationsClientListOptions contains the optional parameters for the BookmarkRelationsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewBookmarkRelationsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", "<bookmark-id>", &armsecurityinsight.BookmarkRelationsClientListOptions{Filter: nil, Orderby: nil, Top: nil, SkipToken: nil, }) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type BookmarkRelationsClientCreateOrUpdateOptions ¶ added in v0.2.0
type BookmarkRelationsClientCreateOrUpdateOptions struct { }
BookmarkRelationsClientCreateOrUpdateOptions contains the optional parameters for the BookmarkRelationsClient.CreateOrUpdate method.
type BookmarkRelationsClientCreateOrUpdateResponse ¶ added in v0.2.0
type BookmarkRelationsClientCreateOrUpdateResponse struct { BookmarkRelationsClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
BookmarkRelationsClientCreateOrUpdateResponse contains the response from method BookmarkRelationsClient.CreateOrUpdate.
type BookmarkRelationsClientCreateOrUpdateResult ¶ added in v0.2.0
type BookmarkRelationsClientCreateOrUpdateResult struct {
Relation
}
BookmarkRelationsClientCreateOrUpdateResult contains the result from method BookmarkRelationsClient.CreateOrUpdate.
type BookmarkRelationsClientDeleteOptions ¶ added in v0.2.0
type BookmarkRelationsClientDeleteOptions struct { }
BookmarkRelationsClientDeleteOptions contains the optional parameters for the BookmarkRelationsClient.Delete method.
type BookmarkRelationsClientDeleteResponse ¶ added in v0.2.0
type BookmarkRelationsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
BookmarkRelationsClientDeleteResponse contains the response from method BookmarkRelationsClient.Delete.
type BookmarkRelationsClientGetOptions ¶ added in v0.2.0
type BookmarkRelationsClientGetOptions struct { }
BookmarkRelationsClientGetOptions contains the optional parameters for the BookmarkRelationsClient.Get method.
type BookmarkRelationsClientGetResponse ¶ added in v0.2.0
type BookmarkRelationsClientGetResponse struct { BookmarkRelationsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
BookmarkRelationsClientGetResponse contains the response from method BookmarkRelationsClient.Get.
type BookmarkRelationsClientGetResult ¶ added in v0.2.0
type BookmarkRelationsClientGetResult struct {
Relation
}
BookmarkRelationsClientGetResult contains the result from method BookmarkRelationsClient.Get.
type BookmarkRelationsClientListOptions ¶ added in v0.2.0
type BookmarkRelationsClientListOptions struct { // Filters the results, based on a Boolean condition. Optional. Filter *string // Sorts the results. Optional. Orderby *string // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, // the value of the nextLink element will include a skiptoken parameter that // specifies a starting point to use for subsequent calls. Optional. SkipToken *string // Returns only the first n results. Optional. Top *int32 }
BookmarkRelationsClientListOptions contains the optional parameters for the BookmarkRelationsClient.List method.
type BookmarkRelationsClientListPager ¶ added in v0.2.0
type BookmarkRelationsClientListPager struct {
// contains filtered or unexported fields
}
BookmarkRelationsClientListPager provides operations for iterating over paged responses.
func (*BookmarkRelationsClientListPager) Err ¶ added in v0.2.0
func (p *BookmarkRelationsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*BookmarkRelationsClientListPager) NextPage ¶ added in v0.2.0
func (p *BookmarkRelationsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*BookmarkRelationsClientListPager) PageResponse ¶ added in v0.2.0
func (p *BookmarkRelationsClientListPager) PageResponse() BookmarkRelationsClientListResponse
PageResponse returns the current BookmarkRelationsClientListResponse page.
type BookmarkRelationsClientListResponse ¶ added in v0.2.0
type BookmarkRelationsClientListResponse struct { BookmarkRelationsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
BookmarkRelationsClientListResponse contains the response from method BookmarkRelationsClient.List.
type BookmarkRelationsClientListResult ¶ added in v0.2.0
type BookmarkRelationsClientListResult struct {
RelationList
}
BookmarkRelationsClientListResult contains the result from method BookmarkRelationsClient.List.
type BookmarkTimelineItem ¶ added in v0.2.0
type BookmarkTimelineItem struct { // REQUIRED; The bookmark azure resource id. AzureResourceID *string `json:"azureResourceId,omitempty"` // REQUIRED; The entity query kind type. Kind *EntityTimelineKind `json:"kind,omitempty"` // Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` // The bookmark display name. DisplayName *string `json:"displayName,omitempty"` // The bookmark end time. EndTimeUTC *time.Time `json:"endTimeUtc,omitempty"` // The bookmark event time. EventTime *time.Time `json:"eventTime,omitempty"` // List of labels relevant to this bookmark Labels []*string `json:"labels,omitempty"` // The notes of the bookmark Notes *string `json:"notes,omitempty"` // The bookmark start time. StartTimeUTC *time.Time `json:"startTimeUtc,omitempty"` }
BookmarkTimelineItem - Represents bookmark timeline item.
func (*BookmarkTimelineItem) GetEntityTimelineItem ¶ added in v0.2.0
func (b *BookmarkTimelineItem) GetEntityTimelineItem() *EntityTimelineItem
GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type BookmarkTimelineItem.
func (BookmarkTimelineItem) MarshalJSON ¶ added in v0.2.0
func (b BookmarkTimelineItem) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type BookmarkTimelineItem.
func (*BookmarkTimelineItem) UnmarshalJSON ¶ added in v0.2.0
func (b *BookmarkTimelineItem) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkTimelineItem.
type BookmarksClient ¶
type BookmarksClient struct {
// contains filtered or unexported fields
}
BookmarksClient contains the methods for the Bookmarks group. Don't use this type directly, use NewBookmarksClient() instead.
func NewBookmarksClient ¶
func NewBookmarksClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *BookmarksClient
NewBookmarksClient creates a new instance of BookmarksClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*BookmarksClient) CreateOrUpdate ¶
func (client *BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark Bookmark, options *BookmarksClientCreateOrUpdateOptions) (BookmarksClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates the bookmark. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID bookmark - The bookmark options - BookmarksClientCreateOrUpdateOptions contains the optional parameters for the BookmarksClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/CreateBookmark.json
package main import ( "context" "log" "time" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewBookmarksClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<bookmark-id>", armsecurityinsight.Bookmark{ Etag: to.StringPtr("<etag>"), Properties: &armsecurityinsight.BookmarkProperties{ Created: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t }()), CreatedBy: &armsecurityinsight.UserInfo{ ObjectID: to.StringPtr("<object-id>"), }, DisplayName: to.StringPtr("<display-name>"), Labels: []*string{ to.StringPtr("Tag1"), to.StringPtr("Tag2")}, Notes: to.StringPtr("<notes>"), Query: to.StringPtr("<query>"), QueryResult: to.StringPtr("<query-result>"), Updated: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t }()), UpdatedBy: &armsecurityinsight.UserInfo{ ObjectID: to.StringPtr("<object-id>"), }, }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.BookmarksClientCreateOrUpdateResult) }
Output:
func (*BookmarksClient) Delete ¶
func (client *BookmarksClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarksClientDeleteOptions) (BookmarksClientDeleteResponse, error)
Delete - Delete the bookmark. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID options - BookmarksClientDeleteOptions contains the optional parameters for the BookmarksClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/DeleteBookmark.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewBookmarksClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<bookmark-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*BookmarksClient) Get ¶
func (client *BookmarksClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarksClientGetOptions) (BookmarksClientGetResponse, error)
Get - Gets a bookmark. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID options - BookmarksClientGetOptions contains the optional parameters for the BookmarksClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/GetBookmarkById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewBookmarksClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<bookmark-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.BookmarksClientGetResult) }
Output:
func (*BookmarksClient) List ¶
func (client *BookmarksClient) List(resourceGroupName string, workspaceName string, options *BookmarksClientListOptions) *BookmarksClientListPager
List - Gets all bookmarks. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - BookmarksClientListOptions contains the optional parameters for the BookmarksClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/GetBookmarks.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewBookmarksClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type BookmarksClientCreateOrUpdateOptions ¶ added in v0.2.0
type BookmarksClientCreateOrUpdateOptions struct { }
BookmarksClientCreateOrUpdateOptions contains the optional parameters for the BookmarksClient.CreateOrUpdate method.
type BookmarksClientCreateOrUpdateResponse ¶ added in v0.2.0
type BookmarksClientCreateOrUpdateResponse struct { BookmarksClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
BookmarksClientCreateOrUpdateResponse contains the response from method BookmarksClient.CreateOrUpdate.
type BookmarksClientCreateOrUpdateResult ¶ added in v0.2.0
type BookmarksClientCreateOrUpdateResult struct {
Bookmark
}
BookmarksClientCreateOrUpdateResult contains the result from method BookmarksClient.CreateOrUpdate.
type BookmarksClientDeleteOptions ¶ added in v0.2.0
type BookmarksClientDeleteOptions struct { }
BookmarksClientDeleteOptions contains the optional parameters for the BookmarksClient.Delete method.
type BookmarksClientDeleteResponse ¶ added in v0.2.0
type BookmarksClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
BookmarksClientDeleteResponse contains the response from method BookmarksClient.Delete.
type BookmarksClientGetOptions ¶ added in v0.2.0
type BookmarksClientGetOptions struct { }
BookmarksClientGetOptions contains the optional parameters for the BookmarksClient.Get method.
type BookmarksClientGetResponse ¶ added in v0.2.0
type BookmarksClientGetResponse struct { BookmarksClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
BookmarksClientGetResponse contains the response from method BookmarksClient.Get.
type BookmarksClientGetResult ¶ added in v0.2.0
type BookmarksClientGetResult struct {
Bookmark
}
BookmarksClientGetResult contains the result from method BookmarksClient.Get.
type BookmarksClientListOptions ¶ added in v0.2.0
type BookmarksClientListOptions struct { }
BookmarksClientListOptions contains the optional parameters for the BookmarksClient.List method.
type BookmarksClientListPager ¶ added in v0.2.0
type BookmarksClientListPager struct {
// contains filtered or unexported fields
}
BookmarksClientListPager provides operations for iterating over paged responses.
func (*BookmarksClientListPager) Err ¶ added in v0.2.0
func (p *BookmarksClientListPager) Err() error
Err returns the last error encountered while paging.
func (*BookmarksClientListPager) NextPage ¶ added in v0.2.0
func (p *BookmarksClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*BookmarksClientListPager) PageResponse ¶ added in v0.2.0
func (p *BookmarksClientListPager) PageResponse() BookmarksClientListResponse
PageResponse returns the current BookmarksClientListResponse page.
type BookmarksClientListResponse ¶ added in v0.2.0
type BookmarksClientListResponse struct { BookmarksClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
BookmarksClientListResponse contains the response from method BookmarksClient.List.
type BookmarksClientListResult ¶ added in v0.2.0
type BookmarksClientListResult struct {
BookmarkList
}
BookmarksClientListResult contains the result from method BookmarksClient.List.
type ClientInfo ¶
type ClientInfo struct { // The email of the client. Email *string `json:"email,omitempty"` // The name of the client. Name *string `json:"name,omitempty"` // The object id of the client. ObjectID *string `json:"objectId,omitempty"` // The user principal name of the client. UserPrincipalName *string `json:"userPrincipalName,omitempty"` }
ClientInfo - Information on the client (user or application) that made some action
type CloudApplicationEntity ¶ added in v0.2.0
type CloudApplicationEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // CloudApplication entity properties Properties *CloudApplicationEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
CloudApplicationEntity - Represents a cloud application entity.
func (*CloudApplicationEntity) GetEntity ¶ added in v0.2.0
func (c *CloudApplicationEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type CloudApplicationEntity.
func (CloudApplicationEntity) MarshalJSON ¶ added in v0.2.0
func (c CloudApplicationEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntity.
func (*CloudApplicationEntity) UnmarshalJSON ¶ added in v0.2.0
func (c *CloudApplicationEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntity.
type CloudApplicationEntityProperties ¶ added in v0.2.0
type CloudApplicationEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The technical identifier of the application. AppID *int32 `json:"appId,omitempty" azure:"ro"` // READ-ONLY; The name of the related cloud application. AppName *string `json:"appName,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications // of the same type that a customer has. InstanceName *string `json:"instanceName,omitempty" azure:"ro"` }
CloudApplicationEntityProperties - CloudApplication entity property bag.
func (CloudApplicationEntityProperties) MarshalJSON ¶ added in v0.2.0
func (c CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntityProperties.
type CloudError ¶
type CloudError struct { // Error data Error *CloudErrorBody `json:"error,omitempty"` }
CloudError - Error response structure.
type CloudErrorBody ¶ added in v0.2.0
type CloudErrorBody struct { // READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically. Code *string `json:"code,omitempty" azure:"ro"` // READ-ONLY; A message describing the error, intended to be suitable for display in a user interface. Message *string `json:"message,omitempty" azure:"ro"` }
CloudErrorBody - Error details.
type CodelessAPIPollingDataConnector ¶ added in v0.2.0
type CodelessAPIPollingDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Codeless poling data connector properties Properties *APIPollingParameters `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
CodelessAPIPollingDataConnector - Represents Codeless API Polling data connector.
func (*CodelessAPIPollingDataConnector) GetDataConnector ¶ added in v0.2.0
func (c *CodelessAPIPollingDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type CodelessAPIPollingDataConnector.
func (CodelessAPIPollingDataConnector) MarshalJSON ¶ added in v0.2.0
func (c CodelessAPIPollingDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type CodelessAPIPollingDataConnector.
func (*CodelessAPIPollingDataConnector) UnmarshalJSON ¶ added in v0.2.0
func (c *CodelessAPIPollingDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type CodelessAPIPollingDataConnector.
type CodelessConnectorPollingAuthProperties ¶ added in v0.2.0
type CodelessConnectorPollingAuthProperties struct { // REQUIRED; The authentication type AuthType *string `json:"authType,omitempty"` // A prefix send in the header before the actual token APIKeyIdentifier *string `json:"apiKeyIdentifier,omitempty"` // The header name which the token is sent with APIKeyName *string `json:"apiKeyName,omitempty"` // The endpoint used to authorize the user, used in Oauth 2.0 flow AuthorizationEndpoint *string `json:"authorizationEndpoint,omitempty"` // The query parameters used in authorization request, used in Oauth 2.0 flow AuthorizationEndpointQueryParameters map[string]interface{} `json:"authorizationEndpointQueryParameters,omitempty"` // Describes the flow name, for example 'AuthCode' for Oauth 2.0 FlowName *string `json:"flowName,omitempty"` // Marks if the key should sent in header IsAPIKeyInPostPayload *string `json:"isApiKeyInPostPayload,omitempty"` // Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow IsClientSecretInHeader *bool `json:"isClientSecretInHeader,omitempty"` // The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow RedirectionEndpoint *string `json:"redirectionEndpoint,omitempty"` // The OAuth token scope Scope *string `json:"scope,omitempty"` // The endpoint used to issue a token, used in Oauth 2.0 flow TokenEndpoint *string `json:"tokenEndpoint,omitempty"` // The query headers used in token request, used in Oauth 2.0 flow TokenEndpointHeaders map[string]interface{} `json:"tokenEndpointHeaders,omitempty"` // The query parameters used in token request, used in Oauth 2.0 flow TokenEndpointQueryParameters map[string]interface{} `json:"tokenEndpointQueryParameters,omitempty"` }
CodelessConnectorPollingAuthProperties - Describe the authentication properties needed to successfully authenticate with the server
type CodelessConnectorPollingConfigProperties ¶ added in v0.2.0
type CodelessConnectorPollingConfigProperties struct { // REQUIRED; Describe the authentication type of the poller Auth *CodelessConnectorPollingAuthProperties `json:"auth,omitempty"` // REQUIRED; Describe the poll request config parameters of the poller Request *CodelessConnectorPollingRequestProperties `json:"request,omitempty"` // The poller active status IsActive *bool `json:"isActive,omitempty"` // Describe the poll request paging config of the poller Paging *CodelessConnectorPollingPagingProperties `json:"paging,omitempty"` // Describe the response config parameters of the poller Response *CodelessConnectorPollingResponseProperties `json:"response,omitempty"` }
CodelessConnectorPollingConfigProperties - Config to describe the polling config for API poller connector
type CodelessConnectorPollingPagingProperties ¶ added in v0.2.0
type CodelessConnectorPollingPagingProperties struct { // REQUIRED; Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp' PagingType *string `json:"pagingType,omitempty"` // Defines the name of a next page attribute NextPageParaName *string `json:"nextPageParaName,omitempty"` // Defines the path to a next page token JSON NextPageTokenJSONPath *string `json:"nextPageTokenJsonPath,omitempty"` // Defines the path to a page count attribute PageCountAttributePath *string `json:"pageCountAttributePath,omitempty"` // Defines the paging size PageSize *int32 `json:"pageSize,omitempty"` // Defines the name of the page size parameter PageSizeParaName *string `json:"pageSizeParaName,omitempty"` // Defines the path to a paging time stamp attribute PageTimeStampAttributePath *string `json:"pageTimeStampAttributePath,omitempty"` // Defines the path to a page total count attribute PageTotalCountAttributePath *string `json:"pageTotalCountAttributePath,omitempty"` // Determines whether to search for the latest time stamp in the events list SearchTheLatestTimeStampFromEventsList *string `json:"searchTheLatestTimeStampFromEventsList,omitempty"` }
CodelessConnectorPollingPagingProperties - Describe the properties needed to make a pagination call
type CodelessConnectorPollingRequestProperties ¶ added in v0.2.0
type CodelessConnectorPollingRequestProperties struct { // REQUIRED; Describe the endpoint we should pull the data from APIEndpoint *string `json:"apiEndpoint,omitempty"` // REQUIRED; The http method type we will use in the poll request, GET or POST HTTPMethod *string `json:"httpMethod,omitempty"` // REQUIRED; The time format will be used the query events in a specific window QueryTimeFormat *string `json:"queryTimeFormat,omitempty"` // REQUIRED; The window interval we will use the pull the data QueryWindowInMin *int32 `json:"queryWindowInMin,omitempty"` // This will be used the query events from the end of the time window EndTimeAttributeName *string `json:"endTimeAttributeName,omitempty"` // Describe the headers sent in the poll request Headers map[string]interface{} `json:"headers,omitempty"` // Describe the query parameters sent in the poll request QueryParameters map[string]interface{} `json:"queryParameters,omitempty"` // For advanced scenarios for example user name/password embedded in nested JSON payload QueryParametersTemplate *string `json:"queryParametersTemplate,omitempty"` // Defines the rate limit QPS RateLimitQPS *int32 `json:"rateLimitQps,omitempty"` // Describe the amount of time we should try and poll the data in case of failure RetryCount *int32 `json:"retryCount,omitempty"` // This will be used the query events from a start of the time window StartTimeAttributeName *string `json:"startTimeAttributeName,omitempty"` // The number of seconds we will consider as a request timeout TimeoutInSeconds *int32 `json:"timeoutInSeconds,omitempty"` }
CodelessConnectorPollingRequestProperties - Describe the request properties needed to successfully pull from the server
type CodelessConnectorPollingResponseProperties ¶ added in v0.2.0
type CodelessConnectorPollingResponseProperties struct { // REQUIRED; Describes the path we should extract the data in the response EventsJSONPaths []*string `json:"eventsJsonPaths,omitempty"` // Describes if the data in the response is Gzip IsGzipCompressed *bool `json:"isGzipCompressed,omitempty"` // Describes the path we should extract the status code in the response SuccessStatusJSONPath *string `json:"successStatusJsonPath,omitempty"` // Describes the path we should extract the status value in the response SuccessStatusValue *string `json:"successStatusValue,omitempty"` }
CodelessConnectorPollingResponseProperties - Describes the response from the external server
func (CodelessConnectorPollingResponseProperties) MarshalJSON ¶ added in v0.2.0
func (c CodelessConnectorPollingResponseProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingResponseProperties.
type CodelessParameters ¶ added in v0.2.0
type CodelessParameters struct { // Config to describe the instructions blade ConnectorUIConfig *CodelessUIConnectorConfigProperties `json:"connectorUiConfig,omitempty"` }
CodelessParameters - Represents Codeless UI data connector
type CodelessUIConnectorConfigProperties ¶ added in v0.2.0
type CodelessUIConnectorConfigProperties struct { // REQUIRED; Connector Availability Status Availability *Availability `json:"availability,omitempty"` // REQUIRED; Define the way the connector check connectivity ConnectivityCriteria []*CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem `json:"connectivityCriteria,omitempty"` // REQUIRED; Data types to check for last data received DataTypes []*CodelessUIConnectorConfigPropertiesDataTypesItem `json:"dataTypes,omitempty"` // REQUIRED; Connector description DescriptionMarkdown *string `json:"descriptionMarkdown,omitempty"` // REQUIRED; The graph query to show the current data status GraphQueries []*CodelessUIConnectorConfigPropertiesGraphQueriesItem `json:"graphQueries,omitempty"` // REQUIRED; Name of the table the connector will insert the data to GraphQueriesTableName *string `json:"graphQueriesTableName,omitempty"` // REQUIRED; Instruction steps to enable the connector InstructionSteps []*CodelessUIConnectorConfigPropertiesInstructionStepsItem `json:"instructionSteps,omitempty"` // REQUIRED; Permissions required for the connector Permissions *Permissions `json:"permissions,omitempty"` // REQUIRED; Connector publisher name Publisher *string `json:"publisher,omitempty"` // REQUIRED; The sample queries for the connector SampleQueries []*CodelessUIConnectorConfigPropertiesSampleQueriesItem `json:"sampleQueries,omitempty"` // REQUIRED; Connector blade title Title *string `json:"title,omitempty"` // An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery CustomImage *string `json:"customImage,omitempty"` }
CodelessUIConnectorConfigProperties - Config to describe the instructions blade
func (CodelessUIConnectorConfigProperties) MarshalJSON ¶ added in v0.2.0
func (c CodelessUIConnectorConfigProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigProperties.
type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem ¶ added in v0.2.0
type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem struct { // type of connectivity Type *ConnectivityType `json:"type,omitempty"` // Queries for checking connectivity Value []*string `json:"value,omitempty"` }
func (CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) MarshalJSON ¶ added in v0.2.0
func (c CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem.
type CodelessUIConnectorConfigPropertiesDataTypesItem ¶ added in v0.2.0
type CodelessUIConnectorConfigPropertiesDataTypesItem struct { // Query for indicate last data received LastDataReceivedQuery *string `json:"lastDataReceivedQuery,omitempty"` // Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder Name *string `json:"name,omitempty"` }
type CodelessUIConnectorConfigPropertiesGraphQueriesItem ¶ added in v0.2.0
type CodelessUIConnectorConfigPropertiesGraphQueriesItem struct { // The base query for the graph BaseQuery *string `json:"baseQuery,omitempty"` // The legend for the graph Legend *string `json:"legend,omitempty"` // the metric that the query is checking MetricName *string `json:"metricName,omitempty"` }
type CodelessUIConnectorConfigPropertiesInstructionStepsItem ¶ added in v0.2.0
type CodelessUIConnectorConfigPropertiesInstructionStepsItem struct { // Instruction step description Description *string `json:"description,omitempty"` // Instruction step details Instructions []*InstructionStepsInstructionsItem `json:"instructions,omitempty"` // Instruction step title Title *string `json:"title,omitempty"` }
func (CodelessUIConnectorConfigPropertiesInstructionStepsItem) MarshalJSON ¶ added in v0.2.0
func (c CodelessUIConnectorConfigPropertiesInstructionStepsItem) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesInstructionStepsItem.
type CodelessUIConnectorConfigPropertiesSampleQueriesItem ¶ added in v0.2.0
type CodelessUIDataConnector ¶ added in v0.2.0
type CodelessUIDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Codeless UI data connector properties Properties *CodelessParameters `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
CodelessUIDataConnector - Represents Codeless UI data connector.
func (*CodelessUIDataConnector) GetDataConnector ¶ added in v0.2.0
func (c *CodelessUIDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type CodelessUIDataConnector.
func (CodelessUIDataConnector) MarshalJSON ¶ added in v0.2.0
func (c CodelessUIDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type CodelessUIDataConnector.
func (*CodelessUIDataConnector) UnmarshalJSON ¶ added in v0.2.0
func (c *CodelessUIDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIDataConnector.
type ConfidenceLevel ¶ added in v0.2.0
type ConfidenceLevel string
ConfidenceLevel - The confidence level of this alert.
const ( // ConfidenceLevelHigh - High confidence that the alert is true positive malicious ConfidenceLevelHigh ConfidenceLevel = "High" // ConfidenceLevelLow - Low confidence, meaning we have some doubts this is indeed malicious or part of an attack ConfidenceLevelLow ConfidenceLevel = "Low" // ConfidenceLevelUnknown - Unknown confidence, the is the default value ConfidenceLevelUnknown ConfidenceLevel = "Unknown" )
func PossibleConfidenceLevelValues ¶ added in v0.2.0
func PossibleConfidenceLevelValues() []ConfidenceLevel
PossibleConfidenceLevelValues returns the possible values for the ConfidenceLevel const type.
func (ConfidenceLevel) ToPtr ¶ added in v0.2.0
func (c ConfidenceLevel) ToPtr() *ConfidenceLevel
ToPtr returns a *ConfidenceLevel pointing to the current value.
type ConfidenceScoreStatus ¶ added in v0.2.0
type ConfidenceScoreStatus string
ConfidenceScoreStatus - The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.
const ( // ConfidenceScoreStatusFinal - Final score was calculated and available ConfidenceScoreStatusFinal ConfidenceScoreStatus = "Final" // ConfidenceScoreStatusInProcess - No score was set yet and calculation is in progress ConfidenceScoreStatusInProcess ConfidenceScoreStatus = "InProcess" // ConfidenceScoreStatusNotApplicable - Score will not be calculated for this alert as it is not supported by virtual analyst ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable" // ConfidenceScoreStatusNotFinal - Score is calculated and shown as part of the alert, but may be updated again at a later // time following the processing of additional data ConfidenceScoreStatusNotFinal ConfidenceScoreStatus = "NotFinal" )
func PossibleConfidenceScoreStatusValues ¶ added in v0.2.0
func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus
PossibleConfidenceScoreStatusValues returns the possible values for the ConfidenceScoreStatus const type.
func (ConfidenceScoreStatus) ToPtr ¶ added in v0.2.0
func (c ConfidenceScoreStatus) ToPtr() *ConfidenceScoreStatus
ToPtr returns a *ConfidenceScoreStatus pointing to the current value.
type ConnectAuthKind ¶ added in v0.2.0
type ConnectAuthKind string
ConnectAuthKind - The authentication kind used to poll the data
const ( ConnectAuthKindAPIKey ConnectAuthKind = "APIKey" ConnectAuthKindBasic ConnectAuthKind = "Basic" ConnectAuthKindOAuth2 ConnectAuthKind = "OAuth2" )
func PossibleConnectAuthKindValues ¶ added in v0.2.0
func PossibleConnectAuthKindValues() []ConnectAuthKind
PossibleConnectAuthKindValues returns the possible values for the ConnectAuthKind const type.
func (ConnectAuthKind) ToPtr ¶ added in v0.2.0
func (c ConnectAuthKind) ToPtr() *ConnectAuthKind
ToPtr returns a *ConnectAuthKind pointing to the current value.
type ConnectedEntity ¶ added in v0.2.0
type ConnectedEntity struct { // key-value pairs for a connected entity mapping AdditionalData map[string]interface{} `json:"additionalData,omitempty"` // Entity Id of the connected entity TargetEntityID *string `json:"targetEntityId,omitempty"` }
ConnectedEntity - Expansion result connected entities
type ConnectivityCriteria ¶ added in v0.2.0
type ConnectivityCriteria struct { // type of connectivity Type *ConnectivityType `json:"type,omitempty"` // Queries for checking connectivity Value []*string `json:"value,omitempty"` }
ConnectivityCriteria - Setting for the connector check connectivity
func (ConnectivityCriteria) MarshalJSON ¶ added in v0.2.0
func (c ConnectivityCriteria) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ConnectivityCriteria.
type ConnectivityType ¶ added in v0.2.0
type ConnectivityType string
ConnectivityType - type of connectivity
const (
ConnectivityTypeIsConnectedQuery ConnectivityType = "IsConnectedQuery"
)
func PossibleConnectivityTypeValues ¶ added in v0.2.0
func PossibleConnectivityTypeValues() []ConnectivityType
PossibleConnectivityTypeValues returns the possible values for the ConnectivityType const type.
func (ConnectivityType) ToPtr ¶ added in v0.2.0
func (c ConnectivityType) ToPtr() *ConnectivityType
ToPtr returns a *ConnectivityType pointing to the current value.
type ConnectorInstructionModelBase ¶ added in v0.2.0
type ConnectorInstructionModelBase struct { // REQUIRED; The kind of the setting Type *SettingType `json:"type,omitempty"` // The parameters for the setting Parameters map[string]interface{} `json:"parameters,omitempty"` }
ConnectorInstructionModelBase - Instruction step details
type ContentPathMap ¶ added in v0.2.0
type ContentPathMap struct { // Content type. ContentType *ContentType `json:"contentType,omitempty"` // The path to the content. Path *string `json:"path,omitempty"` }
ContentPathMap - The mapping of content type to a repo path.
type ContentType ¶ added in v0.2.0
type ContentType string
ContentType - The content type of a source control path.
const ( ContentTypeAnalyticRule ContentType = "AnalyticRule" ContentTypeWorkbook ContentType = "Workbook" )
func PossibleContentTypeValues ¶ added in v0.2.0
func PossibleContentTypeValues() []ContentType
PossibleContentTypeValues returns the possible values for the ContentType const type.
func (ContentType) ToPtr ¶ added in v0.2.0
func (c ContentType) ToPtr() *ContentType
ToPtr returns a *ContentType pointing to the current value.
type CreatedByType ¶ added in v0.2.0
type CreatedByType string
CreatedByType - The type of identity that created the resource.
const ( CreatedByTypeApplication CreatedByType = "Application" CreatedByTypeKey CreatedByType = "Key" CreatedByTypeManagedIdentity CreatedByType = "ManagedIdentity" CreatedByTypeUser CreatedByType = "User" )
func PossibleCreatedByTypeValues ¶ added in v0.2.0
func PossibleCreatedByTypeValues() []CreatedByType
PossibleCreatedByTypeValues returns the possible values for the CreatedByType const type.
func (CreatedByType) ToPtr ¶ added in v0.2.0
func (c CreatedByType) ToPtr() *CreatedByType
ToPtr returns a *CreatedByType pointing to the current value.
type CustomEntityQuery ¶ added in v0.2.0
type CustomEntityQuery struct { // REQUIRED; the entity query kind Kind *CustomEntityQueryKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
CustomEntityQuery - Specific entity query that supports put requests.
func (*CustomEntityQuery) GetCustomEntityQuery ¶ added in v0.2.0
func (c *CustomEntityQuery) GetCustomEntityQuery() *CustomEntityQuery
GetCustomEntityQuery implements the CustomEntityQueryClassification interface for type CustomEntityQuery.
type CustomEntityQueryClassification ¶ added in v0.2.0
type CustomEntityQueryClassification interface { // GetCustomEntityQuery returns the CustomEntityQuery content of the underlying type. GetCustomEntityQuery() *CustomEntityQuery }
CustomEntityQueryClassification provides polymorphic access to related types. Call the interface's GetCustomEntityQuery() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityCustomEntityQuery, *CustomEntityQuery
type CustomEntityQueryKind ¶ added in v0.2.0
type CustomEntityQueryKind string
CustomEntityQueryKind - The kind of the entity query that supports put request.
const (
CustomEntityQueryKindActivity CustomEntityQueryKind = "Activity"
)
func PossibleCustomEntityQueryKindValues ¶ added in v0.2.0
func PossibleCustomEntityQueryKindValues() []CustomEntityQueryKind
PossibleCustomEntityQueryKindValues returns the possible values for the CustomEntityQueryKind const type.
func (CustomEntityQueryKind) ToPtr ¶ added in v0.2.0
func (c CustomEntityQueryKind) ToPtr() *CustomEntityQueryKind
ToPtr returns a *CustomEntityQueryKind pointing to the current value.
type Customs ¶ added in v0.2.0
type Customs struct { // Customs permissions description Description *string `json:"description,omitempty"` // Customs permissions name Name *string `json:"name,omitempty"` }
Customs permissions required for the connector
type CustomsPermission ¶ added in v0.2.0
type CustomsPermission struct { // Customs permissions description Description *string `json:"description,omitempty"` // Customs permissions name Name *string `json:"name,omitempty"` }
CustomsPermission - Customs permissions required for the connector
type DNSEntity ¶ added in v0.2.0
type DNSEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // Dns entity properties Properties *DNSEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
DNSEntity - Represents a dns entity.
func (*DNSEntity) GetEntity ¶ added in v0.2.0
GetEntity implements the EntityClassification interface for type DNSEntity.
func (DNSEntity) MarshalJSON ¶ added in v0.2.0
MarshalJSON implements the json.Marshaller interface for type DNSEntity.
func (*DNSEntity) UnmarshalJSON ¶ added in v0.2.0
UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntity.
type DNSEntityProperties ¶ added in v0.2.0
type DNSEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; An ip entity id for the dns server resolving the request DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty" azure:"ro"` // READ-ONLY; The name of the dns record associated with the alert DomainName *string `json:"domainName,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; An ip entity id for the dns request client HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty" azure:"ro"` // READ-ONLY; Ip entity identifiers for the resolved ip address. IPAddressEntityIDs []*string `json:"ipAddressEntityIds,omitempty" azure:"ro"` }
DNSEntityProperties - Dns entity property bag.
func (DNSEntityProperties) MarshalJSON ¶ added in v0.2.0
func (d DNSEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type DNSEntityProperties.
type DataConnector ¶
type DataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
DataConnector - Data connector
func (*DataConnector) GetDataConnector ¶
func (d *DataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type DataConnector.
type DataConnectorAuthorizationState ¶ added in v0.2.0
type DataConnectorAuthorizationState string
DataConnectorAuthorizationState - Describes the state of user's authorization for a connector kind.
const ( DataConnectorAuthorizationStateInvalid DataConnectorAuthorizationState = "Invalid" DataConnectorAuthorizationStateValid DataConnectorAuthorizationState = "Valid" )
func PossibleDataConnectorAuthorizationStateValues ¶ added in v0.2.0
func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState
PossibleDataConnectorAuthorizationStateValues returns the possible values for the DataConnectorAuthorizationState const type.
func (DataConnectorAuthorizationState) ToPtr ¶ added in v0.2.0
func (c DataConnectorAuthorizationState) ToPtr() *DataConnectorAuthorizationState
ToPtr returns a *DataConnectorAuthorizationState pointing to the current value.
type DataConnectorClassification ¶
type DataConnectorClassification interface { // GetDataConnector returns the DataConnector content of the underlying type. GetDataConnector() *DataConnector }
DataConnectorClassification provides polymorphic access to related types. Call the interface's GetDataConnector() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AADDataConnector, *AATPDataConnector, *ASCDataConnector, *AwsCloudTrailDataConnector, *AwsS3DataConnector, *CodelessAPIPollingDataConnector, - *CodelessUIDataConnector, *DataConnector, *Dynamics365DataConnector, *MCASDataConnector, *MDATPDataConnector, *MSTIDataConnector, - *MTPDataConnector, *OfficeATPDataConnector, *OfficeDataConnector, *OfficeIRMDataConnector, *TIDataConnector, *TiTaxiiDataConnector
type DataConnectorConnectBody ¶ added in v0.2.0
type DataConnectorConnectBody struct { // The API key of the audit server. APIKey *string `json:"apiKey,omitempty"` // The authorization code used in OAuth 2.0 code flow to issue a token. AuthorizationCode *string `json:"authorizationCode,omitempty"` // The client id of the OAuth 2.0 application. ClientID *string `json:"clientId,omitempty"` // The client secret of the OAuth 2.0 application. ClientSecret *string `json:"clientSecret,omitempty"` // The authentication kind used to poll the data Kind *ConnectAuthKind `json:"kind,omitempty"` // The user password in the audit log server. Password *string `json:"password,omitempty"` RequestConfigUserInputValues []map[string]interface{} `json:"requestConfigUserInputValues,omitempty"` // The user name in the audit log server. UserName *string `json:"userName,omitempty"` }
DataConnectorConnectBody - Represents Codeless API Polling data connector.
func (DataConnectorConnectBody) MarshalJSON ¶ added in v0.2.0
func (d DataConnectorConnectBody) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type DataConnectorConnectBody.
type DataConnectorDataTypeCommon ¶
type DataConnectorDataTypeCommon struct { // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
DataConnectorDataTypeCommon - Common field for data type in data connectors.
type DataConnectorKind ¶
type DataConnectorKind string
DataConnectorKind - The kind of the data connector
const ( DataConnectorKindAPIPolling DataConnectorKind = "APIPolling" DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" DataConnectorKindAmazonWebServicesS3 DataConnectorKind = "AmazonWebServicesS3" DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" DataConnectorKindDynamics365 DataConnectorKind = "Dynamics365" DataConnectorKindGenericUI DataConnectorKind = "GenericUI" DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" DataConnectorKindMicrosoftThreatIntelligence DataConnectorKind = "MicrosoftThreatIntelligence" DataConnectorKindMicrosoftThreatProtection DataConnectorKind = "MicrosoftThreatProtection" DataConnectorKindOffice365 DataConnectorKind = "Office365" DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP" DataConnectorKindOfficeIRM DataConnectorKind = "OfficeIRM" DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii" )
func PossibleDataConnectorKindValues ¶
func PossibleDataConnectorKindValues() []DataConnectorKind
PossibleDataConnectorKindValues returns the possible values for the DataConnectorKind const type.
func (DataConnectorKind) ToPtr ¶
func (c DataConnectorKind) ToPtr() *DataConnectorKind
ToPtr returns a *DataConnectorKind pointing to the current value.
type DataConnectorLicenseState ¶ added in v0.2.0
type DataConnectorLicenseState string
DataConnectorLicenseState - Describes the state of user's license for a connector kind.
const ( DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid" DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown" DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid" )
func PossibleDataConnectorLicenseStateValues ¶ added in v0.2.0
func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState
PossibleDataConnectorLicenseStateValues returns the possible values for the DataConnectorLicenseState const type.
func (DataConnectorLicenseState) ToPtr ¶ added in v0.2.0
func (c DataConnectorLicenseState) ToPtr() *DataConnectorLicenseState
ToPtr returns a *DataConnectorLicenseState pointing to the current value.
type DataConnectorList ¶
type DataConnectorList struct { // REQUIRED; Array of data connectors. Value []DataConnectorClassification `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of data connectors. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
DataConnectorList - List all the data connectors.
func (DataConnectorList) MarshalJSON ¶
func (d DataConnectorList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type DataConnectorList.
func (*DataConnectorList) UnmarshalJSON ¶
func (d *DataConnectorList) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorList.
type DataConnectorRequirementsState ¶ added in v0.2.0
type DataConnectorRequirementsState struct { // Authorization state for this connector AuthorizationState *DataConnectorAuthorizationState `json:"authorizationState,omitempty"` // License state for this connector LicenseState *DataConnectorLicenseState `json:"licenseState,omitempty"` }
DataConnectorRequirementsState - Data connector requirements status.
type DataConnectorTenantID ¶
type DataConnectorTenantID struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
DataConnectorTenantID - Properties data connector on tenant level.
type DataConnectorWithAlertsProperties ¶
type DataConnectorWithAlertsProperties struct { // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
DataConnectorWithAlertsProperties - Data connector properties.
type DataConnectorsCheckRequirements ¶ added in v0.2.0
type DataConnectorsCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` }
DataConnectorsCheckRequirements - Data connector requirements properties.
func (*DataConnectorsCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (d *DataConnectorsCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type DataConnectorsCheckRequirements.
type DataConnectorsCheckRequirementsClassification ¶ added in v0.2.0
type DataConnectorsCheckRequirementsClassification interface { // GetDataConnectorsCheckRequirements returns the DataConnectorsCheckRequirements content of the underlying type. GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements }
DataConnectorsCheckRequirementsClassification provides polymorphic access to related types. Call the interface's GetDataConnectorsCheckRequirements() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AADCheckRequirements, *AATPCheckRequirements, *ASCCheckRequirements, *AwsCloudTrailCheckRequirements, *AwsS3CheckRequirements, - *DataConnectorsCheckRequirements, *Dynamics365CheckRequirements, *MCASCheckRequirements, *MDATPCheckRequirements, *MSTICheckRequirements, - *MtpCheckRequirements, *OfficeATPCheckRequirements, *OfficeIRMCheckRequirements, *TICheckRequirements, *TiTaxiiCheckRequirements
type DataConnectorsCheckRequirementsClient ¶ added in v0.2.0
type DataConnectorsCheckRequirementsClient struct {
// contains filtered or unexported fields
}
DataConnectorsCheckRequirementsClient contains the methods for the DataConnectorsCheckRequirements group. Don't use this type directly, use NewDataConnectorsCheckRequirementsClient() instead.
func NewDataConnectorsCheckRequirementsClient ¶ added in v0.2.0
func NewDataConnectorsCheckRequirementsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *DataConnectorsCheckRequirementsClient
NewDataConnectorsCheckRequirementsClient creates a new instance of DataConnectorsCheckRequirementsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*DataConnectorsCheckRequirementsClient) Post ¶ added in v0.2.0
func (client *DataConnectorsCheckRequirementsClient) Post(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorsCheckRequirements DataConnectorsCheckRequirementsClassification, options *DataConnectorsCheckRequirementsClientPostOptions) (DataConnectorsCheckRequirementsClientPostResponse, error)
Post - Get requirements state for a data connector type. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorsCheckRequirements - The parameters for requirements check message options - DataConnectorsCheckRequirementsClientPostOptions contains the optional parameters for the DataConnectorsCheckRequirementsClient.Post method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewDataConnectorsCheckRequirementsClient("<subscription-id>", cred, nil) res, err := client.Post(ctx, "<resource-group-name>", "<workspace-name>", &armsecurityinsight.AADCheckRequirements{ Kind: armsecurityinsight.DataConnectorKind("AzureActiveDirectory").ToPtr(), Properties: &armsecurityinsight.AADCheckRequirementsProperties{ TenantID: to.StringPtr("<tenant-id>"), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.DataConnectorsCheckRequirementsClientPostResult) }
Output:
type DataConnectorsCheckRequirementsClientPostOptions ¶ added in v0.2.0
type DataConnectorsCheckRequirementsClientPostOptions struct { }
DataConnectorsCheckRequirementsClientPostOptions contains the optional parameters for the DataConnectorsCheckRequirementsClient.Post method.
type DataConnectorsCheckRequirementsClientPostResponse ¶ added in v0.2.0
type DataConnectorsCheckRequirementsClientPostResponse struct { DataConnectorsCheckRequirementsClientPostResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
DataConnectorsCheckRequirementsClientPostResponse contains the response from method DataConnectorsCheckRequirementsClient.Post.
type DataConnectorsCheckRequirementsClientPostResult ¶ added in v0.2.0
type DataConnectorsCheckRequirementsClientPostResult struct {
DataConnectorRequirementsState
}
DataConnectorsCheckRequirementsClientPostResult contains the result from method DataConnectorsCheckRequirementsClient.Post.
type DataConnectorsClient ¶
type DataConnectorsClient struct {
// contains filtered or unexported fields
}
DataConnectorsClient contains the methods for the DataConnectors group. Don't use this type directly, use NewDataConnectorsClient() instead.
func NewDataConnectorsClient ¶
func NewDataConnectorsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *DataConnectorsClient
NewDataConnectorsClient creates a new instance of DataConnectorsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*DataConnectorsClient) Connect ¶ added in v0.2.0
func (client *DataConnectorsClient) Connect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, connectBody DataConnectorConnectBody, options *DataConnectorsClientConnectOptions) (DataConnectorsClientConnectResponse, error)
Connect - Connects a data connector. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorID - Connector ID connectBody - The data connector options - DataConnectorsClientConnectOptions contains the optional parameters for the DataConnectorsClient.Connect method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil) _, err = client.Connect(ctx, "<resource-group-name>", "<workspace-name>", "<data-connector-id>", armsecurityinsight.DataConnectorConnectBody{ APIKey: to.StringPtr("<apikey>"), Kind: armsecurityinsight.ConnectAuthKind("APIKey").ToPtr(), RequestConfigUserInputValues: []map[string]interface{}{ { "displayText": "Organization Name", "placeHolderName": "{{placeHolder1}}", "placeHolderValue": "somePlaceHolderValue", "requestObjectKey": "apiEndpoint", }}, }, nil) if err != nil { log.Fatal(err) } }
Output:
func (*DataConnectorsClient) CreateOrUpdate ¶
func (client *DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector DataConnectorClassification, options *DataConnectorsClientCreateOrUpdateOptions) (DataConnectorsClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates the data connector. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorID - Connector ID dataConnector - The data connector options - DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CreateAPIPolling.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<data-connector-id>", &armsecurityinsight.CodelessAPIPollingDataConnector{ Kind: armsecurityinsight.DataConnectorKind("APIPolling").ToPtr(), Properties: &armsecurityinsight.APIPollingParameters{ ConnectorUIConfig: &armsecurityinsight.CodelessUIConnectorConfigProperties{ Availability: &armsecurityinsight.Availability{ IsPreview: to.BoolPtr(true), Status: to.Int32Ptr(1), }, ConnectivityCriteria: []*armsecurityinsight.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{ { Type: armsecurityinsight.ConnectivityType("SentinelKindsV2").ToPtr(), Value: []*string{}, }}, DataTypes: []*armsecurityinsight.CodelessUIConnectorConfigPropertiesDataTypesItem{ { Name: to.StringPtr("<name>"), LastDataReceivedQuery: to.StringPtr("<last-data-received-query>"), }}, DescriptionMarkdown: to.StringPtr("<description-markdown>"), GraphQueries: []*armsecurityinsight.CodelessUIConnectorConfigPropertiesGraphQueriesItem{ { BaseQuery: to.StringPtr("<base-query>"), Legend: to.StringPtr("<legend>"), MetricName: to.StringPtr("<metric-name>"), }}, GraphQueriesTableName: to.StringPtr("<graph-queries-table-name>"), InstructionSteps: []*armsecurityinsight.CodelessUIConnectorConfigPropertiesInstructionStepsItem{ { Description: to.StringPtr("<description>"), Instructions: []*armsecurityinsight.InstructionStepsInstructionsItem{ { Type: armsecurityinsight.SettingType("APIKey").ToPtr(), Parameters: map[string]interface{}{ "enable": "true", "userRequestPlaceHoldersInput": []interface{}{ map[string]interface{}{ "displayText": "Organization Name", "placeHolderName": "{{placeHolder1}}", "placeHolderValue": "", "requestObjectKey": "apiEndpoint", }, }, }, }}, Title: to.StringPtr("<title>"), }}, Permissions: &armsecurityinsight.Permissions{ Customs: []*armsecurityinsight.PermissionsCustomsItem{ { Name: to.StringPtr("<name>"), Description: to.StringPtr("<description>"), }}, ResourceProvider: []*armsecurityinsight.PermissionsResourceProviderItem{ { PermissionsDisplayText: to.StringPtr("<permissions-display-text>"), Provider: armsecurityinsight.ProviderName("Microsoft.OperationalInsights/workspaces").ToPtr(), ProviderDisplayName: to.StringPtr("<provider-display-name>"), RequiredPermissions: &armsecurityinsight.RequiredPermissions{ Delete: to.BoolPtr(true), Read: to.BoolPtr(true), Write: to.BoolPtr(true), }, Scope: armsecurityinsight.PermissionProviderScope("Workspace").ToPtr(), }}, }, Publisher: to.StringPtr("<publisher>"), SampleQueries: []*armsecurityinsight.CodelessUIConnectorConfigPropertiesSampleQueriesItem{ { Description: to.StringPtr("<description>"), Query: to.StringPtr("<query>"), }}, Title: to.StringPtr("<title>"), }, PollingConfig: &armsecurityinsight.CodelessConnectorPollingConfigProperties{ Auth: &armsecurityinsight.CodelessConnectorPollingAuthProperties{ APIKeyIdentifier: to.StringPtr("<apikey-identifier>"), APIKeyName: to.StringPtr("<apikey-name>"), AuthType: to.StringPtr("<auth-type>"), }, Paging: &armsecurityinsight.CodelessConnectorPollingPagingProperties{ PageSizeParaName: to.StringPtr("<page-size-para-name>"), PagingType: to.StringPtr("<paging-type>"), }, Response: &armsecurityinsight.CodelessConnectorPollingResponseProperties{ EventsJSONPaths: []*string{ to.StringPtr("$")}, }, Request: &armsecurityinsight.CodelessConnectorPollingRequestProperties{ APIEndpoint: to.StringPtr("<apiendpoint>"), Headers: map[string]interface{}{ "Accept": "application/json", "User-Agent": "Scuba", }, HTTPMethod: to.StringPtr("<httpmethod>"), QueryParameters: map[string]interface{}{ "phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}", }, QueryTimeFormat: to.StringPtr("<query-time-format>"), QueryWindowInMin: to.Int32Ptr(15), RateLimitQPS: to.Int32Ptr(50), RetryCount: to.Int32Ptr(2), TimeoutInSeconds: to.Int32Ptr(60), }, }, }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.DataConnectorsClientCreateOrUpdateResult) }
Output:
func (*DataConnectorsClient) Delete ¶
func (client *DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDeleteOptions) (DataConnectorsClientDeleteResponse, error)
Delete - Delete the data connector. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorID - Connector ID options - DataConnectorsClientDeleteOptions contains the optional parameters for the DataConnectorsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<data-connector-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*DataConnectorsClient) Disconnect ¶ added in v0.2.0
func (client *DataConnectorsClient) Disconnect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDisconnectOptions) (DataConnectorsClientDisconnectResponse, error)
Disconnect - Disconnect a data connector. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorID - Connector ID options - DataConnectorsClientDisconnectOptions contains the optional parameters for the DataConnectorsClient.Disconnect method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil) _, err = client.Disconnect(ctx, "<resource-group-name>", "<workspace-name>", "<data-connector-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*DataConnectorsClient) Get ¶
func (client *DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientGetOptions) (DataConnectorsClientGetResponse, error)
Get - Gets a data connector. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorID - Connector ID options - DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetAPIPolling.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<data-connector-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.DataConnectorsClientGetResult) }
Output:
func (*DataConnectorsClient) List ¶
func (client *DataConnectorsClient) List(resourceGroupName string, workspaceName string, options *DataConnectorsClientListOptions) *DataConnectorsClientListPager
List - Gets all data connectors. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetDataConnectors.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type DataConnectorsClientConnectOptions ¶ added in v0.2.0
type DataConnectorsClientConnectOptions struct { }
DataConnectorsClientConnectOptions contains the optional parameters for the DataConnectorsClient.Connect method.
type DataConnectorsClientConnectResponse ¶ added in v0.2.0
type DataConnectorsClientConnectResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
DataConnectorsClientConnectResponse contains the response from method DataConnectorsClient.Connect.
type DataConnectorsClientCreateOrUpdateOptions ¶ added in v0.2.0
type DataConnectorsClientCreateOrUpdateOptions struct { }
DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate method.
type DataConnectorsClientCreateOrUpdateResponse ¶ added in v0.2.0
type DataConnectorsClientCreateOrUpdateResponse struct { DataConnectorsClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
DataConnectorsClientCreateOrUpdateResponse contains the response from method DataConnectorsClient.CreateOrUpdate.
type DataConnectorsClientCreateOrUpdateResult ¶ added in v0.2.0
type DataConnectorsClientCreateOrUpdateResult struct {
DataConnectorClassification
}
DataConnectorsClientCreateOrUpdateResult contains the result from method DataConnectorsClient.CreateOrUpdate.
func (*DataConnectorsClientCreateOrUpdateResult) UnmarshalJSON ¶ added in v0.2.0
func (d *DataConnectorsClientCreateOrUpdateResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientCreateOrUpdateResult.
type DataConnectorsClientDeleteOptions ¶ added in v0.2.0
type DataConnectorsClientDeleteOptions struct { }
DataConnectorsClientDeleteOptions contains the optional parameters for the DataConnectorsClient.Delete method.
type DataConnectorsClientDeleteResponse ¶ added in v0.2.0
type DataConnectorsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
DataConnectorsClientDeleteResponse contains the response from method DataConnectorsClient.Delete.
type DataConnectorsClientDisconnectOptions ¶ added in v0.2.0
type DataConnectorsClientDisconnectOptions struct { }
DataConnectorsClientDisconnectOptions contains the optional parameters for the DataConnectorsClient.Disconnect method.
type DataConnectorsClientDisconnectResponse ¶ added in v0.2.0
type DataConnectorsClientDisconnectResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
DataConnectorsClientDisconnectResponse contains the response from method DataConnectorsClient.Disconnect.
type DataConnectorsClientGetOptions ¶ added in v0.2.0
type DataConnectorsClientGetOptions struct { }
DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method.
type DataConnectorsClientGetResponse ¶ added in v0.2.0
type DataConnectorsClientGetResponse struct { DataConnectorsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
DataConnectorsClientGetResponse contains the response from method DataConnectorsClient.Get.
type DataConnectorsClientGetResult ¶ added in v0.2.0
type DataConnectorsClientGetResult struct {
DataConnectorClassification
}
DataConnectorsClientGetResult contains the result from method DataConnectorsClient.Get.
func (*DataConnectorsClientGetResult) UnmarshalJSON ¶ added in v0.2.0
func (d *DataConnectorsClientGetResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientGetResult.
type DataConnectorsClientListOptions ¶ added in v0.2.0
type DataConnectorsClientListOptions struct { }
DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.List method.
type DataConnectorsClientListPager ¶ added in v0.2.0
type DataConnectorsClientListPager struct {
// contains filtered or unexported fields
}
DataConnectorsClientListPager provides operations for iterating over paged responses.
func (*DataConnectorsClientListPager) Err ¶ added in v0.2.0
func (p *DataConnectorsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*DataConnectorsClientListPager) NextPage ¶ added in v0.2.0
func (p *DataConnectorsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*DataConnectorsClientListPager) PageResponse ¶ added in v0.2.0
func (p *DataConnectorsClientListPager) PageResponse() DataConnectorsClientListResponse
PageResponse returns the current DataConnectorsClientListResponse page.
type DataConnectorsClientListResponse ¶ added in v0.2.0
type DataConnectorsClientListResponse struct { DataConnectorsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
DataConnectorsClientListResponse contains the response from method DataConnectorsClient.List.
type DataConnectorsClientListResult ¶ added in v0.2.0
type DataConnectorsClientListResult struct {
DataConnectorList
}
DataConnectorsClientListResult contains the result from method DataConnectorsClient.List.
type DataTypeDefinitions ¶ added in v0.2.0
type DataTypeDefinitions struct { // The data type name DataType *string `json:"dataType,omitempty"` }
DataTypeDefinitions - The data type definition
type DataTypeState ¶
type DataTypeState string
DataTypeState - Describe whether this data type connection is enabled or not.
const ( DataTypeStateDisabled DataTypeState = "Disabled" DataTypeStateEnabled DataTypeState = "Enabled" )
func PossibleDataTypeStateValues ¶
func PossibleDataTypeStateValues() []DataTypeState
PossibleDataTypeStateValues returns the possible values for the DataTypeState const type.
func (DataTypeState) ToPtr ¶
func (c DataTypeState) ToPtr() *DataTypeState
ToPtr returns a *DataTypeState pointing to the current value.
type DeliveryAction ¶ added in v0.2.0
type DeliveryAction string
DeliveryAction - The delivery action of this mail message like Delivered, Blocked, Replaced etc
const ( // DeliveryActionUnknown - Unknown DeliveryActionUnknown DeliveryAction = "Unknown" // DeliveryActionDeliveredAsSpam - DeliveredAsSpam DeliveryActionDeliveredAsSpam DeliveryAction = "DeliveredAsSpam" // DeliveryActionDelivered - Delivered DeliveryActionDelivered DeliveryAction = "Delivered" // DeliveryActionBlocked - Blocked DeliveryActionBlocked DeliveryAction = "Blocked" // DeliveryActionReplaced - Replaced DeliveryActionReplaced DeliveryAction = "Replaced" )
func PossibleDeliveryActionValues ¶ added in v0.2.0
func PossibleDeliveryActionValues() []DeliveryAction
PossibleDeliveryActionValues returns the possible values for the DeliveryAction const type.
func (DeliveryAction) ToPtr ¶ added in v0.2.0
func (c DeliveryAction) ToPtr() *DeliveryAction
ToPtr returns a *DeliveryAction pointing to the current value.
type DeliveryLocation ¶ added in v0.2.0
type DeliveryLocation string
DeliveryLocation - The delivery location of this mail message like Inbox, JunkFolder etc
const ( // DeliveryLocationUnknown - Unknown DeliveryLocationUnknown DeliveryLocation = "Unknown" // DeliveryLocationInbox - Inbox DeliveryLocationInbox DeliveryLocation = "Inbox" // DeliveryLocationJunkFolder - JunkFolder DeliveryLocationJunkFolder DeliveryLocation = "JunkFolder" // DeliveryLocationDeletedFolder - DeletedFolder DeliveryLocationDeletedFolder DeliveryLocation = "DeletedFolder" // DeliveryLocationQuarantine - Quarantine DeliveryLocationQuarantine DeliveryLocation = "Quarantine" // DeliveryLocationExternal - External DeliveryLocationExternal DeliveryLocation = "External" // DeliveryLocationFailed - Failed DeliveryLocationFailed DeliveryLocation = "Failed" // DeliveryLocationDropped - Dropped DeliveryLocationDropped DeliveryLocation = "Dropped" // DeliveryLocationForwarded - Forwarded DeliveryLocationForwarded DeliveryLocation = "Forwarded" )
func PossibleDeliveryLocationValues ¶ added in v0.2.0
func PossibleDeliveryLocationValues() []DeliveryLocation
PossibleDeliveryLocationValues returns the possible values for the DeliveryLocation const type.
func (DeliveryLocation) ToPtr ¶ added in v0.2.0
func (c DeliveryLocation) ToPtr() *DeliveryLocation
ToPtr returns a *DeliveryLocation pointing to the current value.
type DomainWhoisClient ¶ added in v0.2.0
type DomainWhoisClient struct {
// contains filtered or unexported fields
}
DomainWhoisClient contains the methods for the DomainWhois group. Don't use this type directly, use NewDomainWhoisClient() instead.
func NewDomainWhoisClient ¶ added in v0.2.0
func NewDomainWhoisClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *DomainWhoisClient
NewDomainWhoisClient creates a new instance of DomainWhoisClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*DomainWhoisClient) Get ¶ added in v0.2.0
func (client *DomainWhoisClient) Get(ctx context.Context, resourceGroupName string, domain string, options *DomainWhoisClientGetOptions) (DomainWhoisClientGetResponse, error)
Get - Get whois information for a single domain name If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. domain - Domain name to be enriched options - DomainWhoisClientGetOptions contains the optional parameters for the DomainWhoisClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/enrichment/GetWhoisByDomainName.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewDomainWhoisClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<domain>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.DomainWhoisClientGetResult) }
Output:
type DomainWhoisClientGetOptions ¶ added in v0.2.0
type DomainWhoisClientGetOptions struct { }
DomainWhoisClientGetOptions contains the optional parameters for the DomainWhoisClient.Get method.
type DomainWhoisClientGetResponse ¶ added in v0.2.0
type DomainWhoisClientGetResponse struct { DomainWhoisClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
DomainWhoisClientGetResponse contains the response from method DomainWhoisClient.Get.
type DomainWhoisClientGetResult ¶ added in v0.2.0
type DomainWhoisClientGetResult struct {
EnrichmentDomainWhois
}
DomainWhoisClientGetResult contains the result from method DomainWhoisClient.Get.
type Dynamics365CheckRequirements ¶ added in v0.2.0
type Dynamics365CheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // Dynamics365 requirements check properties. Properties *Dynamics365CheckRequirementsProperties `json:"properties,omitempty"` }
Dynamics365CheckRequirements - Represents Dynamics365 requirements check request.
func (*Dynamics365CheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (d *Dynamics365CheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type Dynamics365CheckRequirements.
func (Dynamics365CheckRequirements) MarshalJSON ¶ added in v0.2.0
func (d Dynamics365CheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type Dynamics365CheckRequirements.
func (*Dynamics365CheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (d *Dynamics365CheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365CheckRequirements.
type Dynamics365CheckRequirementsProperties ¶ added in v0.2.0
type Dynamics365CheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
Dynamics365CheckRequirementsProperties - Dynamics365 requirements check properties.
type Dynamics365DataConnector ¶ added in v0.2.0
type Dynamics365DataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Dynamics365 data connector properties. Properties *Dynamics365DataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
Dynamics365DataConnector - Represents Dynamics365 data connector.
func (*Dynamics365DataConnector) GetDataConnector ¶ added in v0.2.0
func (d *Dynamics365DataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type Dynamics365DataConnector.
func (Dynamics365DataConnector) MarshalJSON ¶ added in v0.2.0
func (d Dynamics365DataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnector.
func (*Dynamics365DataConnector) UnmarshalJSON ¶ added in v0.2.0
func (d *Dynamics365DataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnector.
type Dynamics365DataConnectorDataTypes ¶ added in v0.2.0
type Dynamics365DataConnectorDataTypes struct { // REQUIRED; Common Data Service data type connection. Dynamics365CdsActivities *Dynamics365DataConnectorDataTypesDynamics365CdsActivities `json:"dynamics365CdsActivities,omitempty"` }
Dynamics365DataConnectorDataTypes - The available data types for Dynamics365 data connector.
type Dynamics365DataConnectorDataTypesDynamics365CdsActivities ¶ added in v0.2.0
type Dynamics365DataConnectorDataTypesDynamics365CdsActivities struct { // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
Dynamics365DataConnectorDataTypesDynamics365CdsActivities - Common Data Service data type connection.
type Dynamics365DataConnectorProperties ¶ added in v0.2.0
type Dynamics365DataConnectorProperties struct { // REQUIRED; The available data types for the connector. DataTypes *Dynamics365DataConnectorDataTypes `json:"dataTypes,omitempty"` // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
Dynamics365DataConnectorProperties - Dynamics365 data connector properties.
type ElevationToken ¶ added in v0.2.0
type ElevationToken string
ElevationToken - The elevation token associated with the process.
const ( // ElevationTokenDefault - Default elevation token ElevationTokenDefault ElevationToken = "Default" // ElevationTokenFull - Full elevation token ElevationTokenFull ElevationToken = "Full" // ElevationTokenLimited - Limited elevation token ElevationTokenLimited ElevationToken = "Limited" )
func PossibleElevationTokenValues ¶ added in v0.2.0
func PossibleElevationTokenValues() []ElevationToken
PossibleElevationTokenValues returns the possible values for the ElevationToken const type.
func (ElevationToken) ToPtr ¶ added in v0.2.0
func (c ElevationToken) ToPtr() *ElevationToken
ToPtr returns a *ElevationToken pointing to the current value.
type EnrichmentDomainWhois ¶ added in v0.2.0
type EnrichmentDomainWhois struct { // The timestamp at which this record was created Created *time.Time `json:"created,omitempty"` // The domain for this whois record Domain *string `json:"domain,omitempty"` // The timestamp at which this record will expire Expires *time.Time `json:"expires,omitempty"` // The whois record for a given domain ParsedWhois *EnrichmentDomainWhoisDetails `json:"parsedWhois,omitempty"` // The hostname of this registrar's whois server Server *string `json:"server,omitempty"` // The timestamp at which this record was last updated Updated *time.Time `json:"updated,omitempty"` }
EnrichmentDomainWhois - Whois information for a given domain and associated metadata
func (EnrichmentDomainWhois) MarshalJSON ¶ added in v0.2.0
func (e EnrichmentDomainWhois) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhois.
func (*EnrichmentDomainWhois) UnmarshalJSON ¶ added in v0.2.0
func (e *EnrichmentDomainWhois) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhois.
type EnrichmentDomainWhoisContact ¶ added in v0.2.0
type EnrichmentDomainWhoisContact struct { // The city for this contact City *string `json:"city,omitempty"` // The country for this contact Country *string `json:"country,omitempty"` // The email address for this contact Email *string `json:"email,omitempty"` // The fax number for this contact Fax *string `json:"fax,omitempty"` // The name of this contact Name *string `json:"name,omitempty"` // The organization for this contact Org *string `json:"org,omitempty"` // The phone number for this contact Phone *string `json:"phone,omitempty"` // The postal code for this contact Postal *string `json:"postal,omitempty"` // The state for this contact State *string `json:"state,omitempty"` // A list describing the street address for this contact Street []*string `json:"street,omitempty"` }
EnrichmentDomainWhoisContact - An individual contact associated with this domain
func (EnrichmentDomainWhoisContact) MarshalJSON ¶ added in v0.2.0
func (e EnrichmentDomainWhoisContact) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisContact.
type EnrichmentDomainWhoisContacts ¶ added in v0.2.0
type EnrichmentDomainWhoisContacts struct { // The admin contact for this whois record Admin *EnrichmentDomainWhoisContact `json:"admin,omitempty"` // The billing contact for this whois record Billing *EnrichmentDomainWhoisContact `json:"billing,omitempty"` // The registrant contact for this whois record Registrant *EnrichmentDomainWhoisContact `json:"registrant,omitempty"` // The technical contact for this whois record Tech *EnrichmentDomainWhoisContact `json:"tech,omitempty"` }
EnrichmentDomainWhoisContacts - The set of contacts associated with this domain
type EnrichmentDomainWhoisDetails ¶ added in v0.2.0
type EnrichmentDomainWhoisDetails struct { // The set of contacts associated with this domain Contacts *EnrichmentDomainWhoisContacts `json:"contacts,omitempty"` // A list of name servers associated with this domain NameServers []*string `json:"nameServers,omitempty"` // The registrar associated with this domain Registrar *EnrichmentDomainWhoisRegistrarDetails `json:"registrar,omitempty"` // The set of status flags for this whois record Statuses []*string `json:"statuses,omitempty"` }
EnrichmentDomainWhoisDetails - The whois record for a given domain
func (EnrichmentDomainWhoisDetails) MarshalJSON ¶ added in v0.2.0
func (e EnrichmentDomainWhoisDetails) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisDetails.
type EnrichmentDomainWhoisRegistrarDetails ¶ added in v0.2.0
type EnrichmentDomainWhoisRegistrarDetails struct { // This registrar's abuse contact email AbuseContactEmail *string `json:"abuseContactEmail,omitempty"` // This registrar's abuse contact phone number AbuseContactPhone *string `json:"abuseContactPhone,omitempty"` // This registrar's Internet Assigned Numbers Authority id IanaID *string `json:"ianaId,omitempty"` // The name of this registrar Name *string `json:"name,omitempty"` // This registrar's URL URL *string `json:"url,omitempty"` // The hostname of this registrar's whois server WhoisServer *string `json:"whoisServer,omitempty"` }
EnrichmentDomainWhoisRegistrarDetails - The registrar associated with this domain
type EnrichmentIPGeodata ¶ added in v0.2.0
type EnrichmentIPGeodata struct { // The autonomous system number associated with this IP address Asn *string `json:"asn,omitempty"` // The name of the carrier for this IP address Carrier *string `json:"carrier,omitempty"` // The city this IP address is located in City *string `json:"city,omitempty"` // A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100 CityCf *int32 `json:"cityCf,omitempty"` // The continent this IP address is located on Continent *string `json:"continent,omitempty"` // The county this IP address is located in Country *string `json:"country,omitempty"` // A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100 CountryCf *int32 `json:"countryCf,omitempty"` // The dotted-decimal or colon-separated string representation of the IP address IPAddr *string `json:"ipAddr,omitempty"` // A description of the connection type of this IP address IPRoutingType *string `json:"ipRoutingType,omitempty"` // The latitude of this IP address Latitude *string `json:"latitude,omitempty"` // The longitude of this IP address Longitude *string `json:"longitude,omitempty"` // The name of the organization for this IP address Organization *string `json:"organization,omitempty"` // The type of the organization for this IP address OrganizationType *string `json:"organizationType,omitempty"` // The geographic region this IP address is located in Region *string `json:"region,omitempty"` // The state this IP address is located in State *string `json:"state,omitempty"` // A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100 StateCf *int32 `json:"stateCf,omitempty"` // The abbreviated name for the state this IP address is located in StateCode *string `json:"stateCode,omitempty"` }
EnrichmentIPGeodata - Geodata information for a given IP address
type EntitiesClient ¶ added in v0.2.0
type EntitiesClient struct {
// contains filtered or unexported fields
}
EntitiesClient contains the methods for the Entities group. Don't use this type directly, use NewEntitiesClient() instead.
func NewEntitiesClient ¶ added in v0.2.0
func NewEntitiesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntitiesClient
NewEntitiesClient creates a new instance of EntitiesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*EntitiesClient) Expand ¶ added in v0.2.0
func (client *EntitiesClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityExpandParameters, options *EntitiesClientExpandOptions) (EntitiesClientExpandResponse, error)
Expand - Expands an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID parameters - The parameters required to execute an expand operation on the given entity. options - EntitiesClientExpandOptions contains the optional parameters for the EntitiesClient.Expand method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/expand/PostExpandEntity.json
package main import ( "context" "log" "time" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntitiesClient("<subscription-id>", cred, nil) res, err := client.Expand(ctx, "<resource-group-name>", "<workspace-name>", "<entity-id>", armsecurityinsight.EntityExpandParameters{ EndTime: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-05-26T00:00:00.000Z"); return t }()), ExpansionID: to.StringPtr("<expansion-id>"), StartTime: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-04-25T00:00:00.000Z"); return t }()), }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.EntitiesClientExpandResult) }
Output:
func (*EntitiesClient) Get ¶ added in v0.2.0
func (client *EntitiesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, options *EntitiesClientGetOptions) (EntitiesClientGetResponse, error)
Get - Gets an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID options - EntitiesClientGetOptions contains the optional parameters for the EntitiesClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetCloudApplicationEntityById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntitiesClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<entity-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.EntitiesClientGetResult) }
Output:
func (*EntitiesClient) GetInsights ¶ added in v0.2.0
func (client *EntitiesClient) GetInsights(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityGetInsightsParameters, options *EntitiesClientGetInsightsOptions) (EntitiesClientGetInsightsResponse, error)
GetInsights - Execute Insights for an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID parameters - The parameters required to execute insights on the given entity. options - EntitiesClientGetInsightsOptions contains the optional parameters for the EntitiesClient.GetInsights method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/insights/PostGetInsights.json
package main import ( "context" "log" "time" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntitiesClient("<subscription-id>", cred, nil) res, err := client.GetInsights(ctx, "<resource-group-name>", "<workspace-name>", "<entity-id>", armsecurityinsight.EntityGetInsightsParameters{ AddDefaultExtendedTimeRange: to.BoolPtr(false), EndTime: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-01T00:00:00.000Z"); return t }()), InsightQueryIDs: []*string{ to.StringPtr("cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4")}, StartTime: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T00:00:00.000Z"); return t }()), }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.EntitiesClientGetInsightsResult) }
Output:
func (*EntitiesClient) List ¶ added in v0.2.0
func (client *EntitiesClient) List(resourceGroupName string, workspaceName string, options *EntitiesClientListOptions) *EntitiesClientListPager
List - Gets all entities. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - EntitiesClientListOptions contains the optional parameters for the EntitiesClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetEntities.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntitiesClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
func (*EntitiesClient) Queries ¶ added in v0.2.0
func (client *EntitiesClient) Queries(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, kind EntityItemQueryKind, options *EntitiesClientQueriesOptions) (EntitiesClientQueriesResponse, error)
Queries - Get Insights and Activities for an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID kind - The Kind parameter for queries options - EntitiesClientQueriesOptions contains the optional parameters for the EntitiesClient.Queries method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetQueries.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntitiesClient("<subscription-id>", cred, nil) res, err := client.Queries(ctx, "<resource-group-name>", "<workspace-name>", "<entity-id>", armsecurityinsight.EntityItemQueryKind("Insight"), nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.EntitiesClientQueriesResult) }
Output:
type EntitiesClientExpandOptions ¶ added in v0.2.0
type EntitiesClientExpandOptions struct { }
EntitiesClientExpandOptions contains the optional parameters for the EntitiesClient.Expand method.
type EntitiesClientExpandResponse ¶ added in v0.2.0
type EntitiesClientExpandResponse struct { EntitiesClientExpandResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntitiesClientExpandResponse contains the response from method EntitiesClient.Expand.
type EntitiesClientExpandResult ¶ added in v0.2.0
type EntitiesClientExpandResult struct {
EntityExpandResponse
}
EntitiesClientExpandResult contains the result from method EntitiesClient.Expand.
type EntitiesClientGetInsightsOptions ¶ added in v0.2.0
type EntitiesClientGetInsightsOptions struct { }
EntitiesClientGetInsightsOptions contains the optional parameters for the EntitiesClient.GetInsights method.
type EntitiesClientGetInsightsResponse ¶ added in v0.2.0
type EntitiesClientGetInsightsResponse struct { EntitiesClientGetInsightsResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntitiesClientGetInsightsResponse contains the response from method EntitiesClient.GetInsights.
type EntitiesClientGetInsightsResult ¶ added in v0.2.0
type EntitiesClientGetInsightsResult struct {
EntityGetInsightsResponse
}
EntitiesClientGetInsightsResult contains the result from method EntitiesClient.GetInsights.
type EntitiesClientGetOptions ¶ added in v0.2.0
type EntitiesClientGetOptions struct { }
EntitiesClientGetOptions contains the optional parameters for the EntitiesClient.Get method.
type EntitiesClientGetResponse ¶ added in v0.2.0
type EntitiesClientGetResponse struct { EntitiesClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntitiesClientGetResponse contains the response from method EntitiesClient.Get.
type EntitiesClientGetResult ¶ added in v0.2.0
type EntitiesClientGetResult struct {
EntityClassification
}
EntitiesClientGetResult contains the result from method EntitiesClient.Get.
func (*EntitiesClientGetResult) UnmarshalJSON ¶ added in v0.2.0
func (e *EntitiesClientGetResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntitiesClientGetResult.
type EntitiesClientListOptions ¶ added in v0.2.0
type EntitiesClientListOptions struct { }
EntitiesClientListOptions contains the optional parameters for the EntitiesClient.List method.
type EntitiesClientListPager ¶ added in v0.2.0
type EntitiesClientListPager struct {
// contains filtered or unexported fields
}
EntitiesClientListPager provides operations for iterating over paged responses.
func (*EntitiesClientListPager) Err ¶ added in v0.2.0
func (p *EntitiesClientListPager) Err() error
Err returns the last error encountered while paging.
func (*EntitiesClientListPager) NextPage ¶ added in v0.2.0
func (p *EntitiesClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*EntitiesClientListPager) PageResponse ¶ added in v0.2.0
func (p *EntitiesClientListPager) PageResponse() EntitiesClientListResponse
PageResponse returns the current EntitiesClientListResponse page.
type EntitiesClientListResponse ¶ added in v0.2.0
type EntitiesClientListResponse struct { EntitiesClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntitiesClientListResponse contains the response from method EntitiesClient.List.
type EntitiesClientListResult ¶ added in v0.2.0
type EntitiesClientListResult struct {
EntityList
}
EntitiesClientListResult contains the result from method EntitiesClient.List.
type EntitiesClientQueriesOptions ¶ added in v0.2.0
type EntitiesClientQueriesOptions struct { }
EntitiesClientQueriesOptions contains the optional parameters for the EntitiesClient.Queries method.
type EntitiesClientQueriesResponse ¶ added in v0.2.0
type EntitiesClientQueriesResponse struct { EntitiesClientQueriesResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntitiesClientQueriesResponse contains the response from method EntitiesClient.Queries.
type EntitiesClientQueriesResult ¶ added in v0.2.0
type EntitiesClientQueriesResult struct {
GetQueriesResponse
}
EntitiesClientQueriesResult contains the result from method EntitiesClient.Queries.
type EntitiesGetTimelineClient ¶ added in v0.2.0
type EntitiesGetTimelineClient struct {
// contains filtered or unexported fields
}
EntitiesGetTimelineClient contains the methods for the EntitiesGetTimeline group. Don't use this type directly, use NewEntitiesGetTimelineClient() instead.
func NewEntitiesGetTimelineClient ¶ added in v0.2.0
func NewEntitiesGetTimelineClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntitiesGetTimelineClient
NewEntitiesGetTimelineClient creates a new instance of EntitiesGetTimelineClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*EntitiesGetTimelineClient) List ¶ added in v0.2.0
func (client *EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityTimelineParameters, options *EntitiesGetTimelineClientListOptions) (EntitiesGetTimelineClientListResponse, error)
List - Timeline for an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID parameters - The parameters required to execute an timeline operation on the given entity. options - EntitiesGetTimelineClientListOptions contains the optional parameters for the EntitiesGetTimelineClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/timeline/PostTimelineEntity.json
package main import ( "context" "log" "time" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntitiesGetTimelineClient("<subscription-id>", cred, nil) res, err := client.List(ctx, "<resource-group-name>", "<workspace-name>", "<entity-id>", armsecurityinsight.EntityTimelineParameters{ EndTime: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-01T00:00:00.000Z"); return t }()), NumberOfBucket: to.Int32Ptr(4), StartTime: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T00:00:00.000Z"); return t }()), }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.EntitiesGetTimelineClientListResult) }
Output:
type EntitiesGetTimelineClientListOptions ¶ added in v0.2.0
type EntitiesGetTimelineClientListOptions struct { }
EntitiesGetTimelineClientListOptions contains the optional parameters for the EntitiesGetTimelineClient.List method.
type EntitiesGetTimelineClientListResponse ¶ added in v0.2.0
type EntitiesGetTimelineClientListResponse struct { EntitiesGetTimelineClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntitiesGetTimelineClientListResponse contains the response from method EntitiesGetTimelineClient.List.
type EntitiesGetTimelineClientListResult ¶ added in v0.2.0
type EntitiesGetTimelineClientListResult struct {
EntityTimelineResponse
}
EntitiesGetTimelineClientListResult contains the result from method EntitiesGetTimelineClient.List.
type EntitiesRelationsClient ¶ added in v0.2.0
type EntitiesRelationsClient struct {
// contains filtered or unexported fields
}
EntitiesRelationsClient contains the methods for the EntitiesRelations group. Don't use this type directly, use NewEntitiesRelationsClient() instead.
func NewEntitiesRelationsClient ¶ added in v0.2.0
func NewEntitiesRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntitiesRelationsClient
NewEntitiesRelationsClient creates a new instance of EntitiesRelationsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*EntitiesRelationsClient) List ¶ added in v0.2.0
func (client *EntitiesRelationsClient) List(resourceGroupName string, workspaceName string, entityID string, options *EntitiesRelationsClientListOptions) *EntitiesRelationsClientListPager
List - Gets all relations of an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID options - EntitiesRelationsClientListOptions contains the optional parameters for the EntitiesRelationsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/relations/GetAllEntityRelations.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntitiesRelationsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", "<entity-id>", &armsecurityinsight.EntitiesRelationsClientListOptions{Filter: nil, Orderby: nil, Top: nil, SkipToken: nil, }) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type EntitiesRelationsClientListOptions ¶ added in v0.2.0
type EntitiesRelationsClientListOptions struct { // Filters the results, based on a Boolean condition. Optional. Filter *string // Sorts the results. Optional. Orderby *string // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, // the value of the nextLink element will include a skiptoken parameter that // specifies a starting point to use for subsequent calls. Optional. SkipToken *string // Returns only the first n results. Optional. Top *int32 }
EntitiesRelationsClientListOptions contains the optional parameters for the EntitiesRelationsClient.List method.
type EntitiesRelationsClientListPager ¶ added in v0.2.0
type EntitiesRelationsClientListPager struct {
// contains filtered or unexported fields
}
EntitiesRelationsClientListPager provides operations for iterating over paged responses.
func (*EntitiesRelationsClientListPager) Err ¶ added in v0.2.0
func (p *EntitiesRelationsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*EntitiesRelationsClientListPager) NextPage ¶ added in v0.2.0
func (p *EntitiesRelationsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*EntitiesRelationsClientListPager) PageResponse ¶ added in v0.2.0
func (p *EntitiesRelationsClientListPager) PageResponse() EntitiesRelationsClientListResponse
PageResponse returns the current EntitiesRelationsClientListResponse page.
type EntitiesRelationsClientListResponse ¶ added in v0.2.0
type EntitiesRelationsClientListResponse struct { EntitiesRelationsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntitiesRelationsClientListResponse contains the response from method EntitiesRelationsClient.List.
type EntitiesRelationsClientListResult ¶ added in v0.2.0
type EntitiesRelationsClientListResult struct {
RelationList
}
EntitiesRelationsClientListResult contains the result from method EntitiesRelationsClient.List.
type Entity ¶ added in v0.2.0
type Entity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
Entity - Specific entity.
type EntityAnalytics ¶ added in v0.2.0
type EntityAnalytics struct { // REQUIRED; The kind of the setting Kind *SettingKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // EntityAnalytics properties Properties *EntityAnalyticsProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
EntityAnalytics - Settings with single toggle.
func (*EntityAnalytics) GetSettings ¶ added in v0.2.0
func (e *EntityAnalytics) GetSettings() *Settings
GetSettings implements the SettingsClassification interface for type EntityAnalytics.
func (EntityAnalytics) MarshalJSON ¶ added in v0.2.0
func (e EntityAnalytics) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityAnalytics.
func (*EntityAnalytics) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityAnalytics) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityAnalytics.
type EntityAnalyticsProperties ¶ added in v0.2.0
type EntityAnalyticsProperties struct { // READ-ONLY; Determines whether the setting is enable or disabled. IsEnabled *bool `json:"isEnabled,omitempty" azure:"ro"` }
EntityAnalyticsProperties - EntityAnalytics property bag.
type EntityClassification ¶ added in v0.2.0
type EntityClassification interface { // GetEntity returns the Entity content of the underlying type. GetEntity() *Entity }
EntityClassification provides polymorphic access to related types. Call the interface's GetEntity() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AccountEntity, *AzureResourceEntity, *CloudApplicationEntity, *DNSEntity, *Entity, *FileEntity, *FileHashEntity, *HostEntity, - *HuntingBookmark, *IPEntity, *IoTDeviceEntity, *MailClusterEntity, *MailMessageEntity, *MailboxEntity, *MalwareEntity, - *ProcessEntity, *RegistryKeyEntity, *RegistryValueEntity, *SecurityAlert, *SecurityGroupEntity, *SubmissionMailEntity, - *URLEntity
type EntityCommonProperties ¶ added in v0.2.0
type EntityCommonProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` }
EntityCommonProperties - Entity common property bag.
func (EntityCommonProperties) MarshalJSON ¶ added in v0.2.0
func (e EntityCommonProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityCommonProperties.
type EntityEdges ¶ added in v0.2.0
type EntityEdges struct { // A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty"` // The target entity Id. TargetEntityID *string `json:"targetEntityId,omitempty"` }
EntityEdges - The edge that connects the entity to the other entity.
func (EntityEdges) MarshalJSON ¶ added in v0.2.0
func (e EntityEdges) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityEdges.
type EntityExpandParameters ¶ added in v0.2.0
type EntityExpandParameters struct { // The end date filter, so the only expansion results returned are before this date. EndTime *time.Time `json:"endTime,omitempty"` // The Id of the expansion to perform. ExpansionID *string `json:"expansionId,omitempty"` // The start date filter, so the only expansion results returned are after this date. StartTime *time.Time `json:"startTime,omitempty"` }
EntityExpandParameters - The parameters required to execute an expand operation on the given entity.
func (EntityExpandParameters) MarshalJSON ¶ added in v0.2.0
func (e EntityExpandParameters) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityExpandParameters.
func (*EntityExpandParameters) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityExpandParameters) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandParameters.
type EntityExpandResponse ¶ added in v0.2.0
type EntityExpandResponse struct { // The metadata from the expansion operation results. MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` // The expansion result values. Value *EntityExpandResponseValue `json:"value,omitempty"` }
EntityExpandResponse - The entity expansion result operation response.
type EntityExpandResponseValue ¶ added in v0.2.0
type EntityExpandResponseValue struct { // Array of edges that connects the entity to the list of entities. Edges []*EntityEdges `json:"edges,omitempty"` // Array of the expansion result entities. Entities []EntityClassification `json:"entities,omitempty"` }
EntityExpandResponseValue - The expansion result values.
func (EntityExpandResponseValue) MarshalJSON ¶ added in v0.2.0
func (e EntityExpandResponseValue) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityExpandResponseValue.
func (*EntityExpandResponseValue) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityExpandResponseValue) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandResponseValue.
type EntityGetInsightsParameters ¶ added in v0.2.0
type EntityGetInsightsParameters struct { // REQUIRED; The end timeline date, so the results returned are before this date. EndTime *time.Time `json:"endTime,omitempty"` // REQUIRED; The start timeline date, so the results returned are after this date. StartTime *time.Time `json:"startTime,omitempty"` // Indicates if query time range should be extended with default time range of the query. Default value is false AddDefaultExtendedTimeRange *bool `json:"addDefaultExtendedTimeRange,omitempty"` // List of Insights Query Id. If empty, default value is all insights of this entity InsightQueryIDs []*string `json:"insightQueryIds,omitempty"` }
EntityGetInsightsParameters - The parameters required to execute insights operation on the given entity.
func (EntityGetInsightsParameters) MarshalJSON ¶ added in v0.2.0
func (e EntityGetInsightsParameters) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityGetInsightsParameters.
func (*EntityGetInsightsParameters) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityGetInsightsParameters) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityGetInsightsParameters.
type EntityGetInsightsResponse ¶ added in v0.2.0
type EntityGetInsightsResponse struct { // The metadata from the get insights operation results. MetaData *GetInsightsResultsMetadata `json:"metaData,omitempty"` // The insights result values. Value []*EntityInsightItem `json:"value,omitempty"` }
EntityGetInsightsResponse - The Get Insights result operation response.
func (EntityGetInsightsResponse) MarshalJSON ¶ added in v0.2.0
func (e EntityGetInsightsResponse) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityGetInsightsResponse.
type EntityInsightItem ¶ added in v0.2.0
type EntityInsightItem struct { // Query results for table insights query. ChartQueryResults []*InsightsTableResult `json:"chartQueryResults,omitempty"` // The query id of the insight QueryID *string `json:"queryId,omitempty"` // The Time interval that the query actually executed on. QueryTimeInterval *EntityInsightItemQueryTimeInterval `json:"queryTimeInterval,omitempty"` // Query results for table insights query. TableQueryResults *InsightsTableResult `json:"tableQueryResults,omitempty"` }
EntityInsightItem - Entity insight Item.
func (EntityInsightItem) MarshalJSON ¶ added in v0.2.0
func (e EntityInsightItem) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityInsightItem.
type EntityInsightItemQueryTimeInterval ¶ added in v0.2.0
type EntityInsightItemQueryTimeInterval struct { // Insight query end time EndTime *time.Time `json:"endTime,omitempty"` // Insight query start time StartTime *time.Time `json:"startTime,omitempty"` }
EntityInsightItemQueryTimeInterval - The Time interval that the query actually executed on.
func (EntityInsightItemQueryTimeInterval) MarshalJSON ¶ added in v0.2.0
func (e EntityInsightItemQueryTimeInterval) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityInsightItemQueryTimeInterval.
func (*EntityInsightItemQueryTimeInterval) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityInsightItemQueryTimeInterval) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityInsightItemQueryTimeInterval.
type EntityItemQueryKind ¶ added in v0.2.0
type EntityItemQueryKind string
const ( // EntityItemQueryKindInsight - insight EntityItemQueryKindInsight EntityItemQueryKind = "Insight" )
func PossibleEntityItemQueryKindValues ¶ added in v0.2.0
func PossibleEntityItemQueryKindValues() []EntityItemQueryKind
PossibleEntityItemQueryKindValues returns the possible values for the EntityItemQueryKind const type.
func (EntityItemQueryKind) ToPtr ¶ added in v0.2.0
func (c EntityItemQueryKind) ToPtr() *EntityItemQueryKind
ToPtr returns a *EntityItemQueryKind pointing to the current value.
type EntityKind ¶ added in v0.2.0
type EntityKind string
EntityKind - The kind of the entity
const ( // EntityKindAccount - Entity represents account in the system. EntityKindAccount EntityKind = "Account" // EntityKindAzureResource - Entity represents azure resource in the system. EntityKindAzureResource EntityKind = "AzureResource" // EntityKindBookmark - Entity represents bookmark in the system. EntityKindBookmark EntityKind = "Bookmark" // EntityKindCloudApplication - Entity represents cloud application in the system. EntityKindCloudApplication EntityKind = "CloudApplication" // EntityKindDNSResolution - Entity represents dns resolution in the system. EntityKindDNSResolution EntityKind = "DnsResolution" // EntityKindFile - Entity represents file in the system. EntityKindFile EntityKind = "File" // EntityKindFileHash - Entity represents file hash in the system. EntityKindFileHash EntityKind = "FileHash" // EntityKindHost - Entity represents host in the system. EntityKindHost EntityKind = "Host" // EntityKindIP - Entity represents ip in the system. EntityKindIP EntityKind = "Ip" // EntityKindIoTDevice - Entity represents IoT device in the system. EntityKindIoTDevice EntityKind = "IoTDevice" // EntityKindMailCluster - Entity represents mail cluster in the system. EntityKindMailCluster EntityKind = "MailCluster" // EntityKindMailMessage - Entity represents mail message in the system. EntityKindMailMessage EntityKind = "MailMessage" // EntityKindMailbox - Entity represents mailbox in the system. EntityKindMailbox EntityKind = "Mailbox" // EntityKindMalware - Entity represents malware in the system. EntityKindMalware EntityKind = "Malware" // EntityKindProcess - Entity represents process in the system. EntityKindProcess EntityKind = "Process" // EntityKindRegistryKey - Entity represents registry key in the system. EntityKindRegistryKey EntityKind = "RegistryKey" // EntityKindRegistryValue - Entity represents registry value in the system. EntityKindRegistryValue EntityKind = "RegistryValue" // EntityKindSecurityAlert - Entity represents security alert in the system. EntityKindSecurityAlert EntityKind = "SecurityAlert" // EntityKindSecurityGroup - Entity represents security group in the system. EntityKindSecurityGroup EntityKind = "SecurityGroup" // EntityKindSubmissionMail - Entity represents submission mail in the system. EntityKindSubmissionMail EntityKind = "SubmissionMail" // EntityKindURL - Entity represents url in the system. EntityKindURL EntityKind = "Url" )
func PossibleEntityKindValues ¶ added in v0.2.0
func PossibleEntityKindValues() []EntityKind
PossibleEntityKindValues returns the possible values for the EntityKind const type.
func (EntityKind) ToPtr ¶ added in v0.2.0
func (c EntityKind) ToPtr() *EntityKind
ToPtr returns a *EntityKind pointing to the current value.
type EntityList ¶ added in v0.2.0
type EntityList struct { // REQUIRED; Array of entities. Value []EntityClassification `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of entities. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
EntityList - List of all the entities.
func (EntityList) MarshalJSON ¶ added in v0.2.0
func (e EntityList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityList.
func (*EntityList) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityList) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityList.
type EntityMapping ¶ added in v0.2.0
type EntityMapping struct { // The V3 type of the mapped entity EntityType *EntityMappingType `json:"entityType,omitempty"` // array of field mappings for the given entity mapping FieldMappings []*FieldMapping `json:"fieldMappings,omitempty"` }
EntityMapping - Single entity mapping for the alert rule
func (EntityMapping) MarshalJSON ¶ added in v0.2.0
func (e EntityMapping) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityMapping.
type EntityMappingType ¶ added in v0.2.0
type EntityMappingType string
EntityMappingType - The V3 type of the mapped entity
const ( // EntityMappingTypeAccount - User account entity type EntityMappingTypeAccount EntityMappingType = "Account" // EntityMappingTypeAzureResource - Azure resource entity type EntityMappingTypeAzureResource EntityMappingType = "AzureResource" // EntityMappingTypeCloudApplication - Cloud app entity type EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication" // EntityMappingTypeDNS - DNS entity type EntityMappingTypeDNS EntityMappingType = "DNS" // EntityMappingTypeFile - System file entity type EntityMappingTypeFile EntityMappingType = "File" // EntityMappingTypeFileHash - File-hash entity type EntityMappingTypeFileHash EntityMappingType = "FileHash" // EntityMappingTypeHost - Host entity type EntityMappingTypeHost EntityMappingType = "Host" // EntityMappingTypeIP - IP address entity type EntityMappingTypeIP EntityMappingType = "IP" // EntityMappingTypeMailCluster - Mail cluster entity type EntityMappingTypeMailCluster EntityMappingType = "MailCluster" // EntityMappingTypeMailMessage - Mail message entity type EntityMappingTypeMailMessage EntityMappingType = "MailMessage" // EntityMappingTypeMailbox - Mailbox entity type EntityMappingTypeMailbox EntityMappingType = "Mailbox" // EntityMappingTypeMalware - Malware entity type EntityMappingTypeMalware EntityMappingType = "Malware" // EntityMappingTypeProcess - Process entity type EntityMappingTypeProcess EntityMappingType = "Process" // EntityMappingTypeRegistryKey - Registry key entity type EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey" // EntityMappingTypeRegistryValue - Registry value entity type EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue" // EntityMappingTypeSecurityGroup - Security group entity type EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup" // EntityMappingTypeSubmissionMail - Submission mail entity type EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail" // EntityMappingTypeURL - URL entity type EntityMappingTypeURL EntityMappingType = "URL" )
func PossibleEntityMappingTypeValues ¶ added in v0.2.0
func PossibleEntityMappingTypeValues() []EntityMappingType
PossibleEntityMappingTypeValues returns the possible values for the EntityMappingType const type.
func (EntityMappingType) ToPtr ¶ added in v0.2.0
func (c EntityMappingType) ToPtr() *EntityMappingType
ToPtr returns a *EntityMappingType pointing to the current value.
type EntityQueriesClient ¶ added in v0.2.0
type EntityQueriesClient struct {
// contains filtered or unexported fields
}
EntityQueriesClient contains the methods for the EntityQueries group. Don't use this type directly, use NewEntityQueriesClient() instead.
func NewEntityQueriesClient ¶ added in v0.2.0
func NewEntityQueriesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntityQueriesClient
NewEntityQueriesClient creates a new instance of EntityQueriesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*EntityQueriesClient) CreateOrUpdate ¶ added in v0.2.0
func (client *EntityQueriesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, entityQuery CustomEntityQueryClassification, options *EntityQueriesClientCreateOrUpdateOptions) (EntityQueriesClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates the entity query. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityQueryID - entity query ID entityQuery - The entity query we want to create or update options - EntityQueriesClientCreateOrUpdateOptions contains the optional parameters for the EntityQueriesClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntityQueriesClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<entity-query-id>", &armsecurityinsight.ActivityCustomEntityQuery{ Etag: to.StringPtr("<etag>"), Kind: armsecurityinsight.CustomEntityQueryKind("Activity").ToPtr(), Properties: &armsecurityinsight.ActivityEntityQueriesProperties{ Description: to.StringPtr("<description>"), Content: to.StringPtr("<content>"), Enabled: to.BoolPtr(true), EntitiesFilter: map[string][]*string{ "Host_OsFamily": { to.StringPtr("Windows")}, }, InputEntityType: armsecurityinsight.EntityType("Host").ToPtr(), QueryDefinitions: &armsecurityinsight.ActivityEntityQueriesPropertiesQueryDefinitions{ Query: to.StringPtr("<query>"), }, RequiredInputFieldsSets: [][]*string{ { to.StringPtr("Host_HostName"), to.StringPtr("Host_NTDomain")}, { to.StringPtr("Host_HostName"), to.StringPtr("Host_DnsDomain")}, { to.StringPtr("Host_AzureID")}, { to.StringPtr("Host_OMSAgentID")}}, Title: to.StringPtr("<title>"), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.EntityQueriesClientCreateOrUpdateResult) }
Output:
func (*EntityQueriesClient) Delete ¶ added in v0.2.0
func (client *EntityQueriesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientDeleteOptions) (EntityQueriesClientDeleteResponse, error)
Delete - Delete the entity query. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityQueryID - entity query ID options - EntityQueriesClientDeleteOptions contains the optional parameters for the EntityQueriesClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/DeleteEntityQuery.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntityQueriesClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<entity-query-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*EntityQueriesClient) Get ¶ added in v0.2.0
func (client *EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientGetOptions) (EntityQueriesClientGetResponse, error)
Get - Gets an entity query. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityQueryID - entity query ID options - EntityQueriesClientGetOptions contains the optional parameters for the EntityQueriesClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntityQueriesClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<entity-query-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.EntityQueriesClientGetResult) }
Output:
func (*EntityQueriesClient) List ¶ added in v0.2.0
func (client *EntityQueriesClient) List(resourceGroupName string, workspaceName string, options *EntityQueriesClientListOptions) *EntityQueriesClientListPager
List - Gets all entity queries. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - EntityQueriesClientListOptions contains the optional parameters for the EntityQueriesClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/GetEntityQueries.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntityQueriesClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", &armsecurityinsight.EntityQueriesClientListOptions{Kind: armsecurityinsight.Enum8("Expansion").ToPtr()}) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type EntityQueriesClientCreateOrUpdateOptions ¶ added in v0.2.0
type EntityQueriesClientCreateOrUpdateOptions struct { }
EntityQueriesClientCreateOrUpdateOptions contains the optional parameters for the EntityQueriesClient.CreateOrUpdate method.
type EntityQueriesClientCreateOrUpdateResponse ¶ added in v0.2.0
type EntityQueriesClientCreateOrUpdateResponse struct { EntityQueriesClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntityQueriesClientCreateOrUpdateResponse contains the response from method EntityQueriesClient.CreateOrUpdate.
type EntityQueriesClientCreateOrUpdateResult ¶ added in v0.2.0
type EntityQueriesClientCreateOrUpdateResult struct {
EntityQueryClassification
}
EntityQueriesClientCreateOrUpdateResult contains the result from method EntityQueriesClient.CreateOrUpdate.
func (*EntityQueriesClientCreateOrUpdateResult) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityQueriesClientCreateOrUpdateResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueriesClientCreateOrUpdateResult.
type EntityQueriesClientDeleteOptions ¶ added in v0.2.0
type EntityQueriesClientDeleteOptions struct { }
EntityQueriesClientDeleteOptions contains the optional parameters for the EntityQueriesClient.Delete method.
type EntityQueriesClientDeleteResponse ¶ added in v0.2.0
type EntityQueriesClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntityQueriesClientDeleteResponse contains the response from method EntityQueriesClient.Delete.
type EntityQueriesClientGetOptions ¶ added in v0.2.0
type EntityQueriesClientGetOptions struct { }
EntityQueriesClientGetOptions contains the optional parameters for the EntityQueriesClient.Get method.
type EntityQueriesClientGetResponse ¶ added in v0.2.0
type EntityQueriesClientGetResponse struct { EntityQueriesClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntityQueriesClientGetResponse contains the response from method EntityQueriesClient.Get.
type EntityQueriesClientGetResult ¶ added in v0.2.0
type EntityQueriesClientGetResult struct {
EntityQueryClassification
}
EntityQueriesClientGetResult contains the result from method EntityQueriesClient.Get.
func (*EntityQueriesClientGetResult) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityQueriesClientGetResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueriesClientGetResult.
type EntityQueriesClientListOptions ¶ added in v0.2.0
type EntityQueriesClientListOptions struct { // The entity query kind we want to fetch Kind *Enum8 }
EntityQueriesClientListOptions contains the optional parameters for the EntityQueriesClient.List method.
type EntityQueriesClientListPager ¶ added in v0.2.0
type EntityQueriesClientListPager struct {
// contains filtered or unexported fields
}
EntityQueriesClientListPager provides operations for iterating over paged responses.
func (*EntityQueriesClientListPager) Err ¶ added in v0.2.0
func (p *EntityQueriesClientListPager) Err() error
Err returns the last error encountered while paging.
func (*EntityQueriesClientListPager) NextPage ¶ added in v0.2.0
func (p *EntityQueriesClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*EntityQueriesClientListPager) PageResponse ¶ added in v0.2.0
func (p *EntityQueriesClientListPager) PageResponse() EntityQueriesClientListResponse
PageResponse returns the current EntityQueriesClientListResponse page.
type EntityQueriesClientListResponse ¶ added in v0.2.0
type EntityQueriesClientListResponse struct { EntityQueriesClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntityQueriesClientListResponse contains the response from method EntityQueriesClient.List.
type EntityQueriesClientListResult ¶ added in v0.2.0
type EntityQueriesClientListResult struct {
EntityQueryList
}
EntityQueriesClientListResult contains the result from method EntityQueriesClient.List.
type EntityQuery ¶ added in v0.2.0
type EntityQuery struct { // REQUIRED; the entity query kind Kind *EntityQueryKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
EntityQuery - Specific entity query.
func (*EntityQuery) GetEntityQuery ¶ added in v0.2.0
func (e *EntityQuery) GetEntityQuery() *EntityQuery
GetEntityQuery implements the EntityQueryClassification interface for type EntityQuery.
type EntityQueryClassification ¶ added in v0.2.0
type EntityQueryClassification interface { // GetEntityQuery returns the EntityQuery content of the underlying type. GetEntityQuery() *EntityQuery }
EntityQueryClassification provides polymorphic access to related types. Call the interface's GetEntityQuery() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityEntityQuery, *EntityQuery, *ExpansionEntityQuery
type EntityQueryItem ¶ added in v0.2.0
type EntityQueryItem struct { // REQUIRED; The kind of the entity query Kind *EntityQueryKind `json:"kind,omitempty"` // Query Template ARM Name Name *string `json:"name,omitempty"` // ARM Type Type *string `json:"type,omitempty"` // READ-ONLY; Query Template ARM ID ID *string `json:"id,omitempty" azure:"ro"` }
EntityQueryItem - An abstract Query item for entity
func (*EntityQueryItem) GetEntityQueryItem ¶ added in v0.2.0
func (e *EntityQueryItem) GetEntityQueryItem() *EntityQueryItem
GetEntityQueryItem implements the EntityQueryItemClassification interface for type EntityQueryItem.
type EntityQueryItemClassification ¶ added in v0.2.0
type EntityQueryItemClassification interface { // GetEntityQueryItem returns the EntityQueryItem content of the underlying type. GetEntityQueryItem() *EntityQueryItem }
EntityQueryItemClassification provides polymorphic access to related types. Call the interface's GetEntityQueryItem() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *EntityQueryItem, *InsightQueryItem
type EntityQueryItemProperties ¶ added in v0.2.0
type EntityQueryItemProperties struct { // Data types for template DataTypes []*EntityQueryItemPropertiesDataTypesItem `json:"dataTypes,omitempty"` // The query applied only to entities matching to all filters EntitiesFilter map[string]interface{} `json:"entitiesFilter,omitempty"` // The type of the entity InputEntityType *EntityType `json:"inputEntityType,omitempty"` // Data types for template RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"` }
EntityQueryItemProperties - An properties abstract Query item for entity
func (EntityQueryItemProperties) MarshalJSON ¶ added in v0.2.0
func (e EntityQueryItemProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityQueryItemProperties.
type EntityQueryItemPropertiesDataTypesItem ¶ added in v0.2.0
type EntityQueryItemPropertiesDataTypesItem struct { // Data type name DataType *string `json:"dataType,omitempty"` }
type EntityQueryKind ¶ added in v0.2.0
type EntityQueryKind string
EntityQueryKind - The kind of the entity query
const ( EntityQueryKindActivity EntityQueryKind = "Activity" EntityQueryKindExpansion EntityQueryKind = "Expansion" EntityQueryKindInsight EntityQueryKind = "Insight" )
func PossibleEntityQueryKindValues ¶ added in v0.2.0
func PossibleEntityQueryKindValues() []EntityQueryKind
PossibleEntityQueryKindValues returns the possible values for the EntityQueryKind const type.
func (EntityQueryKind) ToPtr ¶ added in v0.2.0
func (c EntityQueryKind) ToPtr() *EntityQueryKind
ToPtr returns a *EntityQueryKind pointing to the current value.
type EntityQueryList ¶ added in v0.2.0
type EntityQueryList struct { // REQUIRED; Array of entity queries. Value []EntityQueryClassification `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of entity queries. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
EntityQueryList - List of all the entity queries.
func (EntityQueryList) MarshalJSON ¶ added in v0.2.0
func (e EntityQueryList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityQueryList.
func (*EntityQueryList) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityQueryList) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryList.
type EntityQueryTemplate ¶ added in v0.2.0
type EntityQueryTemplate struct { // REQUIRED; the entity query template kind Kind *EntityQueryTemplateKind `json:"kind,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
EntityQueryTemplate - Specific entity query template.
func (*EntityQueryTemplate) GetEntityQueryTemplate ¶ added in v0.2.0
func (e *EntityQueryTemplate) GetEntityQueryTemplate() *EntityQueryTemplate
GetEntityQueryTemplate implements the EntityQueryTemplateClassification interface for type EntityQueryTemplate.
type EntityQueryTemplateClassification ¶ added in v0.2.0
type EntityQueryTemplateClassification interface { // GetEntityQueryTemplate returns the EntityQueryTemplate content of the underlying type. GetEntityQueryTemplate() *EntityQueryTemplate }
EntityQueryTemplateClassification provides polymorphic access to related types. Call the interface's GetEntityQueryTemplate() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityEntityQueryTemplate, *EntityQueryTemplate
type EntityQueryTemplateKind ¶ added in v0.2.0
type EntityQueryTemplateKind string
EntityQueryTemplateKind - The kind of the entity query template.
const (
EntityQueryTemplateKindActivity EntityQueryTemplateKind = "Activity"
)
func PossibleEntityQueryTemplateKindValues ¶ added in v0.2.0
func PossibleEntityQueryTemplateKindValues() []EntityQueryTemplateKind
PossibleEntityQueryTemplateKindValues returns the possible values for the EntityQueryTemplateKind const type.
func (EntityQueryTemplateKind) ToPtr ¶ added in v0.2.0
func (c EntityQueryTemplateKind) ToPtr() *EntityQueryTemplateKind
ToPtr returns a *EntityQueryTemplateKind pointing to the current value.
type EntityQueryTemplateList ¶ added in v0.2.0
type EntityQueryTemplateList struct { // REQUIRED; Array of entity query templates. Value []EntityQueryTemplateClassification `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of entity query templates. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
EntityQueryTemplateList - List of all the entity query templates.
func (EntityQueryTemplateList) MarshalJSON ¶ added in v0.2.0
func (e EntityQueryTemplateList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityQueryTemplateList.
func (*EntityQueryTemplateList) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityQueryTemplateList) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplateList.
type EntityQueryTemplatesClient ¶ added in v0.2.0
type EntityQueryTemplatesClient struct {
// contains filtered or unexported fields
}
EntityQueryTemplatesClient contains the methods for the EntityQueryTemplates group. Don't use this type directly, use NewEntityQueryTemplatesClient() instead.
func NewEntityQueryTemplatesClient ¶ added in v0.2.0
func NewEntityQueryTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntityQueryTemplatesClient
NewEntityQueryTemplatesClient creates a new instance of EntityQueryTemplatesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*EntityQueryTemplatesClient) Get ¶ added in v0.2.0
func (client *EntityQueryTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryTemplateID string, options *EntityQueryTemplatesClientGetOptions) (EntityQueryTemplatesClientGetResponse, error)
Get - Gets an entity query. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityQueryTemplateID - entity query template ID options - EntityQueryTemplatesClientGetOptions contains the optional parameters for the EntityQueryTemplatesClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntityQueryTemplatesClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<entity-query-template-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.EntityQueryTemplatesClientGetResult) }
Output:
func (*EntityQueryTemplatesClient) List ¶ added in v0.2.0
func (client *EntityQueryTemplatesClient) List(resourceGroupName string, workspaceName string, options *EntityQueryTemplatesClientListOptions) *EntityQueryTemplatesClientListPager
List - Gets all entity query templates. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - EntityQueryTemplatesClientListOptions contains the optional parameters for the EntityQueryTemplatesClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntityQueryTemplatesClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", &armsecurityinsight.EntityQueryTemplatesClientListOptions{Kind: armsecurityinsight.Enum39("Activity").ToPtr()}) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type EntityQueryTemplatesClientGetOptions ¶ added in v0.2.0
type EntityQueryTemplatesClientGetOptions struct { }
EntityQueryTemplatesClientGetOptions contains the optional parameters for the EntityQueryTemplatesClient.Get method.
type EntityQueryTemplatesClientGetResponse ¶ added in v0.2.0
type EntityQueryTemplatesClientGetResponse struct { EntityQueryTemplatesClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntityQueryTemplatesClientGetResponse contains the response from method EntityQueryTemplatesClient.Get.
type EntityQueryTemplatesClientGetResult ¶ added in v0.2.0
type EntityQueryTemplatesClientGetResult struct {
EntityQueryTemplateClassification
}
EntityQueryTemplatesClientGetResult contains the result from method EntityQueryTemplatesClient.Get.
func (*EntityQueryTemplatesClientGetResult) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityQueryTemplatesClientGetResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplatesClientGetResult.
type EntityQueryTemplatesClientListOptions ¶ added in v0.2.0
type EntityQueryTemplatesClientListOptions struct { // The entity template query kind we want to fetch Kind *Enum39 }
EntityQueryTemplatesClientListOptions contains the optional parameters for the EntityQueryTemplatesClient.List method.
type EntityQueryTemplatesClientListPager ¶ added in v0.2.0
type EntityQueryTemplatesClientListPager struct {
// contains filtered or unexported fields
}
EntityQueryTemplatesClientListPager provides operations for iterating over paged responses.
func (*EntityQueryTemplatesClientListPager) Err ¶ added in v0.2.0
func (p *EntityQueryTemplatesClientListPager) Err() error
Err returns the last error encountered while paging.
func (*EntityQueryTemplatesClientListPager) NextPage ¶ added in v0.2.0
func (p *EntityQueryTemplatesClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*EntityQueryTemplatesClientListPager) PageResponse ¶ added in v0.2.0
func (p *EntityQueryTemplatesClientListPager) PageResponse() EntityQueryTemplatesClientListResponse
PageResponse returns the current EntityQueryTemplatesClientListResponse page.
type EntityQueryTemplatesClientListResponse ¶ added in v0.2.0
type EntityQueryTemplatesClientListResponse struct { EntityQueryTemplatesClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntityQueryTemplatesClientListResponse contains the response from method EntityQueryTemplatesClient.List.
type EntityQueryTemplatesClientListResult ¶ added in v0.2.0
type EntityQueryTemplatesClientListResult struct {
EntityQueryTemplateList
}
EntityQueryTemplatesClientListResult contains the result from method EntityQueryTemplatesClient.List.
type EntityRelationsClient ¶ added in v0.2.0
type EntityRelationsClient struct {
// contains filtered or unexported fields
}
EntityRelationsClient contains the methods for the EntityRelations group. Don't use this type directly, use NewEntityRelationsClient() instead.
func NewEntityRelationsClient ¶ added in v0.2.0
func NewEntityRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntityRelationsClient
NewEntityRelationsClient creates a new instance of EntityRelationsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*EntityRelationsClient) GetRelation ¶ added in v0.2.0
func (client *EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, relationName string, options *EntityRelationsClientGetRelationOptions) (EntityRelationsClientGetRelationResponse, error)
GetRelation - Gets an entity relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID relationName - Relation Name options - EntityRelationsClientGetRelationOptions contains the optional parameters for the EntityRelationsClient.GetRelation method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/relations/GetEntityRelationByName.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewEntityRelationsClient("<subscription-id>", cred, nil) res, err := client.GetRelation(ctx, "<resource-group-name>", "<workspace-name>", "<entity-id>", "<relation-name>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.EntityRelationsClientGetRelationResult) }
Output:
type EntityRelationsClientGetRelationOptions ¶ added in v0.2.0
type EntityRelationsClientGetRelationOptions struct { }
EntityRelationsClientGetRelationOptions contains the optional parameters for the EntityRelationsClient.GetRelation method.
type EntityRelationsClientGetRelationResponse ¶ added in v0.2.0
type EntityRelationsClientGetRelationResponse struct { EntityRelationsClientGetRelationResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
EntityRelationsClientGetRelationResponse contains the response from method EntityRelationsClient.GetRelation.
type EntityRelationsClientGetRelationResult ¶ added in v0.2.0
type EntityRelationsClientGetRelationResult struct {
Relation
}
EntityRelationsClientGetRelationResult contains the result from method EntityRelationsClient.GetRelation.
type EntityTimelineItem ¶ added in v0.2.0
type EntityTimelineItem struct { // REQUIRED; The entity query kind type. Kind *EntityTimelineKind `json:"kind,omitempty"` }
EntityTimelineItem - Entity timeline Item.
func (*EntityTimelineItem) GetEntityTimelineItem ¶ added in v0.2.0
func (e *EntityTimelineItem) GetEntityTimelineItem() *EntityTimelineItem
GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type EntityTimelineItem.
type EntityTimelineItemClassification ¶ added in v0.2.0
type EntityTimelineItemClassification interface { // GetEntityTimelineItem returns the EntityTimelineItem content of the underlying type. GetEntityTimelineItem() *EntityTimelineItem }
EntityTimelineItemClassification provides polymorphic access to related types. Call the interface's GetEntityTimelineItem() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityTimelineItem, *BookmarkTimelineItem, *EntityTimelineItem, *SecurityAlertTimelineItem
type EntityTimelineKind ¶ added in v0.2.0
type EntityTimelineKind string
EntityTimelineKind - The entity query kind
const ( // EntityTimelineKindActivity - activity EntityTimelineKindActivity EntityTimelineKind = "Activity" // EntityTimelineKindBookmark - bookmarks EntityTimelineKindBookmark EntityTimelineKind = "Bookmark" // EntityTimelineKindSecurityAlert - security alerts EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert" )
func PossibleEntityTimelineKindValues ¶ added in v0.2.0
func PossibleEntityTimelineKindValues() []EntityTimelineKind
PossibleEntityTimelineKindValues returns the possible values for the EntityTimelineKind const type.
func (EntityTimelineKind) ToPtr ¶ added in v0.2.0
func (c EntityTimelineKind) ToPtr() *EntityTimelineKind
ToPtr returns a *EntityTimelineKind pointing to the current value.
type EntityTimelineParameters ¶ added in v0.2.0
type EntityTimelineParameters struct { // REQUIRED; The end timeline date, so the results returned are before this date. EndTime *time.Time `json:"endTime,omitempty"` // REQUIRED; The start timeline date, so the results returned are after this date. StartTime *time.Time `json:"startTime,omitempty"` // Array of timeline Item kinds. Kinds []*EntityTimelineKind `json:"kinds,omitempty"` // The number of bucket for timeline queries aggregation. NumberOfBucket *int32 `json:"numberOfBucket,omitempty"` }
EntityTimelineParameters - The parameters required to execute s timeline operation on the given entity.
func (EntityTimelineParameters) MarshalJSON ¶ added in v0.2.0
func (e EntityTimelineParameters) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityTimelineParameters.
func (*EntityTimelineParameters) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityTimelineParameters) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineParameters.
type EntityTimelineResponse ¶ added in v0.2.0
type EntityTimelineResponse struct { // The metadata from the timeline operation results. MetaData *TimelineResultsMetadata `json:"metaData,omitempty"` // The timeline result values. Value []EntityTimelineItemClassification `json:"value,omitempty"` }
EntityTimelineResponse - The entity timeline result operation response.
func (EntityTimelineResponse) MarshalJSON ¶ added in v0.2.0
func (e EntityTimelineResponse) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type EntityTimelineResponse.
func (*EntityTimelineResponse) UnmarshalJSON ¶ added in v0.2.0
func (e *EntityTimelineResponse) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineResponse.
type EntityType ¶ added in v0.2.0
type EntityType string
EntityType - The type of the entity
const ( // EntityTypeAccount - Entity represents account in the system. EntityTypeAccount EntityType = "Account" // EntityTypeAzureResource - Entity represents azure resource in the system. EntityTypeAzureResource EntityType = "AzureResource" // EntityTypeCloudApplication - Entity represents cloud application in the system. EntityTypeCloudApplication EntityType = "CloudApplication" // EntityTypeDNS - Entity represents dns in the system. EntityTypeDNS EntityType = "DNS" // EntityTypeFile - Entity represents file in the system. EntityTypeFile EntityType = "File" // EntityTypeFileHash - Entity represents file hash in the system. EntityTypeFileHash EntityType = "FileHash" // EntityTypeHost - Entity represents host in the system. EntityTypeHost EntityType = "Host" // EntityTypeHuntingBookmark - Entity represents HuntingBookmark in the system. EntityTypeHuntingBookmark EntityType = "HuntingBookmark" // EntityTypeIP - Entity represents ip in the system. EntityTypeIP EntityType = "IP" // EntityTypeIoTDevice - Entity represents IoT device in the system. EntityTypeIoTDevice EntityType = "IoTDevice" // EntityTypeMailCluster - Entity represents mail cluster in the system. EntityTypeMailCluster EntityType = "MailCluster" // EntityTypeMailMessage - Entity represents mail message in the system. EntityTypeMailMessage EntityType = "MailMessage" // EntityTypeMailbox - Entity represents mailbox in the system. EntityTypeMailbox EntityType = "Mailbox" // EntityTypeMalware - Entity represents malware in the system. EntityTypeMalware EntityType = "Malware" // EntityTypeProcess - Entity represents process in the system. EntityTypeProcess EntityType = "Process" // EntityTypeRegistryKey - Entity represents registry key in the system. EntityTypeRegistryKey EntityType = "RegistryKey" // EntityTypeRegistryValue - Entity represents registry value in the system. EntityTypeRegistryValue EntityType = "RegistryValue" // EntityTypeSecurityAlert - Entity represents security alert in the system. EntityTypeSecurityAlert EntityType = "SecurityAlert" // EntityTypeSecurityGroup - Entity represents security group in the system. EntityTypeSecurityGroup EntityType = "SecurityGroup" // EntityTypeSubmissionMail - Entity represents submission mail in the system. EntityTypeSubmissionMail EntityType = "SubmissionMail" // EntityTypeURL - Entity represents url in the system. EntityTypeURL EntityType = "URL" )
func PossibleEntityTypeValues ¶ added in v0.2.0
func PossibleEntityTypeValues() []EntityType
PossibleEntityTypeValues returns the possible values for the EntityType const type.
func (EntityType) ToPtr ¶ added in v0.2.0
func (c EntityType) ToPtr() *EntityType
ToPtr returns a *EntityType pointing to the current value.
type Enum39 ¶ added in v0.2.0
type Enum39 string
const (
Enum39Activity Enum39 = "Activity"
)
func PossibleEnum39Values ¶ added in v0.2.0
func PossibleEnum39Values() []Enum39
PossibleEnum39Values returns the possible values for the Enum39 const type.
type Enum8 ¶ added in v0.2.0
type Enum8 string
func PossibleEnum8Values ¶ added in v0.2.0
func PossibleEnum8Values() []Enum8
PossibleEnum8Values returns the possible values for the Enum8 const type.
type ErrorAdditionalInfo ¶
type ErrorAdditionalInfo struct { // READ-ONLY; The additional info. Info map[string]interface{} `json:"info,omitempty" azure:"ro"` // READ-ONLY; The additional info type. Type *string `json:"type,omitempty" azure:"ro"` }
ErrorAdditionalInfo - The resource management error additional info.
type ErrorDetail ¶ added in v0.2.0
type ErrorDetail struct { // READ-ONLY; The error additional info. AdditionalInfo []*ErrorAdditionalInfo `json:"additionalInfo,omitempty" azure:"ro"` // READ-ONLY; The error code. Code *string `json:"code,omitempty" azure:"ro"` // READ-ONLY; The error details. Details []*ErrorDetail `json:"details,omitempty" azure:"ro"` // READ-ONLY; The error message. Message *string `json:"message,omitempty" azure:"ro"` // READ-ONLY; The error target. Target *string `json:"target,omitempty" azure:"ro"` }
ErrorDetail - The error detail.
func (ErrorDetail) MarshalJSON ¶ added in v0.2.0
func (e ErrorDetail) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ErrorDetail.
type ErrorResponse ¶
type ErrorResponse struct { // The error object. Error *ErrorDetail `json:"error,omitempty"` }
ErrorResponse - Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
type EventGroupingAggregationKind ¶ added in v0.2.0
type EventGroupingAggregationKind string
EventGroupingAggregationKind - The event grouping aggregation kinds
const ( EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult" EventGroupingAggregationKindSingleAlert EventGroupingAggregationKind = "SingleAlert" )
func PossibleEventGroupingAggregationKindValues ¶ added in v0.2.0
func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind
PossibleEventGroupingAggregationKindValues returns the possible values for the EventGroupingAggregationKind const type.
func (EventGroupingAggregationKind) ToPtr ¶ added in v0.2.0
func (c EventGroupingAggregationKind) ToPtr() *EventGroupingAggregationKind
ToPtr returns a *EventGroupingAggregationKind pointing to the current value.
type EventGroupingSettings ¶ added in v0.2.0
type EventGroupingSettings struct { // The event grouping aggregation kinds AggregationKind *EventGroupingAggregationKind `json:"aggregationKind,omitempty"` }
EventGroupingSettings - Event grouping settings property bag.
type ExpansionEntityQueriesProperties ¶ added in v0.2.0
type ExpansionEntityQueriesProperties struct { // List of the data sources that are required to run the query DataSources []*string `json:"dataSources,omitempty"` // The query display name DisplayName *string `json:"displayName,omitempty"` // The type of the query's source entity InputEntityType *EntityType `json:"inputEntityType,omitempty"` // List of the fields of the source entity that are required to run the query InputFields []*string `json:"inputFields,omitempty"` // List of the desired output types to be constructed from the result OutputEntityTypes []*EntityType `json:"outputEntityTypes,omitempty"` // The template query string to be parsed and formatted QueryTemplate *string `json:"queryTemplate,omitempty"` }
ExpansionEntityQueriesProperties - Describes expansion entity query properties
func (ExpansionEntityQueriesProperties) MarshalJSON ¶ added in v0.2.0
func (e ExpansionEntityQueriesProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ExpansionEntityQueriesProperties.
type ExpansionEntityQuery ¶ added in v0.2.0
type ExpansionEntityQuery struct { // REQUIRED; the entity query kind Kind *EntityQueryKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Expansion entity query properties Properties *ExpansionEntityQueriesProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ExpansionEntityQuery - Represents Expansion entity query.
func (*ExpansionEntityQuery) GetEntityQuery ¶ added in v0.2.0
func (e *ExpansionEntityQuery) GetEntityQuery() *EntityQuery
GetEntityQuery implements the EntityQueryClassification interface for type ExpansionEntityQuery.
func (ExpansionEntityQuery) MarshalJSON ¶ added in v0.2.0
func (e ExpansionEntityQuery) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ExpansionEntityQuery.
func (*ExpansionEntityQuery) UnmarshalJSON ¶ added in v0.2.0
func (e *ExpansionEntityQuery) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionEntityQuery.
type ExpansionResultAggregation ¶ added in v0.2.0
type ExpansionResultAggregation struct { // REQUIRED; Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. Count *int32 `json:"count,omitempty"` // REQUIRED; The kind of the aggregated entity. EntityKind *EntityKind `json:"entityKind,omitempty"` // The common type of the aggregation. (for e.g. entity field name) AggregationType *string `json:"aggregationType,omitempty"` // The display name of the aggregation by type. DisplayName *string `json:"displayName,omitempty"` }
ExpansionResultAggregation - Information of a specific aggregation in the expansion result.
type ExpansionResultsMetadata ¶ added in v0.2.0
type ExpansionResultsMetadata struct { // Information of the aggregated nodes in the expansion result. Aggregations []*ExpansionResultAggregation `json:"aggregations,omitempty"` }
ExpansionResultsMetadata - Expansion result metadata.
func (ExpansionResultsMetadata) MarshalJSON ¶ added in v0.2.0
func (e ExpansionResultsMetadata) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ExpansionResultsMetadata.
type EyesOn ¶ added in v0.2.0
type EyesOn struct { // REQUIRED; The kind of the setting Kind *SettingKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // EyesOn properties Properties *EyesOnSettingsProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
EyesOn - Settings with single toggle.
func (*EyesOn) GetSettings ¶ added in v0.2.0
GetSettings implements the SettingsClassification interface for type EyesOn.
func (EyesOn) MarshalJSON ¶ added in v0.2.0
MarshalJSON implements the json.Marshaller interface for type EyesOn.
func (*EyesOn) UnmarshalJSON ¶ added in v0.2.0
UnmarshalJSON implements the json.Unmarshaller interface for type EyesOn.
type EyesOnSettingsProperties ¶ added in v0.2.0
type EyesOnSettingsProperties struct { // READ-ONLY; Determines whether the setting is enable or disabled. IsEnabled *bool `json:"isEnabled,omitempty" azure:"ro"` }
EyesOnSettingsProperties - EyesOn property bag.
type FieldMapping ¶ added in v0.2.0
type FieldMapping struct { // the column name to be mapped to the identifier ColumnName *string `json:"columnName,omitempty"` // the V3 identifier of the entity Identifier *string `json:"identifier,omitempty"` }
FieldMapping - A single field mapping of the mapped entity
type FileEntity ¶ added in v0.2.0
type FileEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // File entity properties Properties *FileEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
FileEntity - Represents a file entity.
func (*FileEntity) GetEntity ¶ added in v0.2.0
func (f *FileEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type FileEntity.
func (FileEntity) MarshalJSON ¶ added in v0.2.0
func (f FileEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type FileEntity.
func (*FileEntity) UnmarshalJSON ¶ added in v0.2.0
func (f *FileEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type FileEntity.
type FileEntityProperties ¶ added in v0.2.0
type FileEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The full path to the file. Directory *string `json:"directory,omitempty" azure:"ro"` // READ-ONLY; The file hash entity identifiers associated with this file FileHashEntityIDs []*string `json:"fileHashEntityIds,omitempty" azure:"ro"` // READ-ONLY; The file name without path (some alerts might not include path). FileName *string `json:"fileName,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The Host entity id which the file belongs to HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"` }
FileEntityProperties - File entity property bag.
func (FileEntityProperties) MarshalJSON ¶ added in v0.2.0
func (f FileEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type FileEntityProperties.
type FileHashAlgorithm ¶ added in v0.2.0
type FileHashAlgorithm string
FileHashAlgorithm - The hash algorithm type.
const ( // FileHashAlgorithmMD5 - MD5 hash type FileHashAlgorithmMD5 FileHashAlgorithm = "MD5" // FileHashAlgorithmSHA1 - SHA1 hash type FileHashAlgorithmSHA1 FileHashAlgorithm = "SHA1" // FileHashAlgorithmSHA256 - SHA256 hash type FileHashAlgorithmSHA256 FileHashAlgorithm = "SHA256" // FileHashAlgorithmSHA256AC - SHA256 Authenticode hash type FileHashAlgorithmSHA256AC FileHashAlgorithm = "SHA256AC" // FileHashAlgorithmUnknown - Unknown hash algorithm FileHashAlgorithmUnknown FileHashAlgorithm = "Unknown" )
func PossibleFileHashAlgorithmValues ¶ added in v0.2.0
func PossibleFileHashAlgorithmValues() []FileHashAlgorithm
PossibleFileHashAlgorithmValues returns the possible values for the FileHashAlgorithm const type.
func (FileHashAlgorithm) ToPtr ¶ added in v0.2.0
func (c FileHashAlgorithm) ToPtr() *FileHashAlgorithm
ToPtr returns a *FileHashAlgorithm pointing to the current value.
type FileHashEntity ¶ added in v0.2.0
type FileHashEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // FileHash entity properties Properties *FileHashEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
FileHashEntity - Represents a file hash entity.
func (*FileHashEntity) GetEntity ¶ added in v0.2.0
func (f *FileHashEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type FileHashEntity.
func (FileHashEntity) MarshalJSON ¶ added in v0.2.0
func (f FileHashEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type FileHashEntity.
func (*FileHashEntity) UnmarshalJSON ¶ added in v0.2.0
func (f *FileHashEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntity.
type FileHashEntityProperties ¶ added in v0.2.0
type FileHashEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The hash algorithm type. Algorithm *FileHashAlgorithm `json:"algorithm,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The file hash value. HashValue *string `json:"hashValue,omitempty" azure:"ro"` }
FileHashEntityProperties - FileHash entity property bag.
func (FileHashEntityProperties) MarshalJSON ¶ added in v0.2.0
func (f FileHashEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type FileHashEntityProperties.
type FusionAlertRule ¶
type FusionAlertRule struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Fusion alert rule properties Properties *FusionAlertRuleProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
FusionAlertRule - Represents Fusion alert rule.
func (*FusionAlertRule) GetAlertRule ¶ added in v0.2.0
func (f *FusionAlertRule) GetAlertRule() *AlertRule
GetAlertRule implements the AlertRuleClassification interface for type FusionAlertRule.
func (FusionAlertRule) MarshalJSON ¶
func (f FusionAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type FusionAlertRule.
func (*FusionAlertRule) UnmarshalJSON ¶
func (f *FusionAlertRule) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRule.
type FusionAlertRuleProperties ¶
type FusionAlertRuleProperties struct { // REQUIRED; The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // REQUIRED; Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // READ-ONLY; The description of the alert rule. Description *string `json:"description,omitempty" azure:"ro"` // READ-ONLY; The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty" azure:"ro"` // READ-ONLY; The last time that this alert has been modified. LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` // READ-ONLY; The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"` // READ-ONLY; The tactics of the alert rule Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` }
FusionAlertRuleProperties - Fusion alert rule base property bag.
func (FusionAlertRuleProperties) MarshalJSON ¶
func (f FusionAlertRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleProperties.
func (*FusionAlertRuleProperties) UnmarshalJSON ¶
func (f *FusionAlertRuleProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleProperties.
type FusionAlertRuleTemplate ¶
type FusionAlertRuleTemplate struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Fusion alert rule template properties Properties *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
FusionAlertRuleTemplate - Represents Fusion alert rule template.
func (*FusionAlertRuleTemplate) GetAlertRuleTemplate ¶ added in v0.2.0
func (f *FusionAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate
GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) MarshalJSON ¶
func (f FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplate.
func (*FusionAlertRuleTemplate) UnmarshalJSON ¶
func (f *FusionAlertRuleTemplate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplate.
type FusionAlertRuleTemplateProperties ¶
type FusionAlertRuleTemplateProperties struct { // REQUIRED; The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty"` // the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // The description of the alert rule template. Description *string `json:"description,omitempty"` // The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // The required data sources for this template RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // The alert rule template status. Status *TemplateStatus `json:"status,omitempty"` // The tactics of the alert rule template Tactics []*AttackTactic `json:"tactics,omitempty"` // READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` // READ-ONLY; The last time that this alert rule template has been updated. LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` }
FusionAlertRuleTemplateProperties - Fusion alert rule template properties
func (FusionAlertRuleTemplateProperties) MarshalJSON ¶
func (f FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplateProperties.
func (*FusionAlertRuleTemplateProperties) UnmarshalJSON ¶
func (f *FusionAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplateProperties.
type GeoLocation ¶ added in v0.2.0
type GeoLocation struct { // READ-ONLY; Autonomous System Number Asn *int32 `json:"asn,omitempty" azure:"ro"` // READ-ONLY; City name City *string `json:"city,omitempty" azure:"ro"` // READ-ONLY; The country code according to ISO 3166 format CountryCode *string `json:"countryCode,omitempty" azure:"ro"` // READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name CountryName *string `json:"countryName,omitempty" azure:"ro"` // READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with // positive numbers representing East and negative numbers representing West. Latitude and // longitude are derived from the city or postal code. Latitude *float64 `json:"latitude,omitempty" azure:"ro"` // READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with // positive numbers representing North and negative numbers representing South. Latitude and // longitude are derived from the city or postal code. Longitude *float64 `json:"longitude,omitempty" azure:"ro"` // READ-ONLY; State name State *string `json:"state,omitempty" azure:"ro"` }
GeoLocation - The geo-location context attached to the ip entity
type GetInsightsError ¶ added in v0.2.0
type GetInsightsError struct { // REQUIRED; the error message ErrorMessage *string `json:"errorMessage,omitempty"` // REQUIRED; the query kind Kind *GetInsightsErrorKind `json:"kind,omitempty"` // the query id QueryID *string `json:"queryId,omitempty"` }
GetInsightsError - GetInsights Query Errors.
type GetInsightsErrorKind ¶ added in v0.2.0
type GetInsightsErrorKind string
GetInsightsErrorKind - the query kind
const (
GetInsightsErrorKindInsight GetInsightsErrorKind = "Insight"
)
func PossibleGetInsightsErrorKindValues ¶ added in v0.2.0
func PossibleGetInsightsErrorKindValues() []GetInsightsErrorKind
PossibleGetInsightsErrorKindValues returns the possible values for the GetInsightsErrorKind const type.
func (GetInsightsErrorKind) ToPtr ¶ added in v0.2.0
func (c GetInsightsErrorKind) ToPtr() *GetInsightsErrorKind
ToPtr returns a *GetInsightsErrorKind pointing to the current value.
type GetInsightsResultsMetadata ¶ added in v0.2.0
type GetInsightsResultsMetadata struct { // REQUIRED; the total items found for the insights request TotalCount *int32 `json:"totalCount,omitempty"` // information about the failed queries Errors []*GetInsightsError `json:"errors,omitempty"` }
GetInsightsResultsMetadata - Get Insights result metadata.
func (GetInsightsResultsMetadata) MarshalJSON ¶ added in v0.2.0
func (g GetInsightsResultsMetadata) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type GetInsightsResultsMetadata.
type GetQueriesResponse ¶ added in v0.2.0
type GetQueriesResponse struct { // The query result values. Value []EntityQueryItemClassification `json:"value,omitempty"` }
GetQueriesResponse - Retrieve queries for entity result operation response.
func (GetQueriesResponse) MarshalJSON ¶ added in v0.2.0
func (g GetQueriesResponse) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type GetQueriesResponse.
func (*GetQueriesResponse) UnmarshalJSON ¶ added in v0.2.0
func (g *GetQueriesResponse) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type GetQueriesResponse.
type GraphQueries ¶ added in v0.2.0
type GraphQueries struct { // The base query for the graph BaseQuery *string `json:"baseQuery,omitempty"` // The legend for the graph Legend *string `json:"legend,omitempty"` // the metric that the query is checking MetricName *string `json:"metricName,omitempty"` }
GraphQueries - The graph query to show the current data status
type GroupingConfiguration ¶ added in v0.2.0
type GroupingConfiguration struct { // REQUIRED; Grouping enabled Enabled *bool `json:"enabled,omitempty"` // REQUIRED; Limit the group to alerts created within the lookback duration (in ISO 8601 duration format) LookbackDuration *string `json:"lookbackDuration,omitempty"` // REQUIRED; Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails // must be provided and not empty. MatchingMethod *MatchingMethod `json:"matchingMethod,omitempty"` // REQUIRED; Re-open closed matching incidents ReopenClosedIncident *bool `json:"reopenClosedIncident,omitempty"` // A list of alert details to group by (when matchingMethod is Selected) GroupByAlertDetails []*AlertDetail `json:"groupByAlertDetails,omitempty"` // A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule // may be used. GroupByCustomDetails []*string `json:"groupByCustomDetails,omitempty"` // A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may // be used. GroupByEntities []*EntityMappingType `json:"groupByEntities,omitempty"` }
GroupingConfiguration - Grouping configuration property bag.
func (GroupingConfiguration) MarshalJSON ¶ added in v0.2.0
func (g GroupingConfiguration) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type GroupingConfiguration.
type HostEntity ¶ added in v0.2.0
type HostEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // Host entity properties Properties *HostEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
HostEntity - Represents a host entity.
func (*HostEntity) GetEntity ¶ added in v0.2.0
func (h *HostEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type HostEntity.
func (HostEntity) MarshalJSON ¶ added in v0.2.0
func (h HostEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type HostEntity.
func (*HostEntity) UnmarshalJSON ¶ added in v0.2.0
func (h *HostEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type HostEntity.
type HostEntityProperties ¶ added in v0.2.0
type HostEntityProperties struct { // The operating system type. OSFamily *OSFamily `json:"osFamily,omitempty"` // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The azure resource id of the VM. AzureID *string `json:"azureID,omitempty" azure:"ro"` // READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain DNSDomain *string `json:"dnsDomain,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The hostname without the domain suffix. HostName *string `json:"hostName,omitempty" azure:"ro"` // READ-ONLY; Determines whether this host belongs to a domain. IsDomainJoined *bool `json:"isDomainJoined,omitempty" azure:"ro"` // READ-ONLY; The host name (pre-windows2000). NetBiosName *string `json:"netBiosName,omitempty" azure:"ro"` // READ-ONLY; The NT domain that this host belongs to. NtDomain *string `json:"ntDomain,omitempty" azure:"ro"` // READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more // fine grained than OSFamily or future values not supported by OSFamily enumeration OSVersion *string `json:"osVersion,omitempty" azure:"ro"` // READ-ONLY; The OMS agent id, if the host has OMS agent installed. OmsAgentID *string `json:"omsAgentID,omitempty" azure:"ro"` }
HostEntityProperties - Host entity property bag.
func (HostEntityProperties) MarshalJSON ¶ added in v0.2.0
func (h HostEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type HostEntityProperties.
type HuntingBookmark ¶ added in v0.2.0
type HuntingBookmark struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // HuntingBookmark entity properties Properties *HuntingBookmarkProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
HuntingBookmark - Represents a Hunting bookmark entity.
func (*HuntingBookmark) GetEntity ¶ added in v0.2.0
func (h *HuntingBookmark) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type HuntingBookmark.
func (HuntingBookmark) MarshalJSON ¶ added in v0.2.0
func (h HuntingBookmark) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type HuntingBookmark.
func (*HuntingBookmark) UnmarshalJSON ¶ added in v0.2.0
func (h *HuntingBookmark) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmark.
type HuntingBookmarkProperties ¶ added in v0.2.0
type HuntingBookmarkProperties struct { // REQUIRED; The display name of the bookmark DisplayName *string `json:"displayName,omitempty"` // REQUIRED; The query of the bookmark. Query *string `json:"query,omitempty"` // The time the bookmark was created Created *time.Time `json:"created,omitempty"` // Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` // The time of the event EventTime *time.Time `json:"eventTime,omitempty"` // Describes an incident that relates to bookmark IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"` // List of labels relevant to this bookmark Labels []*string `json:"labels,omitempty"` // The notes of the bookmark Notes *string `json:"notes,omitempty"` // The query result of the bookmark. QueryResult *string `json:"queryResult,omitempty"` // The last time the bookmark was updated Updated *time.Time `json:"updated,omitempty"` // Describes a user that updated the bookmark UpdatedBy *UserInfo `json:"updatedBy,omitempty"` // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` }
HuntingBookmarkProperties - Describes bookmark properties
func (HuntingBookmarkProperties) MarshalJSON ¶ added in v0.2.0
func (h HuntingBookmarkProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type HuntingBookmarkProperties.
func (*HuntingBookmarkProperties) UnmarshalJSON ¶ added in v0.2.0
func (h *HuntingBookmarkProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmarkProperties.
type IPEntity ¶ added in v0.2.0
type IPEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // Ip entity properties Properties *IPEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
IPEntity - Represents an ip entity.
func (*IPEntity) GetEntity ¶ added in v0.2.0
GetEntity implements the EntityClassification interface for type IPEntity.
func (IPEntity) MarshalJSON ¶ added in v0.2.0
MarshalJSON implements the json.Marshaller interface for type IPEntity.
func (*IPEntity) UnmarshalJSON ¶ added in v0.2.0
UnmarshalJSON implements the json.Unmarshaller interface for type IPEntity.
type IPEntityProperties ¶ added in v0.2.0
type IPEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) Address *string `json:"address,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The geo-location context attached to the ip entity Location *GeoLocation `json:"location,omitempty" azure:"ro"` // READ-ONLY; A list of TI contexts attached to the ip entity. ThreatIntelligence []*ThreatIntelligence `json:"threatIntelligence,omitempty" azure:"ro"` }
IPEntityProperties - Ip entity property bag.
func (IPEntityProperties) MarshalJSON ¶ added in v0.2.0
func (i IPEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IPEntityProperties.
type IPGeodataClient ¶ added in v0.2.0
type IPGeodataClient struct {
// contains filtered or unexported fields
}
IPGeodataClient contains the methods for the IPGeodata group. Don't use this type directly, use NewIPGeodataClient() instead.
func NewIPGeodataClient ¶ added in v0.2.0
func NewIPGeodataClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *IPGeodataClient
NewIPGeodataClient creates a new instance of IPGeodataClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*IPGeodataClient) Get ¶ added in v0.2.0
func (client *IPGeodataClient) Get(ctx context.Context, resourceGroupName string, ipAddress string, options *IPGeodataClientGetOptions) (IPGeodataClientGetResponse, error)
Get - Get geodata for a single IP address If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. ipAddress - IP address (v4 or v6) to be enriched options - IPGeodataClientGetOptions contains the optional parameters for the IPGeodataClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/enrichment/GetGeodataByIp.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIPGeodataClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<ip-address>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IPGeodataClientGetResult) }
Output:
type IPGeodataClientGetOptions ¶ added in v0.2.0
type IPGeodataClientGetOptions struct { }
IPGeodataClientGetOptions contains the optional parameters for the IPGeodataClient.Get method.
type IPGeodataClientGetResponse ¶ added in v0.2.0
type IPGeodataClientGetResponse struct { IPGeodataClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IPGeodataClientGetResponse contains the response from method IPGeodataClient.Get.
type IPGeodataClientGetResult ¶ added in v0.2.0
type IPGeodataClientGetResult struct {
EnrichmentIPGeodata
}
IPGeodataClientGetResult contains the result from method IPGeodataClient.Get.
type Incident ¶
type Incident struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Incident properties Properties *IncidentProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
Incident - Represents an incident in Azure Security Insights.
type IncidentAdditionalData ¶
type IncidentAdditionalData struct { // READ-ONLY; List of product names of alerts in the incident AlertProductNames []*string `json:"alertProductNames,omitempty" azure:"ro"` // READ-ONLY; The number of alerts in the incident AlertsCount *int32 `json:"alertsCount,omitempty" azure:"ro"` // READ-ONLY; The number of bookmarks in the incident BookmarksCount *int32 `json:"bookmarksCount,omitempty" azure:"ro"` // READ-ONLY; The number of comments in the incident CommentsCount *int32 `json:"commentsCount,omitempty" azure:"ro"` // READ-ONLY; The tactics associated with incident Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` }
IncidentAdditionalData - Incident additional data property bag.
func (IncidentAdditionalData) MarshalJSON ¶
func (i IncidentAdditionalData) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IncidentAdditionalData.
type IncidentAlertList ¶ added in v0.2.0
type IncidentAlertList struct { // REQUIRED; Array of incident alerts. Value []*SecurityAlert `json:"value,omitempty"` }
IncidentAlertList - List of incident alerts.
func (IncidentAlertList) MarshalJSON ¶ added in v0.2.0
func (i IncidentAlertList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IncidentAlertList.
type IncidentBookmarkList ¶ added in v0.2.0
type IncidentBookmarkList struct { // REQUIRED; Array of incident bookmarks. Value []*HuntingBookmark `json:"value,omitempty"` }
IncidentBookmarkList - List of incident bookmarks.
func (IncidentBookmarkList) MarshalJSON ¶ added in v0.2.0
func (i IncidentBookmarkList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IncidentBookmarkList.
type IncidentClassification ¶
type IncidentClassification string
IncidentClassification - The reason the incident was closed
const ( // IncidentClassificationBenignPositive - Incident was benign positive IncidentClassificationBenignPositive IncidentClassification = "BenignPositive" // IncidentClassificationFalsePositive - Incident was false positive IncidentClassificationFalsePositive IncidentClassification = "FalsePositive" // IncidentClassificationTruePositive - Incident was true positive IncidentClassificationTruePositive IncidentClassification = "TruePositive" // IncidentClassificationUndetermined - Incident classification was undetermined IncidentClassificationUndetermined IncidentClassification = "Undetermined" )
func PossibleIncidentClassificationValues ¶
func PossibleIncidentClassificationValues() []IncidentClassification
PossibleIncidentClassificationValues returns the possible values for the IncidentClassification const type.
func (IncidentClassification) ToPtr ¶
func (c IncidentClassification) ToPtr() *IncidentClassification
ToPtr returns a *IncidentClassification pointing to the current value.
type IncidentClassificationReason ¶
type IncidentClassificationReason string
IncidentClassificationReason - The classification reason the incident was closed with
const ( // IncidentClassificationReasonInaccurateData - Classification reason was inaccurate data IncidentClassificationReasonInaccurateData IncidentClassificationReason = "InaccurateData" // IncidentClassificationReasonIncorrectAlertLogic - Classification reason was incorrect alert logic IncidentClassificationReasonIncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic" // IncidentClassificationReasonSuspiciousActivity - Classification reason was suspicious activity IncidentClassificationReasonSuspiciousActivity IncidentClassificationReason = "SuspiciousActivity" // IncidentClassificationReasonSuspiciousButExpected - Classification reason was suspicious but expected IncidentClassificationReasonSuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected" )
func PossibleIncidentClassificationReasonValues ¶
func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason
PossibleIncidentClassificationReasonValues returns the possible values for the IncidentClassificationReason const type.
func (IncidentClassificationReason) ToPtr ¶
func (c IncidentClassificationReason) ToPtr() *IncidentClassificationReason
ToPtr returns a *IncidentClassificationReason pointing to the current value.
type IncidentComment ¶
type IncidentComment struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Incident comment properties Properties *IncidentCommentProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
IncidentComment - Represents an incident comment
type IncidentCommentList ¶
type IncidentCommentList struct { // REQUIRED; Array of comments. Value []*IncidentComment `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of comments. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
IncidentCommentList - List of incident comments.
func (IncidentCommentList) MarshalJSON ¶
func (i IncidentCommentList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IncidentCommentList.
type IncidentCommentProperties ¶
type IncidentCommentProperties struct { // REQUIRED; The comment message Message *string `json:"message,omitempty"` // READ-ONLY; Describes the client that created the comment Author *ClientInfo `json:"author,omitempty" azure:"ro"` // READ-ONLY; The time the comment was created CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"` // READ-ONLY; The time the comment was updated LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"` }
IncidentCommentProperties - Incident comment property bag.
func (IncidentCommentProperties) MarshalJSON ¶
func (i IncidentCommentProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IncidentCommentProperties.
func (*IncidentCommentProperties) UnmarshalJSON ¶
func (i *IncidentCommentProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentProperties.
type IncidentCommentsClient ¶
type IncidentCommentsClient struct {
// contains filtered or unexported fields
}
IncidentCommentsClient contains the methods for the IncidentComments group. Don't use this type directly, use NewIncidentCommentsClient() instead.
func NewIncidentCommentsClient ¶
func NewIncidentCommentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *IncidentCommentsClient
NewIncidentCommentsClient creates a new instance of IncidentCommentsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*IncidentCommentsClient) CreateOrUpdate ¶ added in v0.2.0
func (client *IncidentCommentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment, options *IncidentCommentsClientCreateOrUpdateOptions) (IncidentCommentsClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates the incident comment. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID incidentCommentID - Incident comment ID incidentComment - The incident comment options - IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/CreateIncidentComment.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentCommentsClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", "<incident-comment-id>", armsecurityinsight.IncidentComment{ Properties: &armsecurityinsight.IncidentCommentProperties{ Message: to.StringPtr("<message>"), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IncidentCommentsClientCreateOrUpdateResult) }
Output:
func (*IncidentCommentsClient) Delete ¶ added in v0.2.0
func (client *IncidentCommentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, options *IncidentCommentsClientDeleteOptions) (IncidentCommentsClientDeleteResponse, error)
Delete - Delete the incident comment. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID incidentCommentID - Incident comment ID options - IncidentCommentsClientDeleteOptions contains the optional parameters for the IncidentCommentsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/DeleteIncidentComment.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentCommentsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", "<incident-comment-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*IncidentCommentsClient) Get ¶
func (client *IncidentCommentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, options *IncidentCommentsClientGetOptions) (IncidentCommentsClientGetResponse, error)
Get - Gets an incident comment. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID incidentCommentID - Incident comment ID options - IncidentCommentsClientGetOptions contains the optional parameters for the IncidentCommentsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/GetIncidentCommentById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentCommentsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", "<incident-comment-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IncidentCommentsClientGetResult) }
Output:
func (*IncidentCommentsClient) List ¶ added in v0.2.0
func (client *IncidentCommentsClient) List(resourceGroupName string, workspaceName string, incidentID string, options *IncidentCommentsClientListOptions) *IncidentCommentsClientListPager
List - Gets all incident comments. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentCommentsClientListOptions contains the optional parameters for the IncidentCommentsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/GetAllIncidentComments.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentCommentsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", "<incident-id>", &armsecurityinsight.IncidentCommentsClientListOptions{Filter: nil, Orderby: nil, Top: nil, SkipToken: nil, }) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type IncidentCommentsClientCreateOrUpdateOptions ¶ added in v0.2.0
type IncidentCommentsClientCreateOrUpdateOptions struct { }
IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate method.
type IncidentCommentsClientCreateOrUpdateResponse ¶ added in v0.2.0
type IncidentCommentsClientCreateOrUpdateResponse struct { IncidentCommentsClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentCommentsClientCreateOrUpdateResponse contains the response from method IncidentCommentsClient.CreateOrUpdate.
type IncidentCommentsClientCreateOrUpdateResult ¶ added in v0.2.0
type IncidentCommentsClientCreateOrUpdateResult struct {
IncidentComment
}
IncidentCommentsClientCreateOrUpdateResult contains the result from method IncidentCommentsClient.CreateOrUpdate.
type IncidentCommentsClientDeleteOptions ¶ added in v0.2.0
type IncidentCommentsClientDeleteOptions struct { }
IncidentCommentsClientDeleteOptions contains the optional parameters for the IncidentCommentsClient.Delete method.
type IncidentCommentsClientDeleteResponse ¶ added in v0.2.0
type IncidentCommentsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentCommentsClientDeleteResponse contains the response from method IncidentCommentsClient.Delete.
type IncidentCommentsClientGetOptions ¶ added in v0.2.0
type IncidentCommentsClientGetOptions struct { }
IncidentCommentsClientGetOptions contains the optional parameters for the IncidentCommentsClient.Get method.
type IncidentCommentsClientGetResponse ¶ added in v0.2.0
type IncidentCommentsClientGetResponse struct { IncidentCommentsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentCommentsClientGetResponse contains the response from method IncidentCommentsClient.Get.
type IncidentCommentsClientGetResult ¶ added in v0.2.0
type IncidentCommentsClientGetResult struct {
IncidentComment
}
IncidentCommentsClientGetResult contains the result from method IncidentCommentsClient.Get.
type IncidentCommentsClientListOptions ¶ added in v0.2.0
type IncidentCommentsClientListOptions struct { // Filters the results, based on a Boolean condition. Optional. Filter *string // Sorts the results. Optional. Orderby *string // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, // the value of the nextLink element will include a skiptoken parameter that // specifies a starting point to use for subsequent calls. Optional. SkipToken *string // Returns only the first n results. Optional. Top *int32 }
IncidentCommentsClientListOptions contains the optional parameters for the IncidentCommentsClient.List method.
type IncidentCommentsClientListPager ¶ added in v0.2.0
type IncidentCommentsClientListPager struct {
// contains filtered or unexported fields
}
IncidentCommentsClientListPager provides operations for iterating over paged responses.
func (*IncidentCommentsClientListPager) Err ¶ added in v0.2.0
func (p *IncidentCommentsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*IncidentCommentsClientListPager) NextPage ¶ added in v0.2.0
func (p *IncidentCommentsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*IncidentCommentsClientListPager) PageResponse ¶ added in v0.2.0
func (p *IncidentCommentsClientListPager) PageResponse() IncidentCommentsClientListResponse
PageResponse returns the current IncidentCommentsClientListResponse page.
type IncidentCommentsClientListResponse ¶ added in v0.2.0
type IncidentCommentsClientListResponse struct { IncidentCommentsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentCommentsClientListResponse contains the response from method IncidentCommentsClient.List.
type IncidentCommentsClientListResult ¶ added in v0.2.0
type IncidentCommentsClientListResult struct {
IncidentCommentList
}
IncidentCommentsClientListResult contains the result from method IncidentCommentsClient.List.
type IncidentConfiguration ¶ added in v0.2.0
type IncidentConfiguration struct { // REQUIRED; Create incidents from alerts triggered by this analytics rule CreateIncident *bool `json:"createIncident,omitempty"` // Set how the alerts that are triggered by this analytics rule, are grouped into incidents GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"` }
IncidentConfiguration - Incident Configuration property bag.
type IncidentEntitiesResponse ¶ added in v0.2.0
type IncidentEntitiesResponse struct { // Array of the incident related entities. Entities []EntityClassification `json:"entities,omitempty"` // The metadata from the incident related entities results. MetaData []*IncidentEntitiesResultsMetadata `json:"metaData,omitempty"` }
IncidentEntitiesResponse - The incident related entities response.
func (IncidentEntitiesResponse) MarshalJSON ¶ added in v0.2.0
func (i IncidentEntitiesResponse) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IncidentEntitiesResponse.
func (*IncidentEntitiesResponse) UnmarshalJSON ¶ added in v0.2.0
func (i *IncidentEntitiesResponse) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResponse.
type IncidentEntitiesResultsMetadata ¶ added in v0.2.0
type IncidentEntitiesResultsMetadata struct { // REQUIRED; Total number of aggregations of the given kind in the incident related entities result. Count *int32 `json:"count,omitempty"` // REQUIRED; The kind of the aggregated entity. EntityKind *EntityKind `json:"entityKind,omitempty"` }
IncidentEntitiesResultsMetadata - Information of a specific aggregation in the incident related entities result.
type IncidentInfo ¶
type IncidentInfo struct { // Incident Id IncidentID *string `json:"incidentId,omitempty"` // Relation Name RelationName *string `json:"relationName,omitempty"` // The severity of the incident Severity *IncidentSeverity `json:"severity,omitempty"` // The title of the incident Title *string `json:"title,omitempty"` }
IncidentInfo - Describes related incident information for the bookmark
type IncidentLabel ¶
type IncidentLabel struct { // REQUIRED; The name of the label LabelName *string `json:"labelName,omitempty"` // READ-ONLY; The type of the label LabelType *IncidentLabelType `json:"labelType,omitempty" azure:"ro"` }
IncidentLabel - Represents an incident label
type IncidentLabelType ¶
type IncidentLabelType string
IncidentLabelType - The type of the label
const ( // IncidentLabelTypeSystem - Label automatically created by the system IncidentLabelTypeSystem IncidentLabelType = "System" // IncidentLabelTypeUser - Label manually created by a user IncidentLabelTypeUser IncidentLabelType = "User" )
func PossibleIncidentLabelTypeValues ¶
func PossibleIncidentLabelTypeValues() []IncidentLabelType
PossibleIncidentLabelTypeValues returns the possible values for the IncidentLabelType const type.
func (IncidentLabelType) ToPtr ¶
func (c IncidentLabelType) ToPtr() *IncidentLabelType
ToPtr returns a *IncidentLabelType pointing to the current value.
type IncidentList ¶
type IncidentList struct { // REQUIRED; Array of incidents. Value []*Incident `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of incidents. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
IncidentList - List all the incidents.
func (IncidentList) MarshalJSON ¶
func (i IncidentList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IncidentList.
type IncidentOwnerInfo ¶
type IncidentOwnerInfo struct { // The name of the user the incident is assigned to. AssignedTo *string `json:"assignedTo,omitempty"` // The email of the user the incident is assigned to. Email *string `json:"email,omitempty"` // The object id of the user the incident is assigned to. ObjectID *string `json:"objectId,omitempty"` // The user principal name of the user the incident is assigned to. UserPrincipalName *string `json:"userPrincipalName,omitempty"` // READ-ONLY; The type of the owner the incident is assigned to. OwnerType *OwnerType `json:"ownerType,omitempty" azure:"ro"` }
IncidentOwnerInfo - Information on the user an incident is assigned to
type IncidentProperties ¶
type IncidentProperties struct { // REQUIRED; The severity of the incident Severity *IncidentSeverity `json:"severity,omitempty"` // REQUIRED; The status of the incident Status *IncidentStatus `json:"status,omitempty"` // REQUIRED; The title of the incident Title *string `json:"title,omitempty"` // The reason the incident was closed Classification *IncidentClassification `json:"classification,omitempty"` // Describes the reason the incident was closed ClassificationComment *string `json:"classificationComment,omitempty"` // The classification reason the incident was closed with ClassificationReason *IncidentClassificationReason `json:"classificationReason,omitempty"` // The description of the incident Description *string `json:"description,omitempty"` // The time of the first activity in the incident FirstActivityTimeUTC *time.Time `json:"firstActivityTimeUtc,omitempty"` // List of labels relevant to this incident Labels []*IncidentLabel `json:"labels,omitempty"` // The time of the last activity in the incident LastActivityTimeUTC *time.Time `json:"lastActivityTimeUtc,omitempty"` // Describes a user that the incident is assigned to Owner *IncidentOwnerInfo `json:"owner,omitempty"` // The incident ID assigned by the incident provider ProviderIncidentID *string `json:"providerIncidentId,omitempty"` // The name of the source provider that generated the incident ProviderName *string `json:"providerName,omitempty"` // Describes a team for the incident TeamInformation *TeamInformation `json:"teamInformation,omitempty"` // READ-ONLY; Additional data on the incident AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The time the incident was created CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"` // READ-ONLY; A sequential number IncidentNumber *int32 `json:"incidentNumber,omitempty" azure:"ro"` // READ-ONLY; The deep-link url to the incident in Azure portal IncidentURL *string `json:"incidentUrl,omitempty" azure:"ro"` // READ-ONLY; The last time the incident was updated LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"` // READ-ONLY; List of resource ids of Analytic rules related to the incident RelatedAnalyticRuleIDs []*string `json:"relatedAnalyticRuleIds,omitempty" azure:"ro"` }
IncidentProperties - Describes incident properties
func (IncidentProperties) MarshalJSON ¶
func (i IncidentProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IncidentProperties.
func (*IncidentProperties) UnmarshalJSON ¶
func (i *IncidentProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type IncidentProperties.
type IncidentRelationsClient ¶ added in v0.2.0
type IncidentRelationsClient struct {
// contains filtered or unexported fields
}
IncidentRelationsClient contains the methods for the IncidentRelations group. Don't use this type directly, use NewIncidentRelationsClient() instead.
func NewIncidentRelationsClient ¶ added in v0.2.0
func NewIncidentRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *IncidentRelationsClient
NewIncidentRelationsClient creates a new instance of IncidentRelationsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*IncidentRelationsClient) CreateOrUpdate ¶ added in v0.2.0
func (client *IncidentRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, relation Relation, options *IncidentRelationsClientCreateOrUpdateOptions) (IncidentRelationsClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates the incident relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID relationName - Relation Name relation - The relation model options - IncidentRelationsClientCreateOrUpdateOptions contains the optional parameters for the IncidentRelationsClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentRelationsClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", "<relation-name>", armsecurityinsight.Relation{ Properties: &armsecurityinsight.RelationProperties{ RelatedResourceID: to.StringPtr("<related-resource-id>"), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IncidentRelationsClientCreateOrUpdateResult) }
Output:
func (*IncidentRelationsClient) Delete ¶ added in v0.2.0
func (client *IncidentRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, options *IncidentRelationsClientDeleteOptions) (IncidentRelationsClientDeleteResponse, error)
Delete - Delete the incident relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID relationName - Relation Name options - IncidentRelationsClientDeleteOptions contains the optional parameters for the IncidentRelationsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentRelationsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", "<relation-name>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*IncidentRelationsClient) Get ¶ added in v0.2.0
func (client *IncidentRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, options *IncidentRelationsClientGetOptions) (IncidentRelationsClientGetResponse, error)
Get - Gets an incident relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID relationName - Relation Name options - IncidentRelationsClientGetOptions contains the optional parameters for the IncidentRelationsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentRelationsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", "<relation-name>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IncidentRelationsClientGetResult) }
Output:
func (*IncidentRelationsClient) List ¶ added in v0.2.0
func (client *IncidentRelationsClient) List(resourceGroupName string, workspaceName string, incidentID string, options *IncidentRelationsClientListOptions) *IncidentRelationsClientListPager
List - Gets all incident relations. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentRelationsClientListOptions contains the optional parameters for the IncidentRelationsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentRelationsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", "<incident-id>", &armsecurityinsight.IncidentRelationsClientListOptions{Filter: nil, Orderby: nil, Top: nil, SkipToken: nil, }) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type IncidentRelationsClientCreateOrUpdateOptions ¶ added in v0.2.0
type IncidentRelationsClientCreateOrUpdateOptions struct { }
IncidentRelationsClientCreateOrUpdateOptions contains the optional parameters for the IncidentRelationsClient.CreateOrUpdate method.
type IncidentRelationsClientCreateOrUpdateResponse ¶ added in v0.2.0
type IncidentRelationsClientCreateOrUpdateResponse struct { IncidentRelationsClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentRelationsClientCreateOrUpdateResponse contains the response from method IncidentRelationsClient.CreateOrUpdate.
type IncidentRelationsClientCreateOrUpdateResult ¶ added in v0.2.0
type IncidentRelationsClientCreateOrUpdateResult struct {
Relation
}
IncidentRelationsClientCreateOrUpdateResult contains the result from method IncidentRelationsClient.CreateOrUpdate.
type IncidentRelationsClientDeleteOptions ¶ added in v0.2.0
type IncidentRelationsClientDeleteOptions struct { }
IncidentRelationsClientDeleteOptions contains the optional parameters for the IncidentRelationsClient.Delete method.
type IncidentRelationsClientDeleteResponse ¶ added in v0.2.0
type IncidentRelationsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentRelationsClientDeleteResponse contains the response from method IncidentRelationsClient.Delete.
type IncidentRelationsClientGetOptions ¶ added in v0.2.0
type IncidentRelationsClientGetOptions struct { }
IncidentRelationsClientGetOptions contains the optional parameters for the IncidentRelationsClient.Get method.
type IncidentRelationsClientGetResponse ¶ added in v0.2.0
type IncidentRelationsClientGetResponse struct { IncidentRelationsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentRelationsClientGetResponse contains the response from method IncidentRelationsClient.Get.
type IncidentRelationsClientGetResult ¶ added in v0.2.0
type IncidentRelationsClientGetResult struct {
Relation
}
IncidentRelationsClientGetResult contains the result from method IncidentRelationsClient.Get.
type IncidentRelationsClientListOptions ¶ added in v0.2.0
type IncidentRelationsClientListOptions struct { // Filters the results, based on a Boolean condition. Optional. Filter *string // Sorts the results. Optional. Orderby *string // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, // the value of the nextLink element will include a skiptoken parameter that // specifies a starting point to use for subsequent calls. Optional. SkipToken *string // Returns only the first n results. Optional. Top *int32 }
IncidentRelationsClientListOptions contains the optional parameters for the IncidentRelationsClient.List method.
type IncidentRelationsClientListPager ¶ added in v0.2.0
type IncidentRelationsClientListPager struct {
// contains filtered or unexported fields
}
IncidentRelationsClientListPager provides operations for iterating over paged responses.
func (*IncidentRelationsClientListPager) Err ¶ added in v0.2.0
func (p *IncidentRelationsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*IncidentRelationsClientListPager) NextPage ¶ added in v0.2.0
func (p *IncidentRelationsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*IncidentRelationsClientListPager) PageResponse ¶ added in v0.2.0
func (p *IncidentRelationsClientListPager) PageResponse() IncidentRelationsClientListResponse
PageResponse returns the current IncidentRelationsClientListResponse page.
type IncidentRelationsClientListResponse ¶ added in v0.2.0
type IncidentRelationsClientListResponse struct { IncidentRelationsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentRelationsClientListResponse contains the response from method IncidentRelationsClient.List.
type IncidentRelationsClientListResult ¶ added in v0.2.0
type IncidentRelationsClientListResult struct {
RelationList
}
IncidentRelationsClientListResult contains the result from method IncidentRelationsClient.List.
type IncidentSeverity ¶
type IncidentSeverity string
IncidentSeverity - The severity of the incident
const ( // IncidentSeverityHigh - High severity IncidentSeverityHigh IncidentSeverity = "High" // IncidentSeverityInformational - Informational severity IncidentSeverityInformational IncidentSeverity = "Informational" // IncidentSeverityLow - Low severity IncidentSeverityLow IncidentSeverity = "Low" // IncidentSeverityMedium - Medium severity IncidentSeverityMedium IncidentSeverity = "Medium" )
func PossibleIncidentSeverityValues ¶
func PossibleIncidentSeverityValues() []IncidentSeverity
PossibleIncidentSeverityValues returns the possible values for the IncidentSeverity const type.
func (IncidentSeverity) ToPtr ¶
func (c IncidentSeverity) ToPtr() *IncidentSeverity
ToPtr returns a *IncidentSeverity pointing to the current value.
type IncidentStatus ¶
type IncidentStatus string
IncidentStatus - The status of the incident
const ( // IncidentStatusActive - An active incident which is being handled IncidentStatusActive IncidentStatus = "Active" // IncidentStatusClosed - A non-active incident IncidentStatusClosed IncidentStatus = "Closed" // IncidentStatusNew - An active incident which isn't being handled currently IncidentStatusNew IncidentStatus = "New" )
func PossibleIncidentStatusValues ¶
func PossibleIncidentStatusValues() []IncidentStatus
PossibleIncidentStatusValues returns the possible values for the IncidentStatus const type.
func (IncidentStatus) ToPtr ¶
func (c IncidentStatus) ToPtr() *IncidentStatus
ToPtr returns a *IncidentStatus pointing to the current value.
type IncidentsClient ¶
type IncidentsClient struct {
// contains filtered or unexported fields
}
IncidentsClient contains the methods for the Incidents group. Don't use this type directly, use NewIncidentsClient() instead.
func NewIncidentsClient ¶
func NewIncidentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *IncidentsClient
NewIncidentsClient creates a new instance of IncidentsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*IncidentsClient) CreateOrUpdate ¶
func (client *IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident Incident, options *IncidentsClientCreateOrUpdateOptions) (IncidentsClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates the incident. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID incident - The incident options - IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/CreateIncident.json
package main import ( "context" "log" "time" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", armsecurityinsight.Incident{ Etag: to.StringPtr("<etag>"), Properties: &armsecurityinsight.IncidentProperties{ Description: to.StringPtr("<description>"), Classification: armsecurityinsight.IncidentClassification("FalsePositive").ToPtr(), ClassificationComment: to.StringPtr("<classification-comment>"), ClassificationReason: armsecurityinsight.IncidentClassificationReason("IncorrectAlertLogic").ToPtr(), FirstActivityTimeUTC: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30Z"); return t }()), LastActivityTimeUTC: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30Z"); return t }()), Owner: &armsecurityinsight.IncidentOwnerInfo{ ObjectID: to.StringPtr("<object-id>"), }, Severity: armsecurityinsight.IncidentSeverity("High").ToPtr(), Status: armsecurityinsight.IncidentStatus("Closed").ToPtr(), Title: to.StringPtr("<title>"), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IncidentsClientCreateOrUpdateResult) }
Output:
func (*IncidentsClient) CreateTeam ¶ added in v0.2.0
func (client *IncidentsClient) CreateTeam(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, teamProperties TeamProperties, options *IncidentsClientCreateTeamOptions) (IncidentsClientCreateTeamResponse, error)
CreateTeam - Creates a Microsoft team to investigate the incident by sharing information and insights between participants. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID teamProperties - Team properties options - IncidentsClientCreateTeamOptions contains the optional parameters for the IncidentsClient.CreateTeam method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/CreateTeam.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil) res, err := client.CreateTeam(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", armsecurityinsight.TeamProperties{ TeamDescription: to.StringPtr("<team-description>"), TeamName: to.StringPtr("<team-name>"), }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IncidentsClientCreateTeamResult) }
Output:
func (*IncidentsClient) Delete ¶
func (client *IncidentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientDeleteOptions) (IncidentsClientDeleteResponse, error)
Delete - Delete the incident. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentsClientDeleteOptions contains the optional parameters for the IncidentsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/DeleteIncident.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*IncidentsClient) Get ¶
func (client *IncidentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientGetOptions) (IncidentsClientGetResponse, error)
Get - Gets an incident. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentsClientGetOptions contains the optional parameters for the IncidentsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetIncidentById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IncidentsClientGetResult) }
Output:
func (*IncidentsClient) List ¶
func (client *IncidentsClient) List(resourceGroupName string, workspaceName string, options *IncidentsClientListOptions) *IncidentsClientListPager
List - Gets all incidents. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - IncidentsClientListOptions contains the optional parameters for the IncidentsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetIncidents.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", &armsecurityinsight.IncidentsClientListOptions{Filter: nil, Orderby: to.StringPtr("<orderby>"), Top: to.Int32Ptr(1), SkipToken: nil, }) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
func (*IncidentsClient) ListAlerts ¶ added in v0.2.0
func (client *IncidentsClient) ListAlerts(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListAlertsOptions) (IncidentsClientListAlertsResponse, error)
ListAlerts - Gets all incident alerts. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentsClientListAlertsOptions contains the optional parameters for the IncidentsClient.ListAlerts method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetAllIncidentAlerts.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil) res, err := client.ListAlerts(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IncidentsClientListAlertsResult) }
Output:
func (*IncidentsClient) ListBookmarks ¶ added in v0.2.0
func (client *IncidentsClient) ListBookmarks(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListBookmarksOptions) (IncidentsClientListBookmarksResponse, error)
ListBookmarks - Gets all incident bookmarks. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentsClientListBookmarksOptions contains the optional parameters for the IncidentsClient.ListBookmarks method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetAllIncidentBookmarks.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil) res, err := client.ListBookmarks(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IncidentsClientListBookmarksResult) }
Output:
func (*IncidentsClient) ListEntities ¶ added in v0.2.0
func (client *IncidentsClient) ListEntities(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListEntitiesOptions) (IncidentsClientListEntitiesResponse, error)
ListEntities - Gets all incident related entities. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentsClientListEntitiesOptions contains the optional parameters for the IncidentsClient.ListEntities method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/entities/GetAllIncidentEntities.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil) res, err := client.ListEntities(ctx, "<resource-group-name>", "<workspace-name>", "<incident-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.IncidentsClientListEntitiesResult) }
Output:
type IncidentsClientCreateOrUpdateOptions ¶ added in v0.2.0
type IncidentsClientCreateOrUpdateOptions struct { }
IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method.
type IncidentsClientCreateOrUpdateResponse ¶ added in v0.2.0
type IncidentsClientCreateOrUpdateResponse struct { IncidentsClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentsClientCreateOrUpdateResponse contains the response from method IncidentsClient.CreateOrUpdate.
type IncidentsClientCreateOrUpdateResult ¶ added in v0.2.0
type IncidentsClientCreateOrUpdateResult struct {
Incident
}
IncidentsClientCreateOrUpdateResult contains the result from method IncidentsClient.CreateOrUpdate.
type IncidentsClientCreateTeamOptions ¶ added in v0.2.0
type IncidentsClientCreateTeamOptions struct { }
IncidentsClientCreateTeamOptions contains the optional parameters for the IncidentsClient.CreateTeam method.
type IncidentsClientCreateTeamResponse ¶ added in v0.2.0
type IncidentsClientCreateTeamResponse struct { IncidentsClientCreateTeamResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentsClientCreateTeamResponse contains the response from method IncidentsClient.CreateTeam.
type IncidentsClientCreateTeamResult ¶ added in v0.2.0
type IncidentsClientCreateTeamResult struct {
TeamInformation
}
IncidentsClientCreateTeamResult contains the result from method IncidentsClient.CreateTeam.
type IncidentsClientDeleteOptions ¶ added in v0.2.0
type IncidentsClientDeleteOptions struct { }
IncidentsClientDeleteOptions contains the optional parameters for the IncidentsClient.Delete method.
type IncidentsClientDeleteResponse ¶ added in v0.2.0
type IncidentsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentsClientDeleteResponse contains the response from method IncidentsClient.Delete.
type IncidentsClientGetOptions ¶ added in v0.2.0
type IncidentsClientGetOptions struct { }
IncidentsClientGetOptions contains the optional parameters for the IncidentsClient.Get method.
type IncidentsClientGetResponse ¶ added in v0.2.0
type IncidentsClientGetResponse struct { IncidentsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentsClientGetResponse contains the response from method IncidentsClient.Get.
type IncidentsClientGetResult ¶ added in v0.2.0
type IncidentsClientGetResult struct {
Incident
}
IncidentsClientGetResult contains the result from method IncidentsClient.Get.
type IncidentsClientListAlertsOptions ¶ added in v0.2.0
type IncidentsClientListAlertsOptions struct { }
IncidentsClientListAlertsOptions contains the optional parameters for the IncidentsClient.ListAlerts method.
type IncidentsClientListAlertsResponse ¶ added in v0.2.0
type IncidentsClientListAlertsResponse struct { IncidentsClientListAlertsResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentsClientListAlertsResponse contains the response from method IncidentsClient.ListAlerts.
type IncidentsClientListAlertsResult ¶ added in v0.2.0
type IncidentsClientListAlertsResult struct {
IncidentAlertList
}
IncidentsClientListAlertsResult contains the result from method IncidentsClient.ListAlerts.
type IncidentsClientListBookmarksOptions ¶ added in v0.2.0
type IncidentsClientListBookmarksOptions struct { }
IncidentsClientListBookmarksOptions contains the optional parameters for the IncidentsClient.ListBookmarks method.
type IncidentsClientListBookmarksResponse ¶ added in v0.2.0
type IncidentsClientListBookmarksResponse struct { IncidentsClientListBookmarksResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentsClientListBookmarksResponse contains the response from method IncidentsClient.ListBookmarks.
type IncidentsClientListBookmarksResult ¶ added in v0.2.0
type IncidentsClientListBookmarksResult struct {
IncidentBookmarkList
}
IncidentsClientListBookmarksResult contains the result from method IncidentsClient.ListBookmarks.
type IncidentsClientListEntitiesOptions ¶ added in v0.2.0
type IncidentsClientListEntitiesOptions struct { }
IncidentsClientListEntitiesOptions contains the optional parameters for the IncidentsClient.ListEntities method.
type IncidentsClientListEntitiesResponse ¶ added in v0.2.0
type IncidentsClientListEntitiesResponse struct { IncidentsClientListEntitiesResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentsClientListEntitiesResponse contains the response from method IncidentsClient.ListEntities.
type IncidentsClientListEntitiesResult ¶ added in v0.2.0
type IncidentsClientListEntitiesResult struct {
IncidentEntitiesResponse
}
IncidentsClientListEntitiesResult contains the result from method IncidentsClient.ListEntities.
type IncidentsClientListOptions ¶ added in v0.2.0
type IncidentsClientListOptions struct { // Filters the results, based on a Boolean condition. Optional. Filter *string // Sorts the results. Optional. Orderby *string // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, // the value of the nextLink element will include a skiptoken parameter that // specifies a starting point to use for subsequent calls. Optional. SkipToken *string // Returns only the first n results. Optional. Top *int32 }
IncidentsClientListOptions contains the optional parameters for the IncidentsClient.List method.
type IncidentsClientListPager ¶ added in v0.2.0
type IncidentsClientListPager struct {
// contains filtered or unexported fields
}
IncidentsClientListPager provides operations for iterating over paged responses.
func (*IncidentsClientListPager) Err ¶ added in v0.2.0
func (p *IncidentsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*IncidentsClientListPager) NextPage ¶ added in v0.2.0
func (p *IncidentsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*IncidentsClientListPager) PageResponse ¶ added in v0.2.0
func (p *IncidentsClientListPager) PageResponse() IncidentsClientListResponse
PageResponse returns the current IncidentsClientListResponse page.
type IncidentsClientListResponse ¶ added in v0.2.0
type IncidentsClientListResponse struct { IncidentsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
IncidentsClientListResponse contains the response from method IncidentsClient.List.
type IncidentsClientListResult ¶ added in v0.2.0
type IncidentsClientListResult struct {
IncidentList
}
IncidentsClientListResult contains the result from method IncidentsClient.List.
type InsightQueryItem ¶ added in v0.2.0
type InsightQueryItem struct { // REQUIRED; The kind of the entity query Kind *EntityQueryKind `json:"kind,omitempty"` // Query Template ARM Name Name *string `json:"name,omitempty"` // Properties bag for InsightQueryItem Properties *InsightQueryItemProperties `json:"properties,omitempty"` // ARM Type Type *string `json:"type,omitempty"` // READ-ONLY; Query Template ARM ID ID *string `json:"id,omitempty" azure:"ro"` }
InsightQueryItem - Represents Insight Query.
func (*InsightQueryItem) GetEntityQueryItem ¶ added in v0.2.0
func (i *InsightQueryItem) GetEntityQueryItem() *EntityQueryItem
GetEntityQueryItem implements the EntityQueryItemClassification interface for type InsightQueryItem.
func (InsightQueryItem) MarshalJSON ¶ added in v0.2.0
func (i InsightQueryItem) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type InsightQueryItem.
func (*InsightQueryItem) UnmarshalJSON ¶ added in v0.2.0
func (i *InsightQueryItem) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItem.
type InsightQueryItemProperties ¶ added in v0.2.0
type InsightQueryItemProperties struct { // The activity query definitions. AdditionalQuery *InsightQueryItemPropertiesAdditionalQuery `json:"additionalQuery,omitempty"` // The base query of the insight. BaseQuery *string `json:"baseQuery,omitempty"` // The insight chart query. ChartQuery map[string]interface{} `json:"chartQuery,omitempty"` // Data types for template DataTypes []*EntityQueryItemPropertiesDataTypesItem `json:"dataTypes,omitempty"` // The insight chart query. DefaultTimeRange *InsightQueryItemPropertiesDefaultTimeRange `json:"defaultTimeRange,omitempty"` // The insight description. Description *string `json:"description,omitempty"` // The insight display name. DisplayName *string `json:"displayName,omitempty"` // The query applied only to entities matching to all filters EntitiesFilter map[string]interface{} `json:"entitiesFilter,omitempty"` // The type of the entity InputEntityType *EntityType `json:"inputEntityType,omitempty"` // The insight chart query. ReferenceTimeRange *InsightQueryItemPropertiesReferenceTimeRange `json:"referenceTimeRange,omitempty"` // Data types for template RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"` // The insight table query. TableQuery *InsightQueryItemPropertiesTableQuery `json:"tableQuery,omitempty"` }
InsightQueryItemProperties - Represents Insight Query.
func (InsightQueryItemProperties) MarshalJSON ¶ added in v0.2.0
func (i InsightQueryItemProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type InsightQueryItemProperties.
type InsightQueryItemPropertiesAdditionalQuery ¶ added in v0.2.0
type InsightQueryItemPropertiesAdditionalQuery struct { // The insight query. Query *string `json:"query,omitempty"` // The insight text. Text *string `json:"text,omitempty"` }
InsightQueryItemPropertiesAdditionalQuery - The activity query definitions.
type InsightQueryItemPropertiesDefaultTimeRange ¶ added in v0.2.0
type InsightQueryItemPropertiesDefaultTimeRange struct { // The padding for the end time of the query. AfterRange *string `json:"afterRange,omitempty"` // The padding for the start time of the query. BeforeRange *string `json:"beforeRange,omitempty"` }
InsightQueryItemPropertiesDefaultTimeRange - The insight chart query.
type InsightQueryItemPropertiesReferenceTimeRange ¶ added in v0.2.0
type InsightQueryItemPropertiesReferenceTimeRange struct { // Additional query time for looking back. BeforeRange *string `json:"beforeRange,omitempty"` }
InsightQueryItemPropertiesReferenceTimeRange - The insight chart query.
type InsightQueryItemPropertiesTableQuery ¶ added in v0.2.0
type InsightQueryItemPropertiesTableQuery struct { // List of insight column definitions. ColumnsDefinitions []*InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem `json:"columnsDefinitions,omitempty"` // List of insight queries definitions. QueriesDefinitions []*InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem `json:"queriesDefinitions,omitempty"` }
InsightQueryItemPropertiesTableQuery - The insight table query.
func (InsightQueryItemPropertiesTableQuery) MarshalJSON ¶ added in v0.2.0
func (i InsightQueryItemPropertiesTableQuery) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQuery.
type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem ¶ added in v0.2.0
type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem struct { // Insight column header. Header *string `json:"header,omitempty"` // Insights Column type. OutputType *OutputType `json:"outputType,omitempty"` // Is query supports deep-link. SupportDeepLink *bool `json:"supportDeepLink,omitempty"` }
type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem ¶ added in v0.2.0
type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem struct { // Insight column header. Filter *string `json:"filter,omitempty"` // Insight column header. LinkColumnsDefinitions []*InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem `json:"linkColumnsDefinitions,omitempty"` // Insight column header. Project *string `json:"project,omitempty"` // Insight column header. Summarize *string `json:"summarize,omitempty"` }
func (InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem) MarshalJSON ¶ added in v0.2.0
func (i InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem.
type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem ¶ added in v0.2.0
type InsightsTableResult ¶ added in v0.2.0
type InsightsTableResult struct { // Columns Metadata of the table Columns []*InsightsTableResultColumnsItem `json:"columns,omitempty"` // Rows data of the table Rows [][]*string `json:"rows,omitempty"` }
InsightsTableResult - Query results for table insights query.
func (InsightsTableResult) MarshalJSON ¶ added in v0.2.0
func (i InsightsTableResult) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type InsightsTableResult.
type InsightsTableResultColumnsItem ¶ added in v0.2.0
type InstructionSteps ¶ added in v0.2.0
type InstructionSteps struct { // Instruction step description Description *string `json:"description,omitempty"` // Instruction step details Instructions []*InstructionStepsInstructionsItem `json:"instructions,omitempty"` // Instruction step title Title *string `json:"title,omitempty"` }
InstructionSteps - Instruction steps to enable the connector
func (InstructionSteps) MarshalJSON ¶ added in v0.2.0
func (i InstructionSteps) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type InstructionSteps.
type InstructionStepsInstructionsItem ¶ added in v0.2.0
type InstructionStepsInstructionsItem struct { // REQUIRED; The kind of the setting Type *SettingType `json:"type,omitempty"` // The parameters for the setting Parameters map[string]interface{} `json:"parameters,omitempty"` }
type IoTDeviceEntity ¶ added in v0.2.0
type IoTDeviceEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // IoTDevice entity properties Properties *IoTDeviceEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
IoTDeviceEntity - Represents an IoT device entity.
func (*IoTDeviceEntity) GetEntity ¶ added in v0.2.0
func (i *IoTDeviceEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type IoTDeviceEntity.
func (IoTDeviceEntity) MarshalJSON ¶ added in v0.2.0
func (i IoTDeviceEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntity.
func (*IoTDeviceEntity) UnmarshalJSON ¶ added in v0.2.0
func (i *IoTDeviceEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntity.
type IoTDeviceEntityProperties ¶ added in v0.2.0
type IoTDeviceEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The ID of the IoT Device in the IoT Hub DeviceID *string `json:"deviceId,omitempty" azure:"ro"` // READ-ONLY; The friendly name of the device DeviceName *string `json:"deviceName,omitempty" azure:"ro"` // READ-ONLY; The type of the device DeviceType *string `json:"deviceType,omitempty" azure:"ro"` // READ-ONLY; The ID of the edge device EdgeID *string `json:"edgeId,omitempty" azure:"ro"` // READ-ONLY; The firmware version of the device FirmwareVersion *string `json:"firmwareVersion,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The Host entity id of this device HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"` // READ-ONLY; The IP entity if of this device IPAddressEntityID *string `json:"ipAddressEntityId,omitempty" azure:"ro"` // READ-ONLY; The AzureResource entity id of the IoT Hub IotHubEntityID *string `json:"iotHubEntityId,omitempty" azure:"ro"` // READ-ONLY; The ID of the security agent running on the device IotSecurityAgentID *string `json:"iotSecurityAgentId,omitempty" azure:"ro"` // READ-ONLY; The MAC address of the device MacAddress *string `json:"macAddress,omitempty" azure:"ro"` // READ-ONLY; The model of the device Model *string `json:"model,omitempty" azure:"ro"` // READ-ONLY; The operating system of the device OperatingSystem *string `json:"operatingSystem,omitempty" azure:"ro"` // READ-ONLY; A list of protocols of the IoTDevice entity. Protocols []*string `json:"protocols,omitempty" azure:"ro"` // READ-ONLY; The serial number of the device SerialNumber *string `json:"serialNumber,omitempty" azure:"ro"` // READ-ONLY; The source of the device Source *string `json:"source,omitempty" azure:"ro"` // READ-ONLY; A list of TI contexts attached to the IoTDevice entity. ThreatIntelligence []*ThreatIntelligence `json:"threatIntelligence,omitempty" azure:"ro"` // READ-ONLY; The vendor of the device Vendor *string `json:"vendor,omitempty" azure:"ro"` }
IoTDeviceEntityProperties - IoTDevice entity property bag.
func (IoTDeviceEntityProperties) MarshalJSON ¶ added in v0.2.0
func (i IoTDeviceEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntityProperties.
type KillChainIntent ¶ added in v0.2.0
type KillChainIntent string
KillChainIntent - Holds the alert intent stage(s) mapping for this alert.
const ( // KillChainIntentCollection - Collection consists of techniques used to identify and gather information, such as sensitive // files, from a target network prior to exfiltration. This category also covers locations on a system or network where the // adversary may look for information to exfiltrate. KillChainIntentCollection KillChainIntent = "Collection" // KillChainIntentCommandAndControl - The command and control tactic represents how adversaries communicate with systems under // their control within a target network. KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" // KillChainIntentCredentialAccess - Credential access represents techniques resulting in access to or control over system, // domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain // legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator // access) to use within the network. With sufficient access within a network, an adversary can create accounts for later // use within the environment. KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" // KillChainIntentDefenseEvasion - Defense evasion consists of techniques an adversary may use to evade detection or avoid // other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added // benefit of subverting a particular defense or mitigation. KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" // KillChainIntentDiscovery - Discovery consists of techniques that allow the adversary to gain knowledge about the system // and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control // of and what benefits operating from that system give to their current objective or overall goals during the intrusion. // The operating system provides many native tools that aid in this post-compromise information-gathering phase. KillChainIntentDiscovery KillChainIntent = "Discovery" // KillChainIntentExecution - The execution tactic represents techniques that result in execution of adversary-controlled // code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote // systems on a network. KillChainIntentExecution KillChainIntent = "Execution" // KillChainIntentExfiltration - Exfiltration refers to techniques and attributes that result or aid in the adversary removing // files and information from a target network. This category also covers locations on a system or network where the adversary // may look for information to exfiltrate. KillChainIntentExfiltration KillChainIntent = "Exfiltration" // KillChainIntentExploitation - Exploitation is the stage where an attacker manage to get foothold on the attacked resource. // This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries // will often be able to control the resource after this stage. KillChainIntentExploitation KillChainIntent = "Exploitation" // KillChainIntentImpact - The impact intent primary objective is to directly reduce the availability or integrity of a system, // service, or network; including manipulation of data to impact a business or operational process. This would often refer // to techniques such as ransom-ware, defacement, data manipulation and others. KillChainIntentImpact KillChainIntent = "Impact" // KillChainIntentLateralMovement - Lateral movement consists of techniques that enable an adversary to access and control // remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral // movement techniques could allow an adversary to gather information from a system without needing additional tools, such // as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools, // pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause // an effect. KillChainIntentLateralMovement KillChainIntent = "LateralMovement" // KillChainIntentPersistence - Persistence is any access, action, or configuration change to a system that gives an adversary // a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such // as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate // backdoor for them to regain access. KillChainIntentPersistence KillChainIntent = "Persistence" // KillChainIntentPrivilegeEscalation - Privilege escalation is the result of actions that allow an adversary to obtain a // higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work // and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems // or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation // of privilege. KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" // KillChainIntentProbing - Probing could be an attempt to access a certain resource regardless of a malicious intent or a // failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected // as an attempt originating from outside the network in attempt to scan the target system and find a way in. KillChainIntentProbing KillChainIntent = "Probing" // KillChainIntentUnknown - The default value. KillChainIntentUnknown KillChainIntent = "Unknown" )
func PossibleKillChainIntentValues ¶ added in v0.2.0
func PossibleKillChainIntentValues() []KillChainIntent
PossibleKillChainIntentValues returns the possible values for the KillChainIntent const type.
func (KillChainIntent) ToPtr ¶ added in v0.2.0
func (c KillChainIntent) ToPtr() *KillChainIntent
ToPtr returns a *KillChainIntent pointing to the current value.
type Kind ¶ added in v0.2.0
type Kind string
Kind - The kind of content the metadata is for.
const ( KindAnalyticsRule Kind = "AnalyticsRule" KindAnalyticsRuleTemplate Kind = "AnalyticsRuleTemplate" KindDataConnector Kind = "DataConnector" KindDataType Kind = "DataType" KindHuntingQuery Kind = "HuntingQuery" KindInvestigationQuery Kind = "InvestigationQuery" KindParser Kind = "Parser" KindPlaybook Kind = "Playbook" KindPlaybookTemplate Kind = "PlaybookTemplate" KindSolution Kind = "Solution" KindWatchlist Kind = "Watchlist" KindWatchlistTemplate Kind = "WatchlistTemplate" KindWorkbook Kind = "Workbook" KindWorkbookTemplate Kind = "WorkbookTemplate" )
func PossibleKindValues ¶ added in v0.2.0
func PossibleKindValues() []Kind
PossibleKindValues returns the possible values for the Kind const type.
type LastDataReceivedDataType ¶ added in v0.2.0
type LastDataReceivedDataType struct { // Query for indicate last data received LastDataReceivedQuery *string `json:"lastDataReceivedQuery,omitempty"` // Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder Name *string `json:"name,omitempty"` }
LastDataReceivedDataType - Data type for last data received
type MCASCheckRequirements ¶ added in v0.2.0
type MCASCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // MCAS (Microsoft Cloud App Security) requirements check properties. Properties *MCASCheckRequirementsProperties `json:"properties,omitempty"` }
MCASCheckRequirements - Represents MCAS (Microsoft Cloud App Security) requirements check request.
func (*MCASCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (m *MCASCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MCASCheckRequirements.
func (MCASCheckRequirements) MarshalJSON ¶ added in v0.2.0
func (m MCASCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MCASCheckRequirements.
func (*MCASCheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (m *MCASCheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MCASCheckRequirements.
type MCASCheckRequirementsProperties ¶ added in v0.2.0
type MCASCheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties.
type MCASDataConnector ¶
type MCASDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // MCAS (Microsoft Cloud App Security) data connector properties. Properties *MCASDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MCASDataConnector - Represents MCAS (Microsoft Cloud App Security) data connector.
func (*MCASDataConnector) GetDataConnector ¶ added in v0.2.0
func (m *MCASDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type MCASDataConnector.
func (MCASDataConnector) MarshalJSON ¶
func (m MCASDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MCASDataConnector.
func (*MCASDataConnector) UnmarshalJSON ¶
func (m *MCASDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnector.
type MCASDataConnectorDataTypes ¶
type MCASDataConnectorDataTypes struct { // REQUIRED; Alerts data type connection. Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"` // Discovery log data type connection. DiscoveryLogs *DataConnectorDataTypeCommon `json:"discoveryLogs,omitempty"` }
MCASDataConnectorDataTypes - The available data types for MCAS (Microsoft Cloud App Security) data connector.
type MCASDataConnectorProperties ¶
type MCASDataConnectorProperties struct { // REQUIRED; The available data types for the connector. DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties.
type MDATPCheckRequirements ¶ added in v0.2.0
type MDATPCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. Properties *MDATPCheckRequirementsProperties `json:"properties,omitempty"` }
MDATPCheckRequirements - Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.
func (*MDATPCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (m *MDATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MDATPCheckRequirements.
func (MDATPCheckRequirements) MarshalJSON ¶ added in v0.2.0
func (m MDATPCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MDATPCheckRequirements.
func (*MDATPCheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (m *MDATPCheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MDATPCheckRequirements.
type MDATPCheckRequirementsProperties ¶ added in v0.2.0
type MDATPCheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.
type MDATPDataConnector ¶
type MDATPDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. Properties *MDATPDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MDATPDataConnector - Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.
func (*MDATPDataConnector) GetDataConnector ¶ added in v0.2.0
func (m *MDATPDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type MDATPDataConnector.
func (MDATPDataConnector) MarshalJSON ¶
func (m MDATPDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MDATPDataConnector.
func (*MDATPDataConnector) UnmarshalJSON ¶
func (m *MDATPDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnector.
type MDATPDataConnectorProperties ¶
type MDATPDataConnectorProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
type MLBehaviorAnalyticsAlertRule ¶ added in v0.2.0
type MLBehaviorAnalyticsAlertRule struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // MLBehaviorAnalytics alert rule properties Properties *MLBehaviorAnalyticsAlertRuleProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MLBehaviorAnalyticsAlertRule - Represents MLBehaviorAnalytics alert rule.
func (*MLBehaviorAnalyticsAlertRule) GetAlertRule ¶ added in v0.2.0
func (m *MLBehaviorAnalyticsAlertRule) GetAlertRule() *AlertRule
GetAlertRule implements the AlertRuleClassification interface for type MLBehaviorAnalyticsAlertRule.
func (MLBehaviorAnalyticsAlertRule) MarshalJSON ¶ added in v0.2.0
func (m MLBehaviorAnalyticsAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRule.
func (*MLBehaviorAnalyticsAlertRule) UnmarshalJSON ¶ added in v0.2.0
func (m *MLBehaviorAnalyticsAlertRule) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRule.
type MLBehaviorAnalyticsAlertRuleProperties ¶ added in v0.2.0
type MLBehaviorAnalyticsAlertRuleProperties struct { // REQUIRED; The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // REQUIRED; Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // READ-ONLY; The description of the alert rule. Description *string `json:"description,omitempty" azure:"ro"` // READ-ONLY; The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty" azure:"ro"` // READ-ONLY; The last time that this alert rule has been modified. LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` // READ-ONLY; The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"` // READ-ONLY; The tactics of the alert rule Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` }
MLBehaviorAnalyticsAlertRuleProperties - MLBehaviorAnalytics alert rule base property bag.
func (MLBehaviorAnalyticsAlertRuleProperties) MarshalJSON ¶ added in v0.2.0
func (m MLBehaviorAnalyticsAlertRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleProperties.
func (*MLBehaviorAnalyticsAlertRuleProperties) UnmarshalJSON ¶ added in v0.2.0
func (m *MLBehaviorAnalyticsAlertRuleProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleProperties.
type MLBehaviorAnalyticsAlertRuleTemplate ¶ added in v0.2.0
type MLBehaviorAnalyticsAlertRuleTemplate struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // MLBehaviorAnalytics alert rule template properties. Properties *MLBehaviorAnalyticsAlertRuleTemplateProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MLBehaviorAnalyticsAlertRuleTemplate - Represents MLBehaviorAnalytics alert rule template.
func (*MLBehaviorAnalyticsAlertRuleTemplate) GetAlertRuleTemplate ¶ added in v0.2.0
func (m *MLBehaviorAnalyticsAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate
GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MLBehaviorAnalyticsAlertRuleTemplate.
func (MLBehaviorAnalyticsAlertRuleTemplate) MarshalJSON ¶ added in v0.2.0
func (m MLBehaviorAnalyticsAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleTemplate.
func (*MLBehaviorAnalyticsAlertRuleTemplate) UnmarshalJSON ¶ added in v0.2.0
func (m *MLBehaviorAnalyticsAlertRuleTemplate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleTemplate.
type MLBehaviorAnalyticsAlertRuleTemplateProperties ¶ added in v0.2.0
type MLBehaviorAnalyticsAlertRuleTemplateProperties struct { // REQUIRED; The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty"` // the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // The description of the alert rule template. Description *string `json:"description,omitempty"` // The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // The required data sources for this template RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // The alert rule template status. Status *TemplateStatus `json:"status,omitempty"` // The tactics of the alert rule template. Tactics []*AttackTactic `json:"tactics,omitempty"` // READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` // READ-ONLY; The last time that this alert rule template has been updated. LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` }
MLBehaviorAnalyticsAlertRuleTemplateProperties - MLBehaviorAnalytics alert rule template properties.
func (MLBehaviorAnalyticsAlertRuleTemplateProperties) MarshalJSON ¶ added in v0.2.0
func (m MLBehaviorAnalyticsAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleTemplateProperties.
func (*MLBehaviorAnalyticsAlertRuleTemplateProperties) UnmarshalJSON ¶ added in v0.2.0
func (m *MLBehaviorAnalyticsAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleTemplateProperties.
type MSTICheckRequirements ¶ added in v0.2.0
type MSTICheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // Microsoft Threat Intelligence requirements check properties. Properties *MSTICheckRequirementsProperties `json:"properties,omitempty"` }
MSTICheckRequirements - Represents Microsoft Threat Intelligence requirements check request.
func (*MSTICheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (m *MSTICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MSTICheckRequirements.
func (MSTICheckRequirements) MarshalJSON ¶ added in v0.2.0
func (m MSTICheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MSTICheckRequirements.
func (*MSTICheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (m *MSTICheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MSTICheckRequirements.
type MSTICheckRequirementsProperties ¶ added in v0.2.0
type MSTICheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MSTICheckRequirementsProperties - Microsoft Threat Intelligence requirements check properties.
type MSTIDataConnector ¶ added in v0.2.0
type MSTIDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Microsoft Threat Intelligence data connector properties. Properties *MSTIDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MSTIDataConnector - Represents Microsoft Threat Intelligence data connector.
func (*MSTIDataConnector) GetDataConnector ¶ added in v0.2.0
func (m *MSTIDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type MSTIDataConnector.
func (MSTIDataConnector) MarshalJSON ¶ added in v0.2.0
func (m MSTIDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MSTIDataConnector.
func (*MSTIDataConnector) UnmarshalJSON ¶ added in v0.2.0
func (m *MSTIDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnector.
type MSTIDataConnectorDataTypes ¶ added in v0.2.0
type MSTIDataConnectorDataTypes struct { // REQUIRED; Data type for Microsoft Threat Intelligence Platforms data connector. BingSafetyPhishingURL *MSTIDataConnectorDataTypesBingSafetyPhishingURL `json:"bingSafetyPhishingURL,omitempty"` // REQUIRED; Data type for Microsoft Threat Intelligence Platforms data connector. MicrosoftEmergingThreatFeed *MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed `json:"microsoftEmergingThreatFeed,omitempty"` }
MSTIDataConnectorDataTypes - The available data types for Microsoft Threat Intelligence Platforms data connector.
type MSTIDataConnectorDataTypesBingSafetyPhishingURL ¶ added in v0.2.0
type MSTIDataConnectorDataTypesBingSafetyPhishingURL struct { // REQUIRED; lookback period LookbackPeriod *string `json:"lookbackPeriod,omitempty"` // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
MSTIDataConnectorDataTypesBingSafetyPhishingURL - Data type for Microsoft Threat Intelligence Platforms data connector.
type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed ¶ added in v0.2.0
type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed struct { // REQUIRED; lookback period LookbackPeriod *string `json:"lookbackPeriod,omitempty"` // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed - Data type for Microsoft Threat Intelligence Platforms data connector.
type MSTIDataConnectorProperties ¶ added in v0.2.0
type MSTIDataConnectorProperties struct { // REQUIRED; The available data types for the connector. DataTypes *MSTIDataConnectorDataTypes `json:"dataTypes,omitempty"` // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MSTIDataConnectorProperties - Microsoft Threat Intelligence data connector properties.
type MTPCheckRequirementsProperties ¶ added in v0.2.0
type MTPCheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MTPCheckRequirementsProperties - MTP (Microsoft Threat Protection) requirements check properties.
type MTPDataConnector ¶ added in v0.2.0
type MTPDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // MTP (Microsoft Threat Protection) data connector properties. Properties *MTPDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MTPDataConnector - Represents MTP (Microsoft Threat Protection) data connector.
func (*MTPDataConnector) GetDataConnector ¶ added in v0.2.0
func (m *MTPDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type MTPDataConnector.
func (MTPDataConnector) MarshalJSON ¶ added in v0.2.0
func (m MTPDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MTPDataConnector.
func (*MTPDataConnector) UnmarshalJSON ¶ added in v0.2.0
func (m *MTPDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnector.
type MTPDataConnectorDataTypes ¶ added in v0.2.0
type MTPDataConnectorDataTypes struct { // REQUIRED; Data type for Microsoft Threat Protection Platforms data connector. Incidents *MTPDataConnectorDataTypesIncidents `json:"incidents,omitempty"` }
MTPDataConnectorDataTypes - The available data types for Microsoft Threat Protection Platforms data connector.
type MTPDataConnectorDataTypesIncidents ¶ added in v0.2.0
type MTPDataConnectorDataTypesIncidents struct { // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
MTPDataConnectorDataTypesIncidents - Data type for Microsoft Threat Protection Platforms data connector.
type MTPDataConnectorProperties ¶ added in v0.2.0
type MTPDataConnectorProperties struct { // REQUIRED; The available data types for the connector. DataTypes *MTPDataConnectorDataTypes `json:"dataTypes,omitempty"` // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MTPDataConnectorProperties - MTP (Microsoft Threat Protection) data connector properties.
type MailClusterEntity ¶ added in v0.2.0
type MailClusterEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // Mail cluster entity properties Properties *MailClusterEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MailClusterEntity - Represents a mail cluster entity.
func (*MailClusterEntity) GetEntity ¶ added in v0.2.0
func (m *MailClusterEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type MailClusterEntity.
func (MailClusterEntity) MarshalJSON ¶ added in v0.2.0
func (m MailClusterEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MailClusterEntity.
func (*MailClusterEntity) UnmarshalJSON ¶ added in v0.2.0
func (m *MailClusterEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntity.
type MailClusterEntityProperties ¶ added in v0.2.0
type MailClusterEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The cluster group ClusterGroup *string `json:"clusterGroup,omitempty" azure:"ro"` // READ-ONLY; The cluster query end time ClusterQueryEndTime *time.Time `json:"clusterQueryEndTime,omitempty" azure:"ro"` // READ-ONLY; The cluster query start time ClusterQueryStartTime *time.Time `json:"clusterQueryStartTime,omitempty" azure:"ro"` // READ-ONLY; The id of the cluster source ClusterSourceIdentifier *string `json:"clusterSourceIdentifier,omitempty" azure:"ro"` // READ-ONLY; The type of the cluster source ClusterSourceType *string `json:"clusterSourceType,omitempty" azure:"ro"` // READ-ONLY; Count of mail messages by DeliveryStatus string representation CountByDeliveryStatus map[string]interface{} `json:"countByDeliveryStatus,omitempty" azure:"ro"` // READ-ONLY; Count of mail messages by ProtectionStatus string representation CountByProtectionStatus map[string]interface{} `json:"countByProtectionStatus,omitempty" azure:"ro"` // READ-ONLY; Count of mail messages by ThreatType string representation CountByThreatType map[string]interface{} `json:"countByThreatType,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; Is this a volume anomaly mail cluster IsVolumeAnomaly *bool `json:"isVolumeAnomaly,omitempty" azure:"ro"` // READ-ONLY; The number of mail messages that are part of the mail cluster MailCount *int32 `json:"mailCount,omitempty" azure:"ro"` // READ-ONLY; The mail message IDs that are part of the mail cluster NetworkMessageIDs []*string `json:"networkMessageIds,omitempty" azure:"ro"` // READ-ONLY; The query that was used to identify the messages of the mail cluster Query *string `json:"query,omitempty" azure:"ro"` // READ-ONLY; The query time QueryTime *time.Time `json:"queryTime,omitempty" azure:"ro"` // READ-ONLY; The source of the mail cluster (default is 'O365 ATP') Source *string `json:"source,omitempty" azure:"ro"` // READ-ONLY; The threats of mail messages that are part of the mail cluster Threats []*string `json:"threats,omitempty" azure:"ro"` }
MailClusterEntityProperties - Mail cluster entity property bag.
func (MailClusterEntityProperties) MarshalJSON ¶ added in v0.2.0
func (m MailClusterEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MailClusterEntityProperties.
func (*MailClusterEntityProperties) UnmarshalJSON ¶ added in v0.2.0
func (m *MailClusterEntityProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntityProperties.
type MailMessageEntity ¶ added in v0.2.0
type MailMessageEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // Mail message entity properties Properties *MailMessageEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MailMessageEntity - Represents a mail message entity.
func (*MailMessageEntity) GetEntity ¶ added in v0.2.0
func (m *MailMessageEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type MailMessageEntity.
func (MailMessageEntity) MarshalJSON ¶ added in v0.2.0
func (m MailMessageEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MailMessageEntity.
func (*MailMessageEntity) UnmarshalJSON ¶ added in v0.2.0
func (m *MailMessageEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntity.
type MailMessageEntityProperties ¶ added in v0.2.0
type MailMessageEntityProperties struct { // The directionality of this mail message AntispamDirection *AntispamMailDirection `json:"antispamDirection,omitempty"` // The bodyFingerprintBin1 BodyFingerprintBin1 *int32 `json:"bodyFingerprintBin1,omitempty"` // The bodyFingerprintBin2 BodyFingerprintBin2 *int32 `json:"bodyFingerprintBin2,omitempty"` // The bodyFingerprintBin3 BodyFingerprintBin3 *int32 `json:"bodyFingerprintBin3,omitempty"` // The bodyFingerprintBin4 BodyFingerprintBin4 *int32 `json:"bodyFingerprintBin4,omitempty"` // The bodyFingerprintBin5 BodyFingerprintBin5 *int32 `json:"bodyFingerprintBin5,omitempty"` // The delivery action of this mail message like Delivered, Blocked, Replaced etc DeliveryAction *DeliveryAction `json:"deliveryAction,omitempty"` // The delivery location of this mail message like Inbox, JunkFolder etc DeliveryLocation *DeliveryLocation `json:"deliveryLocation,omitempty"` // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The File entity ids of this mail message's attachments FileEntityIDs []*string `json:"fileEntityIds,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The internet message id of this mail message InternetMessageID *string `json:"internetMessageId,omitempty" azure:"ro"` // READ-ONLY; The language of this mail message Language *string `json:"language,omitempty" azure:"ro"` // READ-ONLY; The network message id of this mail message NetworkMessageID *string `json:"networkMessageId,omitempty" azure:"ro"` // READ-ONLY; The p1 sender's email address P1Sender *string `json:"p1Sender,omitempty" azure:"ro"` // READ-ONLY; The p1 sender's display name P1SenderDisplayName *string `json:"p1SenderDisplayName,omitempty" azure:"ro"` // READ-ONLY; The p1 sender's domain P1SenderDomain *string `json:"p1SenderDomain,omitempty" azure:"ro"` // READ-ONLY; The p2 sender's email address P2Sender *string `json:"p2Sender,omitempty" azure:"ro"` // READ-ONLY; The p2 sender's display name P2SenderDisplayName *string `json:"p2SenderDisplayName,omitempty" azure:"ro"` // READ-ONLY; The p2 sender's domain P2SenderDomain *string `json:"p2SenderDomain,omitempty" azure:"ro"` // READ-ONLY; The receive date of this message ReceiveDate *time.Time `json:"receiveDate,omitempty" azure:"ro"` // READ-ONLY; The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and // each copy has one recipient Recipient *string `json:"recipient,omitempty" azure:"ro"` // READ-ONLY; The sender's IP address SenderIP *string `json:"senderIP,omitempty" azure:"ro"` // READ-ONLY; The subject of this mail message Subject *string `json:"subject,omitempty" azure:"ro"` // READ-ONLY; The threat detection methods ThreatDetectionMethods []*string `json:"threatDetectionMethods,omitempty" azure:"ro"` // READ-ONLY; The threats of this mail message Threats []*string `json:"threats,omitempty" azure:"ro"` // READ-ONLY; The Urls contained in this mail message Urls []*string `json:"urls,omitempty" azure:"ro"` }
MailMessageEntityProperties - Mail message entity property bag.
func (MailMessageEntityProperties) MarshalJSON ¶ added in v0.2.0
func (m MailMessageEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MailMessageEntityProperties.
func (*MailMessageEntityProperties) UnmarshalJSON ¶ added in v0.2.0
func (m *MailMessageEntityProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntityProperties.
type MailboxEntity ¶ added in v0.2.0
type MailboxEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // Mailbox entity properties Properties *MailboxEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MailboxEntity - Represents a mailbox entity.
func (*MailboxEntity) GetEntity ¶ added in v0.2.0
func (m *MailboxEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type MailboxEntity.
func (MailboxEntity) MarshalJSON ¶ added in v0.2.0
func (m MailboxEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MailboxEntity.
func (*MailboxEntity) UnmarshalJSON ¶ added in v0.2.0
func (m *MailboxEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntity.
type MailboxEntityProperties ¶ added in v0.2.0
type MailboxEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The mailbox's display name DisplayName *string `json:"displayName,omitempty" azure:"ro"` // READ-ONLY; The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox // object on office side ExternalDirectoryObjectID *string `json:"externalDirectoryObjectId,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The mailbox's primary address MailboxPrimaryAddress *string `json:"mailboxPrimaryAddress,omitempty" azure:"ro"` // READ-ONLY; The mailbox's UPN Upn *string `json:"upn,omitempty" azure:"ro"` }
MailboxEntityProperties - Mailbox entity property bag.
func (MailboxEntityProperties) MarshalJSON ¶ added in v0.2.0
func (m MailboxEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MailboxEntityProperties.
type MalwareEntity ¶ added in v0.2.0
type MalwareEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // File entity properties Properties *MalwareEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MalwareEntity - Represents a malware entity.
func (*MalwareEntity) GetEntity ¶ added in v0.2.0
func (m *MalwareEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type MalwareEntity.
func (MalwareEntity) MarshalJSON ¶ added in v0.2.0
func (m MalwareEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MalwareEntity.
func (*MalwareEntity) UnmarshalJSON ¶ added in v0.2.0
func (m *MalwareEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntity.
type MalwareEntityProperties ¶ added in v0.2.0
type MalwareEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The malware category by the vendor, e.g. Trojan Category *string `json:"category,omitempty" azure:"ro"` // READ-ONLY; List of linked file entity identifiers on which the malware was found FileEntityIDs []*string `json:"fileEntityIds,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn MalwareName *string `json:"malwareName,omitempty" azure:"ro"` // READ-ONLY; List of linked process entity identifiers on which the malware was found. ProcessEntityIDs []*string `json:"processEntityIds,omitempty" azure:"ro"` }
MalwareEntityProperties - Malware entity property bag.
func (MalwareEntityProperties) MarshalJSON ¶ added in v0.2.0
func (m MalwareEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MalwareEntityProperties.
type MatchingMethod ¶ added in v0.2.0
type MatchingMethod string
MatchingMethod - Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
const ( // MatchingMethodAllEntities - Grouping alerts into a single incident if all the entities match MatchingMethodAllEntities MatchingMethod = "AllEntities" // MatchingMethodAnyAlert - Grouping any alerts triggered by this rule into a single incident MatchingMethodAnyAlert MatchingMethod = "AnyAlert" // MatchingMethodSelected - Grouping alerts into a single incident if the selected entities, custom details and alert details // match MatchingMethodSelected MatchingMethod = "Selected" )
func PossibleMatchingMethodValues ¶ added in v0.2.0
func PossibleMatchingMethodValues() []MatchingMethod
PossibleMatchingMethodValues returns the possible values for the MatchingMethod const type.
func (MatchingMethod) ToPtr ¶ added in v0.2.0
func (c MatchingMethod) ToPtr() *MatchingMethod
ToPtr returns a *MatchingMethod pointing to the current value.
type MetadataAuthor ¶ added in v0.2.0
type MetadataAuthor struct { // Email of author contact Email *string `json:"email,omitempty"` // Link for author/vendor page Link *string `json:"link,omitempty"` // Name of the author. Company or person. Name *string `json:"name,omitempty"` }
MetadataAuthor - Publisher or creator of the content item.
type MetadataCategories ¶ added in v0.2.0
type MetadataCategories struct { // domain for the solution content item Domains []*string `json:"domains,omitempty"` // Industry verticals for the solution content item Verticals []*string `json:"verticals,omitempty"` }
MetadataCategories - ies for the solution content item
func (MetadataCategories) MarshalJSON ¶ added in v0.2.0
func (m MetadataCategories) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MetadataCategories.
type MetadataClient ¶ added in v0.2.0
type MetadataClient struct {
// contains filtered or unexported fields
}
MetadataClient contains the methods for the Metadata group. Don't use this type directly, use NewMetadataClient() instead.
func NewMetadataClient ¶ added in v0.2.0
func NewMetadataClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *MetadataClient
NewMetadataClient creates a new instance of MetadataClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*MetadataClient) Create ¶ added in v0.2.0
func (client *MetadataClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadata MetadataModel, options *MetadataClientCreateOptions) (MetadataClientCreateResponse, error)
Create - Create a Metadata. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. metadataName - The Metadata name. metadata - Metadata resource. options - MetadataClientCreateOptions contains the optional parameters for the MetadataClient.Create method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/PutMetadata.json
package main import ( "context" "log" "time" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewMetadataClient("<subscription-id>", cred, nil) res, err := client.Create(ctx, "<resource-group-name>", "<workspace-name>", "<metadata-name>", armsecurityinsight.MetadataModel{ Properties: &armsecurityinsight.MetadataProperties{ Author: &armsecurityinsight.MetadataAuthor{ Name: to.StringPtr("<name>"), Email: to.StringPtr("<email>"), }, Categories: &armsecurityinsight.MetadataCategories{ Domains: []*string{ to.StringPtr("Application"), to.StringPtr("Security – Insider Threat")}, Verticals: []*string{ to.StringPtr("Healthcare")}, }, ContentID: to.StringPtr("<content-id>"), Dependencies: &armsecurityinsight.MetadataDependencies{ Criteria: []*armsecurityinsight.MetadataDependencies{ { Criteria: []*armsecurityinsight.MetadataDependencies{ { Name: to.StringPtr("<name>"), ContentID: to.StringPtr("<content-id>"), Kind: armsecurityinsight.Kind("DataConnector").ToPtr(), }, { ContentID: to.StringPtr("<content-id>"), Kind: armsecurityinsight.Kind("DataConnector").ToPtr(), }, { ContentID: to.StringPtr("<content-id>"), Kind: armsecurityinsight.Kind("DataConnector").ToPtr(), Version: to.StringPtr("<version>"), }}, Operator: armsecurityinsight.Operator("OR").ToPtr(), }, { ContentID: to.StringPtr("<content-id>"), Kind: armsecurityinsight.Kind("Playbook").ToPtr(), Version: to.StringPtr("<version>"), }, { ContentID: to.StringPtr("<content-id>"), Kind: armsecurityinsight.Kind("Parser").ToPtr(), }}, Operator: armsecurityinsight.Operator("AND").ToPtr(), }, FirstPublishDate: to.TimePtr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t }()), Kind: armsecurityinsight.Kind("AnalyticsRule").ToPtr(), LastPublishDate: to.TimePtr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t }()), ParentID: to.StringPtr("<parent-id>"), Providers: []*string{ to.StringPtr("Amazon"), to.StringPtr("Microsoft")}, Source: &armsecurityinsight.MetadataSource{ Name: to.StringPtr("<name>"), Kind: armsecurityinsight.SourceKind("Solution").ToPtr(), SourceID: to.StringPtr("<source-id>"), }, Support: &armsecurityinsight.MetadataSupport{ Name: to.StringPtr("<name>"), Email: to.StringPtr("<email>"), Link: to.StringPtr("<link>"), Tier: armsecurityinsight.SupportTier("Partner").ToPtr(), }, Version: to.StringPtr("<version>"), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.MetadataClientCreateResult) }
Output:
func (*MetadataClient) Delete ¶ added in v0.2.0
func (client *MetadataClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, options *MetadataClientDeleteOptions) (MetadataClientDeleteResponse, error)
Delete - Delete a Metadata. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. metadataName - The Metadata name. options - MetadataClientDeleteOptions contains the optional parameters for the MetadataClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/DeleteMetadata.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewMetadataClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<metadata-name>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*MetadataClient) Get ¶ added in v0.2.0
func (client *MetadataClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, options *MetadataClientGetOptions) (MetadataClientGetResponse, error)
Get - Get a Metadata. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. metadataName - The Metadata name. options - MetadataClientGetOptions contains the optional parameters for the MetadataClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/GetMetadata.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewMetadataClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<metadata-name>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.MetadataClientGetResult) }
Output:
func (*MetadataClient) List ¶ added in v0.2.0
func (client *MetadataClient) List(resourceGroupName string, workspaceName string, options *MetadataClientListOptions) *MetadataClientListPager
List - List of all metadata If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - MetadataClientListOptions contains the optional parameters for the MetadataClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/GetAllMetadataOData.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewMetadataClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", &armsecurityinsight.MetadataClientListOptions{Filter: nil, Orderby: nil, Top: nil, Skip: nil, }) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
func (*MetadataClient) Update ¶ added in v0.2.0
func (client *MetadataClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadataPatch MetadataPatch, options *MetadataClientUpdateOptions) (MetadataClientUpdateResponse, error)
Update - Update an existing Metadata. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. metadataName - The Metadata name. metadataPatch - Partial metadata request. options - MetadataClientUpdateOptions contains the optional parameters for the MetadataClient.Update method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/PatchMetadata.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewMetadataClient("<subscription-id>", cred, nil) res, err := client.Update(ctx, "<resource-group-name>", "<workspace-name>", "<metadata-name>", armsecurityinsight.MetadataPatch{ Properties: &armsecurityinsight.MetadataPropertiesPatch{ Author: &armsecurityinsight.MetadataAuthor{ Name: to.StringPtr("<name>"), Email: to.StringPtr("<email>"), }, }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.MetadataClientUpdateResult) }
Output:
type MetadataClientCreateOptions ¶ added in v0.2.0
type MetadataClientCreateOptions struct { }
MetadataClientCreateOptions contains the optional parameters for the MetadataClient.Create method.
type MetadataClientCreateResponse ¶ added in v0.2.0
type MetadataClientCreateResponse struct { MetadataClientCreateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
MetadataClientCreateResponse contains the response from method MetadataClient.Create.
type MetadataClientCreateResult ¶ added in v0.2.0
type MetadataClientCreateResult struct {
MetadataModel
}
MetadataClientCreateResult contains the result from method MetadataClient.Create.
type MetadataClientDeleteOptions ¶ added in v0.2.0
type MetadataClientDeleteOptions struct { }
MetadataClientDeleteOptions contains the optional parameters for the MetadataClient.Delete method.
type MetadataClientDeleteResponse ¶ added in v0.2.0
type MetadataClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
MetadataClientDeleteResponse contains the response from method MetadataClient.Delete.
type MetadataClientGetOptions ¶ added in v0.2.0
type MetadataClientGetOptions struct { }
MetadataClientGetOptions contains the optional parameters for the MetadataClient.Get method.
type MetadataClientGetResponse ¶ added in v0.2.0
type MetadataClientGetResponse struct { MetadataClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
MetadataClientGetResponse contains the response from method MetadataClient.Get.
type MetadataClientGetResult ¶ added in v0.2.0
type MetadataClientGetResult struct {
MetadataModel
}
MetadataClientGetResult contains the result from method MetadataClient.Get.
type MetadataClientListOptions ¶ added in v0.2.0
type MetadataClientListOptions struct { // Filters the results, based on a Boolean condition. Optional. Filter *string // Sorts the results. Optional. Orderby *string // Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left. Skip *int32 // Returns only the first n results. Optional. Top *int32 }
MetadataClientListOptions contains the optional parameters for the MetadataClient.List method.
type MetadataClientListPager ¶ added in v0.2.0
type MetadataClientListPager struct {
// contains filtered or unexported fields
}
MetadataClientListPager provides operations for iterating over paged responses.
func (*MetadataClientListPager) Err ¶ added in v0.2.0
func (p *MetadataClientListPager) Err() error
Err returns the last error encountered while paging.
func (*MetadataClientListPager) NextPage ¶ added in v0.2.0
func (p *MetadataClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*MetadataClientListPager) PageResponse ¶ added in v0.2.0
func (p *MetadataClientListPager) PageResponse() MetadataClientListResponse
PageResponse returns the current MetadataClientListResponse page.
type MetadataClientListResponse ¶ added in v0.2.0
type MetadataClientListResponse struct { MetadataClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
MetadataClientListResponse contains the response from method MetadataClient.List.
type MetadataClientListResult ¶ added in v0.2.0
type MetadataClientListResult struct {
MetadataList
}
MetadataClientListResult contains the result from method MetadataClient.List.
type MetadataClientUpdateOptions ¶ added in v0.2.0
type MetadataClientUpdateOptions struct { }
MetadataClientUpdateOptions contains the optional parameters for the MetadataClient.Update method.
type MetadataClientUpdateResponse ¶ added in v0.2.0
type MetadataClientUpdateResponse struct { MetadataClientUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
MetadataClientUpdateResponse contains the response from method MetadataClient.Update.
type MetadataClientUpdateResult ¶ added in v0.2.0
type MetadataClientUpdateResult struct {
MetadataModel
}
MetadataClientUpdateResult contains the result from method MetadataClient.Update.
type MetadataDependencies ¶ added in v0.2.0
type MetadataDependencies struct { // Id of the content item we depend on ContentID *string `json:"contentId,omitempty"` // This is the list of dependencies we must fulfill, according to the AND/OR operator Criteria []*MetadataDependencies `json:"criteria,omitempty"` // Type of the content item we depend on Kind *Kind `json:"kind,omitempty"` // Name of the content item Name *string `json:"name,omitempty"` // Operator used for list of dependencies in criteria array. Operator *Operator `json:"operator,omitempty"` // Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. // If version does not match our defined numeric format then an exact match is // required. Version *string `json:"version,omitempty"` }
MetadataDependencies - Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.
func (MetadataDependencies) MarshalJSON ¶ added in v0.2.0
func (m MetadataDependencies) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MetadataDependencies.
type MetadataList ¶ added in v0.2.0
type MetadataList struct { // REQUIRED; Array of metadata. Value []*MetadataModel `json:"value,omitempty"` // READ-ONLY; URL to fetch the next page of metadata. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
MetadataList - List of all the metadata.
func (MetadataList) MarshalJSON ¶ added in v0.2.0
func (m MetadataList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MetadataList.
type MetadataModel ¶ added in v0.2.0
type MetadataModel struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Metadata properties Properties *MetadataProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MetadataModel - Metadata resource definition.
type MetadataPatch ¶ added in v0.2.0
type MetadataPatch struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Metadata patch request body Properties *MetadataPropertiesPatch `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MetadataPatch - Metadata patch request body.
func (MetadataPatch) MarshalJSON ¶ added in v0.2.0
func (m MetadataPatch) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MetadataPatch.
type MetadataProperties ¶ added in v0.2.0
type MetadataProperties struct { // REQUIRED; The kind of content the metadata is for. Kind *Kind `json:"kind,omitempty"` // REQUIRED; Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope // (subscription and resource group) ParentID *string `json:"parentId,omitempty"` // The creator of the content item. Author *MetadataAuthor `json:"author,omitempty"` // Categories for the solution content item Categories *MetadataCategories `json:"categories,omitempty"` // Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for // out of the box content and solutions. Dynamic for user-created. This is the // resource name ContentID *string `json:"contentId,omitempty"` // Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies // using a recursive/nested structure. For a single dependency an id/kind/version // can be supplied or operator/criteria for complex formats. Dependencies *MetadataDependencies `json:"dependencies,omitempty"` // first publish date solution content item FirstPublishDate *time.Time `json:"firstPublishDate,omitempty"` // last publish date for the solution content item LastPublishDate *time.Time `json:"lastPublishDate,omitempty"` // Providers for the solution content item Providers []*string `json:"providers,omitempty"` // Source of the content. This is where/how it was created. Source *MetadataSource `json:"source,omitempty"` // Support information for the metadata - type, name, contact information Support *MetadataSupport `json:"support,omitempty"` // Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template // best practices. Can also be any string, but then we cannot guarantee any version // checks Version *string `json:"version,omitempty"` }
MetadataProperties - Metadata property bag.
func (MetadataProperties) MarshalJSON ¶ added in v0.2.0
func (m MetadataProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MetadataProperties.
func (*MetadataProperties) UnmarshalJSON ¶ added in v0.2.0
func (m *MetadataProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MetadataProperties.
type MetadataPropertiesPatch ¶ added in v0.2.0
type MetadataPropertiesPatch struct { // The creator of the content item. Author *MetadataAuthor `json:"author,omitempty"` // Categories for the solution content item Categories *MetadataCategories `json:"categories,omitempty"` // Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for // out of the box content and solutions. Dynamic for user-created. This is the // resource name ContentID *string `json:"contentId,omitempty"` // Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies // using a recursive/nested structure. For a single dependency an id/kind/version // can be supplied or operator/criteria for complex formats. Dependencies *MetadataDependencies `json:"dependencies,omitempty"` // first publish date solution content item FirstPublishDate *time.Time `json:"firstPublishDate,omitempty"` // The kind of content the metadata is for. Kind *Kind `json:"kind,omitempty"` // last publish date for the solution content item LastPublishDate *time.Time `json:"lastPublishDate,omitempty"` // Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription // and resource group) ParentID *string `json:"parentId,omitempty"` // Providers for the solution content item Providers []*string `json:"providers,omitempty"` // Source of the content. This is where/how it was created. Source *MetadataSource `json:"source,omitempty"` // Support information for the metadata - type, name, contact information Support *MetadataSupport `json:"support,omitempty"` // Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template // best practices. Can also be any string, but then we cannot guarantee any version // checks Version *string `json:"version,omitempty"` }
MetadataPropertiesPatch - Metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required
func (MetadataPropertiesPatch) MarshalJSON ¶ added in v0.2.0
func (m MetadataPropertiesPatch) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MetadataPropertiesPatch.
func (*MetadataPropertiesPatch) UnmarshalJSON ¶ added in v0.2.0
func (m *MetadataPropertiesPatch) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MetadataPropertiesPatch.
type MetadataSource ¶ added in v0.2.0
type MetadataSource struct { // REQUIRED; Source type of the content Kind *SourceKind `json:"kind,omitempty"` // Name of the content source. The repo name, solution name, LA workspace name etc. Name *string `json:"name,omitempty"` // ID of the content source. The solution ID, workspace ID, etc SourceID *string `json:"sourceId,omitempty"` }
MetadataSource - The original source of the content item, where it comes from.
type MetadataSupport ¶ added in v0.2.0
type MetadataSupport struct { // REQUIRED; Type of support for content item Tier *SupportTier `json:"tier,omitempty"` // Email of support contact Email *string `json:"email,omitempty"` // Link for support help, like to support page to open a ticket etc. Link *string `json:"link,omitempty"` // Name of the support contact. Company or person. Name *string `json:"name,omitempty"` }
MetadataSupport - Support information for the content item.
type MicrosoftSecurityIncidentCreationAlertRule ¶
type MicrosoftSecurityIncidentCreationAlertRule struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // MicrosoftSecurityIncidentCreation rule properties Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MicrosoftSecurityIncidentCreationAlertRule - Represents MicrosoftSecurityIncidentCreation rule.
func (*MicrosoftSecurityIncidentCreationAlertRule) GetAlertRule ¶ added in v0.2.0
func (m *MicrosoftSecurityIncidentCreationAlertRule) GetAlertRule() *AlertRule
GetAlertRule implements the AlertRuleClassification interface for type MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON ¶
func (m MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRule.
func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON ¶
func (m *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRule.
type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct { // REQUIRED; The alerts' productName on which the cases will be generated ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"` // the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"` // the alerts' displayNames on which the cases will be generated DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"` // the alerts' severities on which the cases will be generated SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRuleCommonProperties - MicrosoftSecurityIncidentCreation rule common property bag.
func (MicrosoftSecurityIncidentCreationAlertRuleCommonProperties) MarshalJSON ¶
func (m MicrosoftSecurityIncidentCreationAlertRuleCommonProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.
type MicrosoftSecurityIncidentCreationAlertRuleProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { // REQUIRED; The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty"` // REQUIRED; Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // REQUIRED; The alerts' productName on which the cases will be generated ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"` // The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // The description of the alert rule. Description *string `json:"description,omitempty"` // the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"` // the alerts' displayNames on which the cases will be generated DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"` // the alerts' severities on which the cases will be generated SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"` // READ-ONLY; The last time that this alert has been modified. LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` }
MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule property bag.
func (MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON ¶
func (m MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties.
func (*MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON ¶
func (m *MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties.
type MicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // MicrosoftSecurityIncidentCreation rule template properties Properties *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
MicrosoftSecurityIncidentCreationAlertRuleTemplate - Represents MicrosoftSecurityIncidentCreation rule template.
func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) GetAlertRuleTemplate ¶ added in v0.2.0
func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate
GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON ¶
func (m MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON ¶
func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.
type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { // REQUIRED; The alerts' productName on which the cases will be generated ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"` // the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // The description of the alert rule template. Description *string `json:"description,omitempty"` // The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // the alerts' displayNames on which the cases will not be generated DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"` // the alerts' displayNames on which the cases will be generated DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"` // The required data sources for this template RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // the alerts' severities on which the cases will be generated SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"` // The alert rule template status. Status *TemplateStatus `json:"status,omitempty"` // READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` // READ-ONLY; The last time that this alert rule template has been updated. LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` }
MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties
func (MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON ¶
func (m MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.
func (*MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON ¶
func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.
type MicrosoftSecurityProductName ¶
type MicrosoftSecurityProductName string
MicrosoftSecurityProductName - The alerts' productName on which the cases will be generated
const ( MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" MicrosoftSecurityProductNameAzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" MicrosoftSecurityProductNameAzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" MicrosoftSecurityProductNameAzureSecurityCenterForIoT MicrosoftSecurityProductName = "Azure Security Center for IoT" MicrosoftSecurityProductNameMicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection" MicrosoftSecurityProductNameOffice365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection" )
func PossibleMicrosoftSecurityProductNameValues ¶
func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName
PossibleMicrosoftSecurityProductNameValues returns the possible values for the MicrosoftSecurityProductName const type.
func (MicrosoftSecurityProductName) ToPtr ¶
func (c MicrosoftSecurityProductName) ToPtr() *MicrosoftSecurityProductName
ToPtr returns a *MicrosoftSecurityProductName pointing to the current value.
type MtpCheckRequirements ¶ added in v0.2.0
type MtpCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // MTP (Microsoft Threat Protection) requirements check properties. Properties *MTPCheckRequirementsProperties `json:"properties,omitempty"` }
MtpCheckRequirements - Represents MTP (Microsoft Threat Protection) requirements check request.
func (*MtpCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (m *MtpCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MtpCheckRequirements.
func (MtpCheckRequirements) MarshalJSON ¶ added in v0.2.0
func (m MtpCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type MtpCheckRequirements.
func (*MtpCheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (m *MtpCheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type MtpCheckRequirements.
type NrtAlertRule ¶ added in v0.2.0
type NrtAlertRule struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // NRT alert rule properties Properties *NrtAlertRuleProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
NrtAlertRule - Represents NRT alert rule.
func (*NrtAlertRule) GetAlertRule ¶ added in v0.2.0
func (n *NrtAlertRule) GetAlertRule() *AlertRule
GetAlertRule implements the AlertRuleClassification interface for type NrtAlertRule.
func (NrtAlertRule) MarshalJSON ¶ added in v0.2.0
func (n NrtAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type NrtAlertRule.
func (*NrtAlertRule) UnmarshalJSON ¶ added in v0.2.0
func (n *NrtAlertRule) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRule.
type NrtAlertRuleProperties ¶ added in v0.2.0
type NrtAlertRuleProperties struct { // REQUIRED; The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty"` // REQUIRED; Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. SuppressionDuration *string `json:"suppressionDuration,omitempty"` // REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled. SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` // The alert details override settings AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` // The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // Dictionary of string key-value pairs of columns to be attached to the alert CustomDetails map[string]*string `json:"customDetails,omitempty"` // The description of the alert rule. Description *string `json:"description,omitempty"` // Array of the entity mappings of the alert rule EntityMappings []*EntityMapping `json:"entityMappings,omitempty"` // The settings of the incidents that created from alerts triggered by this analytics rule IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"` // The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty"` // The tactics of the alert rule Tactics []*AttackTactic `json:"tactics,omitempty"` // The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 TemplateVersion *string `json:"templateVersion,omitempty"` // READ-ONLY; The last time that this alert rule has been modified. LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` }
NrtAlertRuleProperties - Nrt alert rule base property bag.
func (NrtAlertRuleProperties) MarshalJSON ¶ added in v0.2.0
func (n NrtAlertRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleProperties.
func (*NrtAlertRuleProperties) UnmarshalJSON ¶ added in v0.2.0
func (n *NrtAlertRuleProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleProperties.
type NrtAlertRuleTemplate ¶ added in v0.2.0
type NrtAlertRuleTemplate struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // NRT alert rule template properties Properties *NrtAlertRuleTemplateProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
NrtAlertRuleTemplate - Represents NRT alert rule template.
func (*NrtAlertRuleTemplate) GetAlertRuleTemplate ¶ added in v0.2.0
func (n *NrtAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate
GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type NrtAlertRuleTemplate.
func (NrtAlertRuleTemplate) MarshalJSON ¶ added in v0.2.0
func (n NrtAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleTemplate.
func (*NrtAlertRuleTemplate) UnmarshalJSON ¶ added in v0.2.0
func (n *NrtAlertRuleTemplate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleTemplate.
type NrtAlertRuleTemplateProperties ¶ added in v0.2.0
type NrtAlertRuleTemplateProperties struct { // The alert details override settings AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` // the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // Dictionary of string key-value pairs of columns to be attached to the alert CustomDetails map[string]*string `json:"customDetails,omitempty"` // The description of the alert rule template. Description *string `json:"description,omitempty"` // The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // Array of the entity mappings of the alert rule EntityMappings []*EntityMapping `json:"entityMappings,omitempty"` // The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // The required data sources for this template RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty"` // The alert rule template status. Status *TemplateStatus `json:"status,omitempty"` // The tactics of the alert rule Tactics []*AttackTactic `json:"tactics,omitempty"` // The version of this template - in format , where all are numbers. For example . Version *string `json:"version,omitempty"` // READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` // READ-ONLY; The last time that this alert rule template has been updated. LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` }
NrtAlertRuleTemplateProperties - NRT alert rule template properties
func (NrtAlertRuleTemplateProperties) MarshalJSON ¶ added in v0.2.0
func (n NrtAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleTemplateProperties.
func (*NrtAlertRuleTemplateProperties) UnmarshalJSON ¶ added in v0.2.0
func (n *NrtAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleTemplateProperties.
type OSFamily ¶ added in v0.2.0
type OSFamily string
OSFamily - The operating system type.
const ( // OSFamilyLinux - Host with Linux operating system. OSFamilyLinux OSFamily = "Linux" // OSFamilyWindows - Host with Windows operating system. OSFamilyWindows OSFamily = "Windows" // OSFamilyAndroid - Host with Android operating system. OSFamilyAndroid OSFamily = "Android" // OSFamilyIOS - Host with IOS operating system. OSFamilyIOS OSFamily = "IOS" // OSFamilyUnknown - Host with Unknown operating system. OSFamilyUnknown OSFamily = "Unknown" )
func PossibleOSFamilyValues ¶ added in v0.2.0
func PossibleOSFamilyValues() []OSFamily
PossibleOSFamilyValues returns the possible values for the OSFamily const type.
type OfficeATPCheckRequirements ¶ added in v0.2.0
type OfficeATPCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. Properties *OfficeATPCheckRequirementsProperties `json:"properties,omitempty"` }
OfficeATPCheckRequirements - Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.
func (*OfficeATPCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (o *OfficeATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficeATPCheckRequirements.
func (OfficeATPCheckRequirements) MarshalJSON ¶ added in v0.2.0
func (o OfficeATPCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type OfficeATPCheckRequirements.
func (*OfficeATPCheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (o *OfficeATPCheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPCheckRequirements.
type OfficeATPCheckRequirementsProperties ¶ added in v0.2.0
type OfficeATPCheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.
type OfficeATPDataConnector ¶ added in v0.2.0
type OfficeATPDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // OfficeATP (Office 365 Advanced Threat Protection) data connector properties. Properties *OfficeATPDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
OfficeATPDataConnector - Represents OfficeATP (Office 365 Advanced Threat Protection) data connector.
func (*OfficeATPDataConnector) GetDataConnector ¶ added in v0.2.0
func (o *OfficeATPDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type OfficeATPDataConnector.
func (OfficeATPDataConnector) MarshalJSON ¶ added in v0.2.0
func (o OfficeATPDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type OfficeATPDataConnector.
func (*OfficeATPDataConnector) UnmarshalJSON ¶ added in v0.2.0
func (o *OfficeATPDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPDataConnector.
type OfficeATPDataConnectorProperties ¶ added in v0.2.0
type OfficeATPDataConnectorProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties.
type OfficeConsent ¶
type OfficeConsent struct { // Office consent properties Properties *OfficeConsentProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
OfficeConsent - Consent for Office365 tenant that already made.
type OfficeConsentList ¶
type OfficeConsentList struct { // REQUIRED; Array of the consents. Value []*OfficeConsent `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of office consents. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
OfficeConsentList - List of all the office365 consents.
func (OfficeConsentList) MarshalJSON ¶
func (o OfficeConsentList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type OfficeConsentList.
type OfficeConsentProperties ¶
type OfficeConsentProperties struct { // Help to easily cascade among the data layers. ConsentID *string `json:"consentId,omitempty"` // The tenantId of the Office365 with the consent. TenantID *string `json:"tenantId,omitempty"` }
OfficeConsentProperties - Consent property bag.
type OfficeConsentsClient ¶ added in v0.2.0
type OfficeConsentsClient struct {
// contains filtered or unexported fields
}
OfficeConsentsClient contains the methods for the OfficeConsents group. Don't use this type directly, use NewOfficeConsentsClient() instead.
func NewOfficeConsentsClient ¶ added in v0.2.0
func NewOfficeConsentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *OfficeConsentsClient
NewOfficeConsentsClient creates a new instance of OfficeConsentsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*OfficeConsentsClient) Delete ¶ added in v0.2.0
func (client *OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientDeleteOptions) (OfficeConsentsClientDeleteResponse, error)
Delete - Delete the office365 consent. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. consentID - consent ID options - OfficeConsentsClientDeleteOptions contains the optional parameters for the OfficeConsentsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewOfficeConsentsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<consent-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*OfficeConsentsClient) Get ¶ added in v0.2.0
func (client *OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientGetOptions) (OfficeConsentsClientGetResponse, error)
Get - Gets an office365 consent. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. consentID - consent ID options - OfficeConsentsClientGetOptions contains the optional parameters for the OfficeConsentsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewOfficeConsentsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<consent-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.OfficeConsentsClientGetResult) }
Output:
func (*OfficeConsentsClient) List ¶ added in v0.2.0
func (client *OfficeConsentsClient) List(resourceGroupName string, workspaceName string, options *OfficeConsentsClientListOptions) *OfficeConsentsClientListPager
List - Gets all office365 consents. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - OfficeConsentsClientListOptions contains the optional parameters for the OfficeConsentsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/officeConsents/GetOfficeConsents.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewOfficeConsentsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type OfficeConsentsClientDeleteOptions ¶ added in v0.2.0
type OfficeConsentsClientDeleteOptions struct { }
OfficeConsentsClientDeleteOptions contains the optional parameters for the OfficeConsentsClient.Delete method.
type OfficeConsentsClientDeleteResponse ¶ added in v0.2.0
type OfficeConsentsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
OfficeConsentsClientDeleteResponse contains the response from method OfficeConsentsClient.Delete.
type OfficeConsentsClientGetOptions ¶ added in v0.2.0
type OfficeConsentsClientGetOptions struct { }
OfficeConsentsClientGetOptions contains the optional parameters for the OfficeConsentsClient.Get method.
type OfficeConsentsClientGetResponse ¶ added in v0.2.0
type OfficeConsentsClientGetResponse struct { OfficeConsentsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
OfficeConsentsClientGetResponse contains the response from method OfficeConsentsClient.Get.
type OfficeConsentsClientGetResult ¶ added in v0.2.0
type OfficeConsentsClientGetResult struct {
OfficeConsent
}
OfficeConsentsClientGetResult contains the result from method OfficeConsentsClient.Get.
type OfficeConsentsClientListOptions ¶ added in v0.2.0
type OfficeConsentsClientListOptions struct { }
OfficeConsentsClientListOptions contains the optional parameters for the OfficeConsentsClient.List method.
type OfficeConsentsClientListPager ¶ added in v0.2.0
type OfficeConsentsClientListPager struct {
// contains filtered or unexported fields
}
OfficeConsentsClientListPager provides operations for iterating over paged responses.
func (*OfficeConsentsClientListPager) Err ¶ added in v0.2.0
func (p *OfficeConsentsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*OfficeConsentsClientListPager) NextPage ¶ added in v0.2.0
func (p *OfficeConsentsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*OfficeConsentsClientListPager) PageResponse ¶ added in v0.2.0
func (p *OfficeConsentsClientListPager) PageResponse() OfficeConsentsClientListResponse
PageResponse returns the current OfficeConsentsClientListResponse page.
type OfficeConsentsClientListResponse ¶ added in v0.2.0
type OfficeConsentsClientListResponse struct { OfficeConsentsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
OfficeConsentsClientListResponse contains the response from method OfficeConsentsClient.List.
type OfficeConsentsClientListResult ¶ added in v0.2.0
type OfficeConsentsClientListResult struct {
OfficeConsentList
}
OfficeConsentsClientListResult contains the result from method OfficeConsentsClient.List.
type OfficeDataConnector ¶
type OfficeDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Office data connector properties. Properties *OfficeDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
OfficeDataConnector - Represents office data connector.
func (*OfficeDataConnector) GetDataConnector ¶ added in v0.2.0
func (o *OfficeDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type OfficeDataConnector.
func (OfficeDataConnector) MarshalJSON ¶
func (o OfficeDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type OfficeDataConnector.
func (*OfficeDataConnector) UnmarshalJSON ¶
func (o *OfficeDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnector.
type OfficeDataConnectorDataTypes ¶
type OfficeDataConnectorDataTypes struct { // REQUIRED; Exchange data type connection. Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` // REQUIRED; Teams data type connection. Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"` }
OfficeDataConnectorDataTypes - The available data types for office data connector.
type OfficeDataConnectorDataTypesExchange ¶
type OfficeDataConnectorDataTypesExchange struct { // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
OfficeDataConnectorDataTypesExchange - Exchange data type connection.
type OfficeDataConnectorDataTypesSharePoint ¶
type OfficeDataConnectorDataTypesSharePoint struct { DataTypeState `json:"state,omitempty"` }State *
OfficeDataConnectorDataTypesSharePoint - SharePoint data type connection.
type OfficeDataConnectorDataTypesTeams ¶
type OfficeDataConnectorDataTypesTeams struct { // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
OfficeDataConnectorDataTypesTeams - Teams data type connection.
type OfficeDataConnectorProperties ¶
type OfficeDataConnectorProperties struct { // REQUIRED; The available data types for the connector. DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
OfficeDataConnectorProperties - Office data connector properties.
type OfficeIRMCheckRequirements ¶ added in v0.2.0
type OfficeIRMCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // OfficeIRM (Microsoft Insider Risk Management) requirements check properties. Properties *OfficeIRMCheckRequirementsProperties `json:"properties,omitempty"` }
OfficeIRMCheckRequirements - Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request.
func (*OfficeIRMCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (o *OfficeIRMCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficeIRMCheckRequirements.
func (OfficeIRMCheckRequirements) MarshalJSON ¶ added in v0.2.0
func (o OfficeIRMCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type OfficeIRMCheckRequirements.
func (*OfficeIRMCheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (o *OfficeIRMCheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMCheckRequirements.
type OfficeIRMCheckRequirementsProperties ¶ added in v0.2.0
type OfficeIRMCheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
OfficeIRMCheckRequirementsProperties - OfficeIRM (Microsoft Insider Risk Management) requirements check properties.
type OfficeIRMDataConnector ¶ added in v0.2.0
type OfficeIRMDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // OfficeIRM (Microsoft Insider Risk Management) data connector properties. Properties *OfficeIRMDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
OfficeIRMDataConnector - Represents OfficeIRM (Microsoft Insider Risk Management) data connector.
func (*OfficeIRMDataConnector) GetDataConnector ¶ added in v0.2.0
func (o *OfficeIRMDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type OfficeIRMDataConnector.
func (OfficeIRMDataConnector) MarshalJSON ¶ added in v0.2.0
func (o OfficeIRMDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type OfficeIRMDataConnector.
func (*OfficeIRMDataConnector) UnmarshalJSON ¶ added in v0.2.0
func (o *OfficeIRMDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMDataConnector.
type OfficeIRMDataConnectorProperties ¶ added in v0.2.0
type OfficeIRMDataConnectorProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
OfficeIRMDataConnectorProperties - OfficeIRM (Microsoft Insider Risk Management) data connector properties.
type Operation ¶
type Operation struct { // Properties of the operation Display *OperationDisplay `json:"display,omitempty"` // Indicates whether the operation is a data action IsDataAction *bool `json:"isDataAction,omitempty"` // Name of the operation Name *string `json:"name,omitempty"` // The origin of the operation Origin *string `json:"origin,omitempty"` }
Operation provided by provider
type OperationDisplay ¶
type OperationDisplay struct { // Description of the operation Description *string `json:"description,omitempty"` // Operation name Operation *string `json:"operation,omitempty"` // Provider name Provider *string `json:"provider,omitempty"` // Resource name Resource *string `json:"resource,omitempty"` }
OperationDisplay - Properties of the operation
type OperationsClient ¶
type OperationsClient struct {
// contains filtered or unexported fields
}
OperationsClient contains the methods for the Operations group. Don't use this type directly, use NewOperationsClient() instead.
func NewOperationsClient ¶
func NewOperationsClient(credential azcore.TokenCredential, options *arm.ClientOptions) *OperationsClient
NewOperationsClient creates a new instance of OperationsClient with the specified values. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*OperationsClient) List ¶
func (client *OperationsClient) List(options *OperationsClientListOptions) *OperationsClientListPager
List - Lists all operations available Azure Security Insights Resource Provider. If the operation fails it returns an *azcore.ResponseError type. options - OperationsClientListOptions contains the optional parameters for the OperationsClient.List method.
type OperationsClientListOptions ¶ added in v0.2.0
type OperationsClientListOptions struct { }
OperationsClientListOptions contains the optional parameters for the OperationsClient.List method.
type OperationsClientListPager ¶ added in v0.2.0
type OperationsClientListPager struct {
// contains filtered or unexported fields
}
OperationsClientListPager provides operations for iterating over paged responses.
func (*OperationsClientListPager) Err ¶ added in v0.2.0
func (p *OperationsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*OperationsClientListPager) NextPage ¶ added in v0.2.0
func (p *OperationsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*OperationsClientListPager) PageResponse ¶ added in v0.2.0
func (p *OperationsClientListPager) PageResponse() OperationsClientListResponse
PageResponse returns the current OperationsClientListResponse page.
type OperationsClientListResponse ¶ added in v0.2.0
type OperationsClientListResponse struct { OperationsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
OperationsClientListResponse contains the response from method OperationsClient.List.
type OperationsClientListResult ¶ added in v0.2.0
type OperationsClientListResult struct {
OperationsList
}
OperationsClientListResult contains the result from method OperationsClient.List.
type OperationsList ¶
type OperationsList struct { // REQUIRED; Array of operations Value []*Operation `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of operations. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
OperationsList - Lists the operations available in the SecurityInsights RP.
func (OperationsList) MarshalJSON ¶
func (o OperationsList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type OperationsList.
type Operator ¶ added in v0.2.0
type Operator string
Operator - Operator used for list of dependencies in criteria array.
func PossibleOperatorValues ¶ added in v0.2.0
func PossibleOperatorValues() []Operator
PossibleOperatorValues returns the possible values for the Operator const type.
type OutputType ¶ added in v0.2.0
type OutputType string
OutputType - Insights Column type.
const ( OutputTypeDate OutputType = "Date" OutputTypeEntity OutputType = "Entity" OutputTypeNumber OutputType = "Number" OutputTypeString OutputType = "String" )
func PossibleOutputTypeValues ¶ added in v0.2.0
func PossibleOutputTypeValues() []OutputType
PossibleOutputTypeValues returns the possible values for the OutputType const type.
func (OutputType) ToPtr ¶ added in v0.2.0
func (c OutputType) ToPtr() *OutputType
ToPtr returns a *OutputType pointing to the current value.
type OwnerType ¶ added in v0.2.0
type OwnerType string
OwnerType - The type of the owner the incident is assigned to.
func PossibleOwnerTypeValues ¶ added in v0.2.0
func PossibleOwnerTypeValues() []OwnerType
PossibleOwnerTypeValues returns the possible values for the OwnerType const type.
type PermissionProviderScope ¶ added in v0.2.0
type PermissionProviderScope string
PermissionProviderScope - Permission provider scope
const ( PermissionProviderScopeResourceGroup PermissionProviderScope = "ResourceGroup" PermissionProviderScopeSubscription PermissionProviderScope = "Subscription" PermissionProviderScopeWorkspace PermissionProviderScope = "Workspace" )
func PossiblePermissionProviderScopeValues ¶ added in v0.2.0
func PossiblePermissionProviderScopeValues() []PermissionProviderScope
PossiblePermissionProviderScopeValues returns the possible values for the PermissionProviderScope const type.
func (PermissionProviderScope) ToPtr ¶ added in v0.2.0
func (c PermissionProviderScope) ToPtr() *PermissionProviderScope
ToPtr returns a *PermissionProviderScope pointing to the current value.
type Permissions ¶ added in v0.2.0
type Permissions struct { // Customs permissions required for the connector Customs []*PermissionsCustomsItem `json:"customs,omitempty"` // Resource provider permissions required for the connector ResourceProvider []*PermissionsResourceProviderItem `json:"resourceProvider,omitempty"` }
Permissions required for the connector
func (Permissions) MarshalJSON ¶ added in v0.2.0
func (p Permissions) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type Permissions.
type PermissionsCustomsItem ¶ added in v0.2.0
type PermissionsResourceProviderItem ¶ added in v0.2.0
type PermissionsResourceProviderItem struct { // Permission description text PermissionsDisplayText *string `json:"permissionsDisplayText,omitempty"` // Provider name Provider *ProviderName `json:"provider,omitempty"` // Permission provider display name ProviderDisplayName *string `json:"providerDisplayName,omitempty"` // Required permissions for the connector RequiredPermissions *RequiredPermissions `json:"requiredPermissions,omitempty"` // Permission provider scope Scope *PermissionProviderScope `json:"scope,omitempty"` }
type PollingFrequency ¶ added in v0.2.0
type PollingFrequency string
PollingFrequency - The polling frequency for the TAXII server.
const ( // PollingFrequencyOnceADay - Once a day PollingFrequencyOnceADay PollingFrequency = "OnceADay" // PollingFrequencyOnceAMinute - Once a minute PollingFrequencyOnceAMinute PollingFrequency = "OnceAMinute" // PollingFrequencyOnceAnHour - Once an hour PollingFrequencyOnceAnHour PollingFrequency = "OnceAnHour" )
func PossiblePollingFrequencyValues ¶ added in v0.2.0
func PossiblePollingFrequencyValues() []PollingFrequency
PossiblePollingFrequencyValues returns the possible values for the PollingFrequency const type.
func (PollingFrequency) ToPtr ¶ added in v0.2.0
func (c PollingFrequency) ToPtr() *PollingFrequency
ToPtr returns a *PollingFrequency pointing to the current value.
type ProcessEntity ¶ added in v0.2.0
type ProcessEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // Process entity properties Properties *ProcessEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ProcessEntity - Represents a process entity.
func (*ProcessEntity) GetEntity ¶ added in v0.2.0
func (p *ProcessEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type ProcessEntity.
func (ProcessEntity) MarshalJSON ¶ added in v0.2.0
func (p ProcessEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ProcessEntity.
func (*ProcessEntity) UnmarshalJSON ¶ added in v0.2.0
func (p *ProcessEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntity.
type ProcessEntityProperties ¶ added in v0.2.0
type ProcessEntityProperties struct { // The elevation token associated with the process. ElevationToken *ElevationToken `json:"elevationToken,omitempty"` // READ-ONLY; The account entity id running the processes. AccountEntityID *string `json:"accountEntityId,omitempty" azure:"ro"` // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The command line used to create the process CommandLine *string `json:"commandLine,omitempty" azure:"ro"` // READ-ONLY; The time when the process started to run CreationTimeUTC *time.Time `json:"creationTimeUtc,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The host entity id on which the process was running HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"` // READ-ONLY; The session entity id in which the process was running HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty" azure:"ro"` // READ-ONLY; Image file entity id ImageFileEntityID *string `json:"imageFileEntityId,omitempty" azure:"ro"` // READ-ONLY; The parent process entity id. ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty" azure:"ro"` // READ-ONLY; The process ID ProcessID *string `json:"processId,omitempty" azure:"ro"` }
ProcessEntityProperties - Process entity property bag.
func (ProcessEntityProperties) MarshalJSON ¶ added in v0.2.0
func (p ProcessEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ProcessEntityProperties.
func (*ProcessEntityProperties) UnmarshalJSON ¶ added in v0.2.0
func (p *ProcessEntityProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntityProperties.
type ProductSettingsClient ¶ added in v0.2.0
type ProductSettingsClient struct {
// contains filtered or unexported fields
}
ProductSettingsClient contains the methods for the ProductSettings group. Don't use this type directly, use NewProductSettingsClient() instead.
func NewProductSettingsClient ¶ added in v0.2.0
func NewProductSettingsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *ProductSettingsClient
NewProductSettingsClient creates a new instance of ProductSettingsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*ProductSettingsClient) Delete ¶ added in v0.2.0
func (client *ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientDeleteOptions) (ProductSettingsClientDeleteResponse, error)
Delete - Delete setting of the product. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba options - ProductSettingsClientDeleteOptions contains the optional parameters for the ProductSettingsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/DeleteEyesOnSetting.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewProductSettingsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<settings-name>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*ProductSettingsClient) Get ¶ added in v0.2.0
func (client *ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientGetOptions) (ProductSettingsClientGetResponse, error)
Get - Gets a setting. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba options - ProductSettingsClientGetOptions contains the optional parameters for the ProductSettingsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/GetEyesOnSetting.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewProductSettingsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<settings-name>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.ProductSettingsClientGetResult) }
Output:
func (*ProductSettingsClient) List ¶ added in v0.2.0
func (client *ProductSettingsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *ProductSettingsClientListOptions) (ProductSettingsClientListResponse, error)
List - List of all the settings If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - ProductSettingsClientListOptions contains the optional parameters for the ProductSettingsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/GetAllSettings.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewProductSettingsClient("<subscription-id>", cred, nil) res, err := client.List(ctx, "<resource-group-name>", "<workspace-name>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.ProductSettingsClientListResult) }
Output:
func (*ProductSettingsClient) Update ¶ added in v0.2.0
func (client *ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, settings SettingsClassification, options *ProductSettingsClientUpdateOptions) (ProductSettingsClientUpdateResponse, error)
Update - Updates setting. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba settings - The setting options - ProductSettingsClientUpdateOptions contains the optional parameters for the ProductSettingsClient.Update method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/UpdateEyesOnSetting.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewProductSettingsClient("<subscription-id>", cred, nil) res, err := client.Update(ctx, "<resource-group-name>", "<workspace-name>", "<settings-name>", &armsecurityinsight.EyesOn{ Etag: to.StringPtr("<etag>"), Kind: armsecurityinsight.SettingKind("EyesOn").ToPtr(), Properties: &armsecurityinsight.EyesOnSettingsProperties{}, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.ProductSettingsClientUpdateResult) }
Output:
type ProductSettingsClientDeleteOptions ¶ added in v0.2.0
type ProductSettingsClientDeleteOptions struct { }
ProductSettingsClientDeleteOptions contains the optional parameters for the ProductSettingsClient.Delete method.
type ProductSettingsClientDeleteResponse ¶ added in v0.2.0
type ProductSettingsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ProductSettingsClientDeleteResponse contains the response from method ProductSettingsClient.Delete.
type ProductSettingsClientGetOptions ¶ added in v0.2.0
type ProductSettingsClientGetOptions struct { }
ProductSettingsClientGetOptions contains the optional parameters for the ProductSettingsClient.Get method.
type ProductSettingsClientGetResponse ¶ added in v0.2.0
type ProductSettingsClientGetResponse struct { ProductSettingsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ProductSettingsClientGetResponse contains the response from method ProductSettingsClient.Get.
type ProductSettingsClientGetResult ¶ added in v0.2.0
type ProductSettingsClientGetResult struct {
SettingsClassification
}
ProductSettingsClientGetResult contains the result from method ProductSettingsClient.Get.
func (*ProductSettingsClientGetResult) UnmarshalJSON ¶ added in v0.2.0
func (p *ProductSettingsClientGetResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ProductSettingsClientGetResult.
type ProductSettingsClientListOptions ¶ added in v0.2.0
type ProductSettingsClientListOptions struct { }
ProductSettingsClientListOptions contains the optional parameters for the ProductSettingsClient.List method.
type ProductSettingsClientListResponse ¶ added in v0.2.0
type ProductSettingsClientListResponse struct { ProductSettingsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ProductSettingsClientListResponse contains the response from method ProductSettingsClient.List.
type ProductSettingsClientListResult ¶ added in v0.2.0
type ProductSettingsClientListResult struct {
SettingList
}
ProductSettingsClientListResult contains the result from method ProductSettingsClient.List.
type ProductSettingsClientUpdateOptions ¶ added in v0.2.0
type ProductSettingsClientUpdateOptions struct { }
ProductSettingsClientUpdateOptions contains the optional parameters for the ProductSettingsClient.Update method.
type ProductSettingsClientUpdateResponse ¶ added in v0.2.0
type ProductSettingsClientUpdateResponse struct { ProductSettingsClientUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ProductSettingsClientUpdateResponse contains the response from method ProductSettingsClient.Update.
type ProductSettingsClientUpdateResult ¶ added in v0.2.0
type ProductSettingsClientUpdateResult struct {
SettingsClassification
}
ProductSettingsClientUpdateResult contains the result from method ProductSettingsClient.Update.
func (*ProductSettingsClientUpdateResult) UnmarshalJSON ¶ added in v0.2.0
func (p *ProductSettingsClientUpdateResult) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ProductSettingsClientUpdateResult.
type ProviderName ¶ added in v0.2.0
type ProviderName string
ProviderName - Provider name
const ( ProviderNameMicrosoftAadiamDiagnosticSettings ProviderName = "microsoft.aadiam/diagnosticSettings" ProviderNameMicrosoftAuthorizationPolicyAssignments ProviderName = "Microsoft.Authorization/policyAssignments" ProviderNameMicrosoftOperationalInsightsSolutions ProviderName = "Microsoft.OperationalInsights/solutions" ProviderNameMicrosoftOperationalInsightsWorkspaces ProviderName = "Microsoft.OperationalInsights/workspaces" ProviderNameMicrosoftOperationalInsightsWorkspacesDatasources ProviderName = "Microsoft.OperationalInsights/workspaces/datasources" )
func PossibleProviderNameValues ¶ added in v0.2.0
func PossibleProviderNameValues() []ProviderName
PossibleProviderNameValues returns the possible values for the ProviderName const type.
func (ProviderName) ToPtr ¶ added in v0.2.0
func (c ProviderName) ToPtr() *ProviderName
ToPtr returns a *ProviderName pointing to the current value.
type QueryBasedAlertRuleProperties ¶ added in v0.2.0
type QueryBasedAlertRuleProperties struct { // REQUIRED; The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty"` // REQUIRED; Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. SuppressionDuration *string `json:"suppressionDuration,omitempty"` // REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled. SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` // The alert details override settings AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` // The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // Dictionary of string key-value pairs of columns to be attached to the alert CustomDetails map[string]*string `json:"customDetails,omitempty"` // The description of the alert rule. Description *string `json:"description,omitempty"` // Array of the entity mappings of the alert rule EntityMappings []*EntityMapping `json:"entityMappings,omitempty"` // The settings of the incidents that created from alerts triggered by this analytics rule IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"` // The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty"` // The tactics of the alert rule Tactics []*AttackTactic `json:"tactics,omitempty"` // The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 TemplateVersion *string `json:"templateVersion,omitempty"` // READ-ONLY; The last time that this alert rule has been modified. LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` }
QueryBasedAlertRuleProperties - Query based alert rule base property bag.
func (QueryBasedAlertRuleProperties) MarshalJSON ¶ added in v0.2.0
func (q QueryBasedAlertRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type QueryBasedAlertRuleProperties.
func (*QueryBasedAlertRuleProperties) UnmarshalJSON ¶ added in v0.2.0
func (q *QueryBasedAlertRuleProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type QueryBasedAlertRuleProperties.
type QueryBasedAlertRuleTemplateProperties ¶ added in v0.2.0
type QueryBasedAlertRuleTemplateProperties struct { // The alert details override settings AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` // Dictionary of string key-value pairs of columns to be attached to the alert CustomDetails map[string]*string `json:"customDetails,omitempty"` // Array of the entity mappings of the alert rule EntityMappings []*EntityMapping `json:"entityMappings,omitempty"` // The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty"` // The tactics of the alert rule Tactics []*AttackTactic `json:"tactics,omitempty"` // The version of this template - in format , where all are numbers. For example . Version *string `json:"version,omitempty"` }
QueryBasedAlertRuleTemplateProperties - Query based alert rule template base property bag.
func (QueryBasedAlertRuleTemplateProperties) MarshalJSON ¶ added in v0.2.0
func (q QueryBasedAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type QueryBasedAlertRuleTemplateProperties.
type RegistryHive ¶ added in v0.2.0
type RegistryHive string
RegistryHive - the hive that holds the registry key.
const ( // RegistryHiveHKEYA - HKEY_A RegistryHiveHKEYA RegistryHive = "HKEY_A" // RegistryHiveHKEYCLASSESROOT - HKEY_CLASSES_ROOT RegistryHiveHKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT" // RegistryHiveHKEYCURRENTCONFIG - HKEY_CURRENT_CONFIG RegistryHiveHKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG" // RegistryHiveHKEYCURRENTUSER - HKEY_CURRENT_USER RegistryHiveHKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER" // RegistryHiveHKEYCURRENTUSERLOCALSETTINGS - HKEY_CURRENT_USER_LOCAL_SETTINGS RegistryHiveHKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS" // RegistryHiveHKEYLOCALMACHINE - HKEY_LOCAL_MACHINE RegistryHiveHKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE" // RegistryHiveHKEYPERFORMANCEDATA - HKEY_PERFORMANCE_DATA RegistryHiveHKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA" // RegistryHiveHKEYPERFORMANCENLSTEXT - HKEY_PERFORMANCE_NLSTEXT RegistryHiveHKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT" // RegistryHiveHKEYPERFORMANCETEXT - HKEY_PERFORMANCE_TEXT RegistryHiveHKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT" // RegistryHiveHKEYUSERS - HKEY_USERS RegistryHiveHKEYUSERS RegistryHive = "HKEY_USERS" )
func PossibleRegistryHiveValues ¶ added in v0.2.0
func PossibleRegistryHiveValues() []RegistryHive
PossibleRegistryHiveValues returns the possible values for the RegistryHive const type.
func (RegistryHive) ToPtr ¶ added in v0.2.0
func (c RegistryHive) ToPtr() *RegistryHive
ToPtr returns a *RegistryHive pointing to the current value.
type RegistryKeyEntity ¶ added in v0.2.0
type RegistryKeyEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // RegistryKey entity properties Properties *RegistryKeyEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
RegistryKeyEntity - Represents a registry key entity.
func (*RegistryKeyEntity) GetEntity ¶ added in v0.2.0
func (r *RegistryKeyEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type RegistryKeyEntity.
func (RegistryKeyEntity) MarshalJSON ¶ added in v0.2.0
func (r RegistryKeyEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntity.
func (*RegistryKeyEntity) UnmarshalJSON ¶ added in v0.2.0
func (r *RegistryKeyEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type RegistryKeyEntity.
type RegistryKeyEntityProperties ¶ added in v0.2.0
type RegistryKeyEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; the hive that holds the registry key. Hive *RegistryHive `json:"hive,omitempty" azure:"ro"` // READ-ONLY; The registry key path. Key *string `json:"key,omitempty" azure:"ro"` }
RegistryKeyEntityProperties - RegistryKey entity property bag.
func (RegistryKeyEntityProperties) MarshalJSON ¶ added in v0.2.0
func (r RegistryKeyEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntityProperties.
type RegistryValueEntity ¶ added in v0.2.0
type RegistryValueEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // RegistryKey entity properties Properties *RegistryValueEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
RegistryValueEntity - Represents a registry value entity.
func (*RegistryValueEntity) GetEntity ¶ added in v0.2.0
func (r *RegistryValueEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type RegistryValueEntity.
func (RegistryValueEntity) MarshalJSON ¶ added in v0.2.0
func (r RegistryValueEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type RegistryValueEntity.
func (*RegistryValueEntity) UnmarshalJSON ¶ added in v0.2.0
func (r *RegistryValueEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type RegistryValueEntity.
type RegistryValueEntityProperties ¶ added in v0.2.0
type RegistryValueEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The registry key entity id. KeyEntityID *string `json:"keyEntityId,omitempty" azure:"ro"` // READ-ONLY; String formatted representation of the value data. ValueData *string `json:"valueData,omitempty" azure:"ro"` // READ-ONLY; The registry value name. ValueName *string `json:"valueName,omitempty" azure:"ro"` // READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value // in the registry. ValueType *RegistryValueKind `json:"valueType,omitempty" azure:"ro"` }
RegistryValueEntityProperties - RegistryValue entity property bag.
func (RegistryValueEntityProperties) MarshalJSON ¶ added in v0.2.0
func (r RegistryValueEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type RegistryValueEntityProperties.
type RegistryValueKind ¶ added in v0.2.0
type RegistryValueKind string
RegistryValueKind - Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry.
const ( // RegistryValueKindBinary - Binary value type RegistryValueKindBinary RegistryValueKind = "Binary" // RegistryValueKindDWord - DWord value type RegistryValueKindDWord RegistryValueKind = "DWord" // RegistryValueKindExpandString - ExpandString value type RegistryValueKindExpandString RegistryValueKind = "ExpandString" // RegistryValueKindMultiString - MultiString value type RegistryValueKindMultiString RegistryValueKind = "MultiString" // RegistryValueKindNone - None RegistryValueKindNone RegistryValueKind = "None" // RegistryValueKindQWord - QWord value type RegistryValueKindQWord RegistryValueKind = "QWord" // RegistryValueKindString - String value type RegistryValueKindString RegistryValueKind = "String" // RegistryValueKindUnknown - Unknown value type RegistryValueKindUnknown RegistryValueKind = "Unknown" )
func PossibleRegistryValueKindValues ¶ added in v0.2.0
func PossibleRegistryValueKindValues() []RegistryValueKind
PossibleRegistryValueKindValues returns the possible values for the RegistryValueKind const type.
func (RegistryValueKind) ToPtr ¶ added in v0.2.0
func (c RegistryValueKind) ToPtr() *RegistryValueKind
ToPtr returns a *RegistryValueKind pointing to the current value.
type Relation ¶ added in v0.2.0
type Relation struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Relation properties Properties *RelationProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
Relation - Represents a relation between two resources
type RelationList ¶ added in v0.2.0
type RelationList struct { // REQUIRED; Array of relations. Value []*Relation `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of relations. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
RelationList - List of relations.
func (RelationList) MarshalJSON ¶ added in v0.2.0
func (r RelationList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type RelationList.
type RelationProperties ¶ added in v0.2.0
type RelationProperties struct { // REQUIRED; The resource ID of the related resource RelatedResourceID *string `json:"relatedResourceId,omitempty"` // READ-ONLY; The resource kind of the related resource RelatedResourceKind *string `json:"relatedResourceKind,omitempty" azure:"ro"` // READ-ONLY; The name of the related resource RelatedResourceName *string `json:"relatedResourceName,omitempty" azure:"ro"` // READ-ONLY; The resource type of the related resource RelatedResourceType *string `json:"relatedResourceType,omitempty" azure:"ro"` }
RelationProperties - Relation property bag.
type Repo ¶ added in v0.2.0
type Repo struct { // Array of branches. Branches []*string `json:"branches,omitempty"` // The name of the repository. FullName *string `json:"fullName,omitempty"` // The url to access the repository. URL *string `json:"url,omitempty"` }
Repo - Represents a repository.
func (Repo) MarshalJSON ¶ added in v0.2.0
MarshalJSON implements the json.Marshaller interface for type Repo.
type RepoList ¶ added in v0.2.0
type RepoList struct { // REQUIRED; Array of repositories. Value []*Repo `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of repositories. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
RepoList - List all the source controls.
func (RepoList) MarshalJSON ¶ added in v0.2.0
MarshalJSON implements the json.Marshaller interface for type RepoList.
type RepoType ¶ added in v0.2.0
type RepoType string
RepoType - The type of repository.
func PossibleRepoTypeValues ¶ added in v0.2.0
func PossibleRepoTypeValues() []RepoType
PossibleRepoTypeValues returns the possible values for the RepoType const type.
type Repository ¶ added in v0.2.0
type Repository struct { // Branch name of repository. Branch *string `json:"branch,omitempty"` // Url to access repository action logs. DeploymentLogsURL *string `json:"deploymentLogsUrl,omitempty"` // Display url of repository. DisplayURL *string `json:"displayUrl,omitempty"` // Dictionary of source control content type and path mapping. PathMapping []*ContentPathMap `json:"pathMapping,omitempty"` // Url of repository. URL *string `json:"url,omitempty"` }
Repository - metadata of a repository.
func (Repository) MarshalJSON ¶ added in v0.2.0
func (r Repository) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type Repository.
type RequiredPermissions ¶ added in v0.2.0
type RequiredPermissions struct { // action permission Action *bool `json:"action,omitempty"` // delete permission Delete *bool `json:"delete,omitempty"` // read permission Read *bool `json:"read,omitempty"` // write permission Write *bool `json:"write,omitempty"` }
RequiredPermissions - Required permissions for the connector
type Resource ¶
type Resource struct { // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
Resource - Common fields that are returned in the response for all Azure Resource Manager resources
type ResourceProvider ¶ added in v0.2.0
type ResourceProvider struct { // Permission description text PermissionsDisplayText *string `json:"permissionsDisplayText,omitempty"` // Provider name Provider *ProviderName `json:"provider,omitempty"` // Permission provider display name ProviderDisplayName *string `json:"providerDisplayName,omitempty"` // Required permissions for the connector RequiredPermissions *RequiredPermissions `json:"requiredPermissions,omitempty"` // Permission provider scope Scope *PermissionProviderScope `json:"scope,omitempty"` }
ResourceProvider - Resource provider permissions required for the connector
type ResourceWithEtag ¶
type ResourceWithEtag struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ResourceWithEtag - An azure resource object with an Etag property
type SKU ¶ added in v0.2.0
type SKU struct { // The amount of reservation level CapacityReservationLevel *int32 `json:"capacityReservationLevel,omitempty"` // The kind of the tier Name *SKUKind `json:"name,omitempty"` }
SKU - The pricing tier of the solution
type SKUKind ¶ added in v0.2.0
type SKUKind string
SKUKind - The kind of the tier
func PossibleSKUKindValues ¶ added in v0.2.0
func PossibleSKUKindValues() []SKUKind
PossibleSKUKindValues returns the possible values for the SKUKind const type.
type SampleQueries ¶ added in v0.2.0
type SampleQueries struct { // The sample query description Description *string `json:"description,omitempty"` // the sample query Query *string `json:"query,omitempty"` }
SampleQueries - The sample queries for the connector
type ScheduledAlertRule ¶
type ScheduledAlertRule struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Scheduled alert rule properties Properties *ScheduledAlertRuleProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ScheduledAlertRule - Represents scheduled alert rule.
func (*ScheduledAlertRule) GetAlertRule ¶ added in v0.2.0
func (s *ScheduledAlertRule) GetAlertRule() *AlertRule
GetAlertRule implements the AlertRuleClassification interface for type ScheduledAlertRule.
func (ScheduledAlertRule) MarshalJSON ¶
func (s ScheduledAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRule.
func (*ScheduledAlertRule) UnmarshalJSON ¶
func (s *ScheduledAlertRule) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRule.
type ScheduledAlertRuleCommonProperties ¶
type ScheduledAlertRuleCommonProperties struct { // The event grouping settings. EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` // The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` // The operation against the threshold that triggers alert rule. TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"` // The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` }
ScheduledAlertRuleCommonProperties - Scheduled alert rule template property bag.
type ScheduledAlertRuleProperties ¶
type ScheduledAlertRuleProperties struct { // REQUIRED; The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty"` // REQUIRED; Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. SuppressionDuration *string `json:"suppressionDuration,omitempty"` // REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled. SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` // The alert details override settings AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` // The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // Dictionary of string key-value pairs of columns to be attached to the alert CustomDetails map[string]*string `json:"customDetails,omitempty"` // The description of the alert rule. Description *string `json:"description,omitempty"` // Array of the entity mappings of the alert rule EntityMappings []*EntityMapping `json:"entityMappings,omitempty"` // The event grouping settings. EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` // The settings of the incidents that created from alerts triggered by this analytics rule IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"` // The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` // The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty"` // The tactics of the alert rule Tactics []*AttackTactic `json:"tactics,omitempty"` // The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0 TemplateVersion *string `json:"templateVersion,omitempty"` // The operation against the threshold that triggers alert rule. TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"` // The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` // READ-ONLY; The last time that this alert rule has been modified. LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` }
ScheduledAlertRuleProperties - Scheduled alert rule base property bag.
func (ScheduledAlertRuleProperties) MarshalJSON ¶
func (s ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleProperties.
func (*ScheduledAlertRuleProperties) UnmarshalJSON ¶
func (s *ScheduledAlertRuleProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleProperties.
type ScheduledAlertRuleTemplate ¶
type ScheduledAlertRuleTemplate struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Scheduled alert rule template properties Properties *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ScheduledAlertRuleTemplate - Represents scheduled alert rule template.
func (*ScheduledAlertRuleTemplate) GetAlertRuleTemplate ¶ added in v0.2.0
func (s *ScheduledAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate
GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) MarshalJSON ¶
func (s ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplate.
func (*ScheduledAlertRuleTemplate) UnmarshalJSON ¶
func (s *ScheduledAlertRuleTemplate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplate.
type ScheduledAlertRuleTemplateProperties ¶
type ScheduledAlertRuleTemplateProperties struct { // The alert details override settings AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"` // the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // Dictionary of string key-value pairs of columns to be attached to the alert CustomDetails map[string]*string `json:"customDetails,omitempty"` // The description of the alert rule template. Description *string `json:"description,omitempty"` // The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // Array of the entity mappings of the alert rule EntityMappings []*EntityMapping `json:"entityMappings,omitempty"` // The event grouping settings. EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"` // The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` // The required data sources for this template RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty"` // The alert rule template status. Status *TemplateStatus `json:"status,omitempty"` // The tactics of the alert rule Tactics []*AttackTactic `json:"tactics,omitempty"` // The operation against the threshold that triggers alert rule. TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"` // The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` // The version of this template - in format , where all are numbers. For example . Version *string `json:"version,omitempty"` // READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` // READ-ONLY; The last time that this alert rule template has been updated. LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` }
ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties
func (ScheduledAlertRuleTemplateProperties) MarshalJSON ¶
func (s ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplateProperties.
func (*ScheduledAlertRuleTemplateProperties) UnmarshalJSON ¶
func (s *ScheduledAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplateProperties.
type SecurityAlert ¶ added in v0.2.0
type SecurityAlert struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // SecurityAlert entity properties Properties *SecurityAlertProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
SecurityAlert - Represents a security alert entity.
func (*SecurityAlert) GetEntity ¶ added in v0.2.0
func (s *SecurityAlert) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type SecurityAlert.
func (SecurityAlert) MarshalJSON ¶ added in v0.2.0
func (s SecurityAlert) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SecurityAlert.
func (*SecurityAlert) UnmarshalJSON ¶ added in v0.2.0
func (s *SecurityAlert) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlert.
type SecurityAlertProperties ¶ added in v0.2.0
type SecurityAlertProperties struct { // The severity of the alert Severity *AlertSeverity `json:"severity,omitempty"` // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The display name of the alert. AlertDisplayName *string `json:"alertDisplayName,omitempty" azure:"ro"` // READ-ONLY; The uri link of the alert. AlertLink *string `json:"alertLink,omitempty" azure:"ro"` // READ-ONLY; The type name of the alert. AlertType *string `json:"alertType,omitempty" azure:"ro"` // READ-ONLY; Display name of the main entity being reported on. CompromisedEntity *string `json:"compromisedEntity,omitempty" azure:"ro"` // READ-ONLY; The confidence level of this alert. ConfidenceLevel *ConfidenceLevel `json:"confidenceLevel,omitempty" azure:"ro"` // READ-ONLY; The confidence reasons ConfidenceReasons []*SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty" azure:"ro"` // READ-ONLY; The confidence score of the alert. ConfidenceScore *float64 `json:"confidenceScore,omitempty" azure:"ro"` // READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not // applicable or final. ConfidenceScoreStatus *ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty" azure:"ro"` // READ-ONLY; Alert description. Description *string `json:"description,omitempty" azure:"ro"` // READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). EndTimeUTC *time.Time `json:"endTimeUtc,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Intent *KillChainIntent `json:"intent,omitempty" azure:"ro"` // READ-ONLY; The time the alert was made available for consumption. ProcessingEndTime *time.Time `json:"processingEndTime,omitempty" azure:"ro"` // READ-ONLY; The name of a component inside the product which generated the alert. ProductComponentName *string `json:"productComponentName,omitempty" azure:"ro"` // READ-ONLY; The name of the product which published this alert. ProductName *string `json:"productName,omitempty" azure:"ro"` // READ-ONLY; The version of the product generating the alert. ProductVersion *string `json:"productVersion,omitempty" azure:"ro"` // READ-ONLY; The identifier of the alert inside the product which generated the alert. ProviderAlertID *string `json:"providerAlertId,omitempty" azure:"ro"` // READ-ONLY; Manual action items to take to remediate the alert. RemediationSteps []*string `json:"remediationSteps,omitempty" azure:"ro"` // READ-ONLY; The list of resource identifiers of the alert. ResourceIdentifiers []map[string]interface{} `json:"resourceIdentifiers,omitempty" azure:"ro"` // READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert). StartTimeUTC *time.Time `json:"startTimeUtc,omitempty" azure:"ro"` // READ-ONLY; The lifecycle status of the alert. Status *AlertStatus `json:"status,omitempty" azure:"ro"` // READ-ONLY; Holds the product identifier of the alert for the product. SystemAlertID *string `json:"systemAlertId,omitempty" azure:"ro"` // READ-ONLY; The tactics of the alert Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` // READ-ONLY; The time the alert was generated. TimeGenerated *time.Time `json:"timeGenerated,omitempty" azure:"ro"` // READ-ONLY; The name of the vendor that raise the alert. VendorName *string `json:"vendorName,omitempty" azure:"ro"` }
SecurityAlertProperties - SecurityAlert entity property bag.
func (SecurityAlertProperties) MarshalJSON ¶ added in v0.2.0
func (s SecurityAlertProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SecurityAlertProperties.
func (*SecurityAlertProperties) UnmarshalJSON ¶ added in v0.2.0
func (s *SecurityAlertProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertProperties.
type SecurityAlertPropertiesConfidenceReasonsItem ¶ added in v0.2.0
type SecurityAlertPropertiesConfidenceReasonsItem struct { // READ-ONLY; The reason's description Reason *string `json:"reason,omitempty" azure:"ro"` // READ-ONLY; The type (category) of the reason ReasonType *string `json:"reasonType,omitempty" azure:"ro"` }
SecurityAlertPropertiesConfidenceReasonsItem - confidence reason item
type SecurityAlertTimelineItem ¶ added in v0.2.0
type SecurityAlertTimelineItem struct { // REQUIRED; The name of the alert type. AlertType *string `json:"alertType,omitempty"` // REQUIRED; The alert azure resource id. AzureResourceID *string `json:"azureResourceId,omitempty"` // REQUIRED; The alert name. DisplayName *string `json:"displayName,omitempty"` // REQUIRED; The alert end time. EndTimeUTC *time.Time `json:"endTimeUtc,omitempty"` // REQUIRED; The entity query kind type. Kind *EntityTimelineKind `json:"kind,omitempty"` // REQUIRED; The alert severity. Severity *AlertSeverity `json:"severity,omitempty"` // REQUIRED; The alert start time. StartTimeUTC *time.Time `json:"startTimeUtc,omitempty"` // REQUIRED; The alert generated time. TimeGenerated *time.Time `json:"timeGenerated,omitempty"` // The alert description. Description *string `json:"description,omitempty"` // The alert product name. ProductName *string `json:"productName,omitempty"` }
SecurityAlertTimelineItem - Represents security alert timeline item.
func (*SecurityAlertTimelineItem) GetEntityTimelineItem ¶ added in v0.2.0
func (s *SecurityAlertTimelineItem) GetEntityTimelineItem() *EntityTimelineItem
GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type SecurityAlertTimelineItem.
func (SecurityAlertTimelineItem) MarshalJSON ¶ added in v0.2.0
func (s SecurityAlertTimelineItem) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SecurityAlertTimelineItem.
func (*SecurityAlertTimelineItem) UnmarshalJSON ¶ added in v0.2.0
func (s *SecurityAlertTimelineItem) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertTimelineItem.
type SecurityGroupEntity ¶ added in v0.2.0
type SecurityGroupEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // SecurityGroup entity properties Properties *SecurityGroupEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
SecurityGroupEntity - Represents a security group entity.
func (*SecurityGroupEntity) GetEntity ¶ added in v0.2.0
func (s *SecurityGroupEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type SecurityGroupEntity.
func (SecurityGroupEntity) MarshalJSON ¶ added in v0.2.0
func (s SecurityGroupEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntity.
func (*SecurityGroupEntity) UnmarshalJSON ¶ added in v0.2.0
func (s *SecurityGroupEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type SecurityGroupEntity.
type SecurityGroupEntityProperties ¶ added in v0.2.0
type SecurityGroupEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The group distinguished name DistinguishedName *string `json:"distinguishedName,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory. ObjectGUID *string `json:"objectGuid,omitempty" azure:"ro"` // READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group Sid *string `json:"sid,omitempty" azure:"ro"` }
SecurityGroupEntityProperties - SecurityGroup entity property bag.
func (SecurityGroupEntityProperties) MarshalJSON ¶ added in v0.2.0
func (s SecurityGroupEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntityProperties.
type SentinelOnboardingState ¶ added in v0.2.0
type SentinelOnboardingState struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // The Sentinel onboarding state object Properties *SentinelOnboardingStateProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
SentinelOnboardingState - Sentinel onboarding state
type SentinelOnboardingStateProperties ¶ added in v0.2.0
type SentinelOnboardingStateProperties struct { // Flag that indicates the status of the CMK setting CustomerManagedKey *bool `json:"customerManagedKey,omitempty"` }
SentinelOnboardingStateProperties - The Sentinel onboarding state properties
type SentinelOnboardingStatesClient ¶ added in v0.2.0
type SentinelOnboardingStatesClient struct {
// contains filtered or unexported fields
}
SentinelOnboardingStatesClient contains the methods for the SentinelOnboardingStates group. Don't use this type directly, use NewSentinelOnboardingStatesClient() instead.
func NewSentinelOnboardingStatesClient ¶ added in v0.2.0
func NewSentinelOnboardingStatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *SentinelOnboardingStatesClient
NewSentinelOnboardingStatesClient creates a new instance of SentinelOnboardingStatesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*SentinelOnboardingStatesClient) Create ¶ added in v0.2.0
func (client *SentinelOnboardingStatesClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientCreateOptions) (SentinelOnboardingStatesClientCreateResponse, error)
Create - Create Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default options - SentinelOnboardingStatesClientCreateOptions contains the optional parameters for the SentinelOnboardingStatesClient.Create method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewSentinelOnboardingStatesClient("<subscription-id>", cred, nil) res, err := client.Create(ctx, "<resource-group-name>", "<workspace-name>", "<sentinel-onboarding-state-name>", &armsecurityinsight.SentinelOnboardingStatesClientCreateOptions{SentinelOnboardingStateParameter: &armsecurityinsight.SentinelOnboardingState{ Properties: &armsecurityinsight.SentinelOnboardingStateProperties{ CustomerManagedKey: to.BoolPtr(false), }, }, }) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.SentinelOnboardingStatesClientCreateResult) }
Output:
func (*SentinelOnboardingStatesClient) Delete ¶ added in v0.2.0
func (client *SentinelOnboardingStatesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientDeleteOptions) (SentinelOnboardingStatesClientDeleteResponse, error)
Delete - Delete Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default options - SentinelOnboardingStatesClientDeleteOptions contains the optional parameters for the SentinelOnboardingStatesClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewSentinelOnboardingStatesClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<sentinel-onboarding-state-name>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*SentinelOnboardingStatesClient) Get ¶ added in v0.2.0
func (client *SentinelOnboardingStatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientGetOptions) (SentinelOnboardingStatesClientGetResponse, error)
Get - Get Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default options - SentinelOnboardingStatesClientGetOptions contains the optional parameters for the SentinelOnboardingStatesClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewSentinelOnboardingStatesClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<sentinel-onboarding-state-name>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.SentinelOnboardingStatesClientGetResult) }
Output:
func (*SentinelOnboardingStatesClient) List ¶ added in v0.2.0
func (client *SentinelOnboardingStatesClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *SentinelOnboardingStatesClientListOptions) (SentinelOnboardingStatesClientListResponse, error)
List - Gets all Sentinel onboarding states If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewSentinelOnboardingStatesClient("<subscription-id>", cred, nil) res, err := client.List(ctx, "<resource-group-name>", "<workspace-name>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.SentinelOnboardingStatesClientListResult) }
Output:
type SentinelOnboardingStatesClientCreateOptions ¶ added in v0.2.0
type SentinelOnboardingStatesClientCreateOptions struct { // The Sentinel onboarding state parameter SentinelOnboardingStateParameter *SentinelOnboardingState }
SentinelOnboardingStatesClientCreateOptions contains the optional parameters for the SentinelOnboardingStatesClient.Create method.
type SentinelOnboardingStatesClientCreateResponse ¶ added in v0.2.0
type SentinelOnboardingStatesClientCreateResponse struct { SentinelOnboardingStatesClientCreateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
SentinelOnboardingStatesClientCreateResponse contains the response from method SentinelOnboardingStatesClient.Create.
type SentinelOnboardingStatesClientCreateResult ¶ added in v0.2.0
type SentinelOnboardingStatesClientCreateResult struct {
SentinelOnboardingState
}
SentinelOnboardingStatesClientCreateResult contains the result from method SentinelOnboardingStatesClient.Create.
type SentinelOnboardingStatesClientDeleteOptions ¶ added in v0.2.0
type SentinelOnboardingStatesClientDeleteOptions struct { }
SentinelOnboardingStatesClientDeleteOptions contains the optional parameters for the SentinelOnboardingStatesClient.Delete method.
type SentinelOnboardingStatesClientDeleteResponse ¶ added in v0.2.0
type SentinelOnboardingStatesClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
SentinelOnboardingStatesClientDeleteResponse contains the response from method SentinelOnboardingStatesClient.Delete.
type SentinelOnboardingStatesClientGetOptions ¶ added in v0.2.0
type SentinelOnboardingStatesClientGetOptions struct { }
SentinelOnboardingStatesClientGetOptions contains the optional parameters for the SentinelOnboardingStatesClient.Get method.
type SentinelOnboardingStatesClientGetResponse ¶ added in v0.2.0
type SentinelOnboardingStatesClientGetResponse struct { SentinelOnboardingStatesClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
SentinelOnboardingStatesClientGetResponse contains the response from method SentinelOnboardingStatesClient.Get.
type SentinelOnboardingStatesClientGetResult ¶ added in v0.2.0
type SentinelOnboardingStatesClientGetResult struct {
SentinelOnboardingState
}
SentinelOnboardingStatesClientGetResult contains the result from method SentinelOnboardingStatesClient.Get.
type SentinelOnboardingStatesClientListOptions ¶ added in v0.2.0
type SentinelOnboardingStatesClientListOptions struct { }
SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List method.
type SentinelOnboardingStatesClientListResponse ¶ added in v0.2.0
type SentinelOnboardingStatesClientListResponse struct { SentinelOnboardingStatesClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
SentinelOnboardingStatesClientListResponse contains the response from method SentinelOnboardingStatesClient.List.
type SentinelOnboardingStatesClientListResult ¶ added in v0.2.0
type SentinelOnboardingStatesClientListResult struct {
SentinelOnboardingStatesList
}
SentinelOnboardingStatesClientListResult contains the result from method SentinelOnboardingStatesClient.List.
type SentinelOnboardingStatesList ¶ added in v0.2.0
type SentinelOnboardingStatesList struct { // REQUIRED; Array of Sentinel onboarding states Value []*SentinelOnboardingState `json:"value,omitempty"` }
SentinelOnboardingStatesList - List of the Sentinel onboarding states
func (SentinelOnboardingStatesList) MarshalJSON ¶ added in v0.2.0
func (s SentinelOnboardingStatesList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingStatesList.
type SettingKind ¶ added in v0.2.0
type SettingKind string
SettingKind - The kind of the setting
const ( SettingKindAnomalies SettingKind = "Anomalies" SettingKindEntityAnalytics SettingKind = "EntityAnalytics" SettingKindEyesOn SettingKind = "EyesOn" SettingKindUeba SettingKind = "Ueba" )
func PossibleSettingKindValues ¶ added in v0.2.0
func PossibleSettingKindValues() []SettingKind
PossibleSettingKindValues returns the possible values for the SettingKind const type.
func (SettingKind) ToPtr ¶ added in v0.2.0
func (c SettingKind) ToPtr() *SettingKind
ToPtr returns a *SettingKind pointing to the current value.
type SettingList ¶ added in v0.2.0
type SettingList struct { // REQUIRED; Array of settings. Value []SettingsClassification `json:"value,omitempty"` }
SettingList - List of all the settings.
func (SettingList) MarshalJSON ¶ added in v0.2.0
func (s SettingList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SettingList.
func (*SettingList) UnmarshalJSON ¶ added in v0.2.0
func (s *SettingList) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type SettingList.
type SettingType ¶ added in v0.2.0
type SettingType string
SettingType - The kind of the setting
const ( SettingTypeCopyableLabel SettingType = "CopyableLabel" SettingTypeInfoMessage SettingType = "InfoMessage" SettingTypeInstructionStepsGroup SettingType = "InstructionStepsGroup" )
func PossibleSettingTypeValues ¶ added in v0.2.0
func PossibleSettingTypeValues() []SettingType
PossibleSettingTypeValues returns the possible values for the SettingType const type.
func (SettingType) ToPtr ¶ added in v0.2.0
func (c SettingType) ToPtr() *SettingType
ToPtr returns a *SettingType pointing to the current value.
type Settings ¶ added in v0.2.0
type Settings struct { // REQUIRED; The kind of the setting Kind *SettingKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
Settings - The Setting.
func (*Settings) GetSettings ¶ added in v0.2.0
GetSettings implements the SettingsClassification interface for type Settings.
type SettingsClassification ¶ added in v0.2.0
type SettingsClassification interface { // GetSettings returns the Settings content of the underlying type. GetSettings() *Settings }
SettingsClassification provides polymorphic access to related types. Call the interface's GetSettings() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *Anomalies, *EntityAnalytics, *EyesOn, *Settings, *Ueba
type Source ¶ added in v0.2.0
type Source string
Source - The source of the watchlist
func PossibleSourceValues ¶ added in v0.2.0
func PossibleSourceValues() []Source
PossibleSourceValues returns the possible values for the Source const type.
type SourceControl ¶ added in v0.2.0
type SourceControl struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // source control properties Properties *SourceControlProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
SourceControl - Represents a SourceControl in Azure Security Insights.
type SourceControlClient ¶ added in v0.2.0
type SourceControlClient struct {
// contains filtered or unexported fields
}
SourceControlClient contains the methods for the SourceControl group. Don't use this type directly, use NewSourceControlClient() instead.
func NewSourceControlClient ¶ added in v0.2.0
func NewSourceControlClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *SourceControlClient
NewSourceControlClient creates a new instance of SourceControlClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*SourceControlClient) ListRepositories ¶ added in v0.2.0
func (client *SourceControlClient) ListRepositories(resourceGroupName string, workspaceName string, repoType RepoType, options *SourceControlClientListRepositoriesOptions) *SourceControlClientListRepositoriesPager
ListRepositories - Gets a list of repositories metadata. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. repoType - The repo type. options - SourceControlClientListRepositoriesOptions contains the optional parameters for the SourceControlClient.ListRepositories method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/repositories/GetRepositories.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewSourceControlClient("<subscription-id>", cred, nil) pager := client.ListRepositories("<resource-group-name>", "<workspace-name>", armsecurityinsight.RepoType("Github"), nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type SourceControlClientListRepositoriesOptions ¶ added in v0.2.0
type SourceControlClientListRepositoriesOptions struct { }
SourceControlClientListRepositoriesOptions contains the optional parameters for the SourceControlClient.ListRepositories method.
type SourceControlClientListRepositoriesPager ¶ added in v0.2.0
type SourceControlClientListRepositoriesPager struct {
// contains filtered or unexported fields
}
SourceControlClientListRepositoriesPager provides operations for iterating over paged responses.
func (*SourceControlClientListRepositoriesPager) Err ¶ added in v0.2.0
func (p *SourceControlClientListRepositoriesPager) Err() error
Err returns the last error encountered while paging.
func (*SourceControlClientListRepositoriesPager) NextPage ¶ added in v0.2.0
func (p *SourceControlClientListRepositoriesPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*SourceControlClientListRepositoriesPager) PageResponse ¶ added in v0.2.0
func (p *SourceControlClientListRepositoriesPager) PageResponse() SourceControlClientListRepositoriesResponse
PageResponse returns the current SourceControlClientListRepositoriesResponse page.
type SourceControlClientListRepositoriesResponse ¶ added in v0.2.0
type SourceControlClientListRepositoriesResponse struct { SourceControlClientListRepositoriesResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
SourceControlClientListRepositoriesResponse contains the response from method SourceControlClient.ListRepositories.
type SourceControlClientListRepositoriesResult ¶ added in v0.2.0
type SourceControlClientListRepositoriesResult struct {
RepoList
}
SourceControlClientListRepositoriesResult contains the result from method SourceControlClient.ListRepositories.
type SourceControlList ¶ added in v0.2.0
type SourceControlList struct { // REQUIRED; Array of source controls. Value []*SourceControl `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of source controls. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
SourceControlList - List all the source controls.
func (SourceControlList) MarshalJSON ¶ added in v0.2.0
func (s SourceControlList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SourceControlList.
type SourceControlProperties ¶ added in v0.2.0
type SourceControlProperties struct { // REQUIRED; Array of source control content types. ContentTypes []*ContentType `json:"contentTypes,omitempty"` // REQUIRED; The display name of the source control DisplayName *string `json:"displayName,omitempty"` // REQUIRED; The repository type of the source control RepoType *RepoType `json:"repoType,omitempty"` // REQUIRED; Repository metadata. Repository *Repository `json:"repository,omitempty"` // A description of the source control Description *string `json:"description,omitempty"` // The id (a Guid) of the source control ID *string `json:"id,omitempty"` }
SourceControlProperties - Describes source control properties
func (SourceControlProperties) MarshalJSON ¶ added in v0.2.0
func (s SourceControlProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SourceControlProperties.
type SourceControlsClient ¶ added in v0.2.0
type SourceControlsClient struct {
// contains filtered or unexported fields
}
SourceControlsClient contains the methods for the SourceControls group. Don't use this type directly, use NewSourceControlsClient() instead.
func NewSourceControlsClient ¶ added in v0.2.0
func NewSourceControlsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *SourceControlsClient
NewSourceControlsClient creates a new instance of SourceControlsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*SourceControlsClient) Create ¶ added in v0.2.0
func (client *SourceControlsClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, sourceControl SourceControl, options *SourceControlsClientCreateOptions) (SourceControlsClientCreateResponse, error)
Create - Creates a source control. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sourceControlID - Source control Id sourceControl - The SourceControl options - SourceControlsClientCreateOptions contains the optional parameters for the SourceControlsClient.Create method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/CreateSourceControl.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewSourceControlsClient("<subscription-id>", cred, nil) res, err := client.Create(ctx, "<resource-group-name>", "<workspace-name>", "<source-control-id>", armsecurityinsight.SourceControl{ Etag: to.StringPtr("<etag>"), Properties: &armsecurityinsight.SourceControlProperties{ Description: to.StringPtr("<description>"), ContentTypes: []*armsecurityinsight.ContentType{ armsecurityinsight.ContentType("AnalyticRules").ToPtr(), armsecurityinsight.ContentType("Workbook").ToPtr()}, DisplayName: to.StringPtr("<display-name>"), RepoType: armsecurityinsight.RepoType("Github").ToPtr(), Repository: &armsecurityinsight.Repository{ Branch: to.StringPtr("<branch>"), DisplayURL: to.StringPtr("<display-url>"), PathMapping: []*armsecurityinsight.ContentPathMap{ { Path: to.StringPtr("<path>"), ContentType: armsecurityinsight.ContentType("AnalyticRules").ToPtr(), }, { Path: to.StringPtr("<path>"), ContentType: armsecurityinsight.ContentType("Workbook").ToPtr(), }}, URL: to.StringPtr("<url>"), }, }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.SourceControlsClientCreateResult) }
Output:
func (*SourceControlsClient) Delete ¶ added in v0.2.0
func (client *SourceControlsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientDeleteOptions) (SourceControlsClientDeleteResponse, error)
Delete - Delete a source control. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sourceControlID - Source control Id options - SourceControlsClientDeleteOptions contains the optional parameters for the SourceControlsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewSourceControlsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<source-control-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*SourceControlsClient) Get ¶ added in v0.2.0
func (client *SourceControlsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientGetOptions) (SourceControlsClientGetResponse, error)
Get - Gets a source control byt its identifier. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sourceControlID - Source control Id options - SourceControlsClientGetOptions contains the optional parameters for the SourceControlsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/GetSourceControlById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewSourceControlsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<source-control-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.SourceControlsClientGetResult) }
Output:
func (*SourceControlsClient) List ¶ added in v0.2.0
func (client *SourceControlsClient) List(resourceGroupName string, workspaceName string, options *SourceControlsClientListOptions) *SourceControlsClientListPager
List - Gets all source controls, without source control items. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - SourceControlsClientListOptions contains the optional parameters for the SourceControlsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/GetSourceControls.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewSourceControlsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type SourceControlsClientCreateOptions ¶ added in v0.2.0
type SourceControlsClientCreateOptions struct { }
SourceControlsClientCreateOptions contains the optional parameters for the SourceControlsClient.Create method.
type SourceControlsClientCreateResponse ¶ added in v0.2.0
type SourceControlsClientCreateResponse struct { SourceControlsClientCreateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
SourceControlsClientCreateResponse contains the response from method SourceControlsClient.Create.
type SourceControlsClientCreateResult ¶ added in v0.2.0
type SourceControlsClientCreateResult struct {
SourceControl
}
SourceControlsClientCreateResult contains the result from method SourceControlsClient.Create.
type SourceControlsClientDeleteOptions ¶ added in v0.2.0
type SourceControlsClientDeleteOptions struct { }
SourceControlsClientDeleteOptions contains the optional parameters for the SourceControlsClient.Delete method.
type SourceControlsClientDeleteResponse ¶ added in v0.2.0
type SourceControlsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
SourceControlsClientDeleteResponse contains the response from method SourceControlsClient.Delete.
type SourceControlsClientGetOptions ¶ added in v0.2.0
type SourceControlsClientGetOptions struct { }
SourceControlsClientGetOptions contains the optional parameters for the SourceControlsClient.Get method.
type SourceControlsClientGetResponse ¶ added in v0.2.0
type SourceControlsClientGetResponse struct { SourceControlsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
SourceControlsClientGetResponse contains the response from method SourceControlsClient.Get.
type SourceControlsClientGetResult ¶ added in v0.2.0
type SourceControlsClientGetResult struct {
SourceControl
}
SourceControlsClientGetResult contains the result from method SourceControlsClient.Get.
type SourceControlsClientListOptions ¶ added in v0.2.0
type SourceControlsClientListOptions struct { }
SourceControlsClientListOptions contains the optional parameters for the SourceControlsClient.List method.
type SourceControlsClientListPager ¶ added in v0.2.0
type SourceControlsClientListPager struct {
// contains filtered or unexported fields
}
SourceControlsClientListPager provides operations for iterating over paged responses.
func (*SourceControlsClientListPager) Err ¶ added in v0.2.0
func (p *SourceControlsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*SourceControlsClientListPager) NextPage ¶ added in v0.2.0
func (p *SourceControlsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*SourceControlsClientListPager) PageResponse ¶ added in v0.2.0
func (p *SourceControlsClientListPager) PageResponse() SourceControlsClientListResponse
PageResponse returns the current SourceControlsClientListResponse page.
type SourceControlsClientListResponse ¶ added in v0.2.0
type SourceControlsClientListResponse struct { SourceControlsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
SourceControlsClientListResponse contains the response from method SourceControlsClient.List.
type SourceControlsClientListResult ¶ added in v0.2.0
type SourceControlsClientListResult struct {
SourceControlList
}
SourceControlsClientListResult contains the result from method SourceControlsClient.List.
type SourceKind ¶ added in v0.2.0
type SourceKind string
SourceKind - Source type of the content
const ( SourceKindCommunity SourceKind = "Community" SourceKindLocalWorkspace SourceKind = "LocalWorkspace" SourceKindSolution SourceKind = "Solution" SourceKindSourceRepository SourceKind = "SourceRepository" )
func PossibleSourceKindValues ¶ added in v0.2.0
func PossibleSourceKindValues() []SourceKind
PossibleSourceKindValues returns the possible values for the SourceKind const type.
func (SourceKind) ToPtr ¶ added in v0.2.0
func (c SourceKind) ToPtr() *SourceKind
ToPtr returns a *SourceKind pointing to the current value.
type SubmissionMailEntity ¶ added in v0.2.0
type SubmissionMailEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // Submission mail entity properties Properties *SubmissionMailEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
SubmissionMailEntity - Represents a submission mail entity.
func (*SubmissionMailEntity) GetEntity ¶ added in v0.2.0
func (s *SubmissionMailEntity) GetEntity() *Entity
GetEntity implements the EntityClassification interface for type SubmissionMailEntity.
func (SubmissionMailEntity) MarshalJSON ¶ added in v0.2.0
func (s SubmissionMailEntity) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntity.
func (*SubmissionMailEntity) UnmarshalJSON ¶ added in v0.2.0
func (s *SubmissionMailEntity) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntity.
type SubmissionMailEntityProperties ¶ added in v0.2.0
type SubmissionMailEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; The network message id of email to which submission belongs NetworkMessageID *string `json:"networkMessageId,omitempty" azure:"ro"` // READ-ONLY; The recipient of the mail Recipient *string `json:"recipient,omitempty" azure:"ro"` // READ-ONLY; The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk. ReportType *string `json:"reportType,omitempty" azure:"ro"` // READ-ONLY; The sender of the mail Sender *string `json:"sender,omitempty" azure:"ro"` // READ-ONLY; The sender's IP SenderIP *string `json:"senderIp,omitempty" azure:"ro"` // READ-ONLY; The subject of submission mail Subject *string `json:"subject,omitempty" azure:"ro"` // READ-ONLY; The submission date SubmissionDate *time.Time `json:"submissionDate,omitempty" azure:"ro"` // READ-ONLY; The submission id SubmissionID *string `json:"submissionId,omitempty" azure:"ro"` // READ-ONLY; The submitter Submitter *string `json:"submitter,omitempty" azure:"ro"` // READ-ONLY; The Time stamp when the message is received (Mail) Timestamp *time.Time `json:"timestamp,omitempty" azure:"ro"` }
SubmissionMailEntityProperties - Submission mail entity property bag.
func (SubmissionMailEntityProperties) MarshalJSON ¶ added in v0.2.0
func (s SubmissionMailEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntityProperties.
func (*SubmissionMailEntityProperties) UnmarshalJSON ¶ added in v0.2.0
func (s *SubmissionMailEntityProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntityProperties.
type SupportTier ¶ added in v0.2.0
type SupportTier string
SupportTier - Type of support for content item
const ( SupportTierCommunity SupportTier = "Community" SupportTierMicrosoft SupportTier = "Microsoft" SupportTierPartner SupportTier = "Partner" )
func PossibleSupportTierValues ¶ added in v0.2.0
func PossibleSupportTierValues() []SupportTier
PossibleSupportTierValues returns the possible values for the SupportTier const type.
func (SupportTier) ToPtr ¶ added in v0.2.0
func (c SupportTier) ToPtr() *SupportTier
ToPtr returns a *SupportTier pointing to the current value.
type SystemData ¶ added in v0.2.0
type SystemData struct { // The timestamp of resource creation (UTC). CreatedAt *time.Time `json:"createdAt,omitempty"` // The identity that created the resource. CreatedBy *string `json:"createdBy,omitempty"` // The type of identity that created the resource. CreatedByType *CreatedByType `json:"createdByType,omitempty"` // The timestamp of resource last modification (UTC) LastModifiedAt *time.Time `json:"lastModifiedAt,omitempty"` // The identity that last modified the resource. LastModifiedBy *string `json:"lastModifiedBy,omitempty"` // The type of identity that last modified the resource. LastModifiedByType *CreatedByType `json:"lastModifiedByType,omitempty"` }
SystemData - Metadata pertaining to creation and last modification of the resource.
func (SystemData) MarshalJSON ¶ added in v0.2.0
func (s SystemData) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type SystemData.
func (*SystemData) UnmarshalJSON ¶ added in v0.2.0
func (s *SystemData) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type SystemData.
type TICheckRequirements ¶ added in v0.2.0
type TICheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // Threat Intelligence Platforms data connector check required properties Properties *TICheckRequirementsProperties `json:"properties,omitempty"` }
TICheckRequirements - Threat Intelligence Platforms data connector check requirements
func (*TICheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (t *TICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type TICheckRequirements.
func (TICheckRequirements) MarshalJSON ¶ added in v0.2.0
func (t TICheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type TICheckRequirements.
func (*TICheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (t *TICheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type TICheckRequirements.
type TICheckRequirementsProperties ¶ added in v0.2.0
type TICheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
TICheckRequirementsProperties - Threat Intelligence Platforms data connector required properties.
type TIDataConnector ¶
type TIDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // TI (Threat Intelligence) data connector properties. Properties *TIDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
TIDataConnector - Represents threat intelligence data connector.
func (*TIDataConnector) GetDataConnector ¶ added in v0.2.0
func (t *TIDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type TIDataConnector.
func (TIDataConnector) MarshalJSON ¶
func (t TIDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type TIDataConnector.
func (*TIDataConnector) UnmarshalJSON ¶
func (t *TIDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnector.
type TIDataConnectorDataTypes ¶
type TIDataConnectorDataTypes struct { // REQUIRED; Data type for indicators connection. Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` }
TIDataConnectorDataTypes - The available data types for TI (Threat Intelligence) data connector.
type TIDataConnectorDataTypesIndicators ¶
type TIDataConnectorDataTypesIndicators struct { // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
TIDataConnectorDataTypesIndicators - Data type for indicators connection.
type TIDataConnectorProperties ¶
type TIDataConnectorProperties struct { // REQUIRED; The available data types for the connector. DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // The lookback period for the feed to be imported. TipLookbackPeriod *time.Time `json:"tipLookbackPeriod,omitempty"` }
TIDataConnectorProperties - TI (Threat Intelligence) data connector properties.
func (TIDataConnectorProperties) MarshalJSON ¶
func (t TIDataConnectorProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type TIDataConnectorProperties.
func (*TIDataConnectorProperties) UnmarshalJSON ¶
func (t *TIDataConnectorProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorProperties.
type TeamInformation ¶ added in v0.2.0
type TeamInformation struct { // READ-ONLY; The description of the team Description *string `json:"description,omitempty" azure:"ro"` // READ-ONLY; The name of the team Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; The primary channel URL of the team PrimaryChannelURL *string `json:"primaryChannelUrl,omitempty" azure:"ro"` // READ-ONLY; The time the team was created TeamCreationTimeUTC *time.Time `json:"teamCreationTimeUtc,omitempty" azure:"ro"` // READ-ONLY; Team ID TeamID *string `json:"teamId,omitempty" azure:"ro"` }
TeamInformation - Describes team information
func (TeamInformation) MarshalJSON ¶ added in v0.2.0
func (t TeamInformation) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type TeamInformation.
func (*TeamInformation) UnmarshalJSON ¶ added in v0.2.0
func (t *TeamInformation) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type TeamInformation.
type TeamProperties ¶ added in v0.2.0
type TeamProperties struct { // REQUIRED; The name of the team TeamName *string `json:"teamName,omitempty"` // List of group IDs to add their members to the team GroupIDs []*string `json:"groupIds,omitempty"` // List of member IDs to add to the team MemberIDs []*string `json:"memberIds,omitempty"` // The description of the team TeamDescription *string `json:"teamDescription,omitempty"` }
TeamProperties - Describes team properties
func (TeamProperties) MarshalJSON ¶ added in v0.2.0
func (t TeamProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type TeamProperties.
type TemplateStatus ¶
type TemplateStatus string
TemplateStatus - The alert rule template status.
const ( // TemplateStatusAvailable - Alert rule template is available. TemplateStatusAvailable TemplateStatus = "Available" // TemplateStatusInstalled - Alert rule template installed. and can not use more then once TemplateStatusInstalled TemplateStatus = "Installed" // TemplateStatusNotAvailable - Alert rule template is not available TemplateStatusNotAvailable TemplateStatus = "NotAvailable" )
func PossibleTemplateStatusValues ¶
func PossibleTemplateStatusValues() []TemplateStatus
PossibleTemplateStatusValues returns the possible values for the TemplateStatus const type.
func (TemplateStatus) ToPtr ¶
func (c TemplateStatus) ToPtr() *TemplateStatus
ToPtr returns a *TemplateStatus pointing to the current value.
type ThreatIntelligence ¶
type ThreatIntelligence struct { // READ-ONLY; Confidence (must be between 0 and 1) Confidence *float64 `json:"confidence,omitempty" azure:"ro"` // READ-ONLY; Name of the provider from whom this Threat Intelligence information was received ProviderName *string `json:"providerName,omitempty" azure:"ro"` // READ-ONLY; Report link ReportLink *string `json:"reportLink,omitempty" azure:"ro"` // READ-ONLY; Threat description (free text) ThreatDescription *string `json:"threatDescription,omitempty" azure:"ro"` // READ-ONLY; Threat name (e.g. "Jedobot malware") ThreatName *string `json:"threatName,omitempty" azure:"ro"` // READ-ONLY; Threat type (e.g. "Botnet") ThreatType *string `json:"threatType,omitempty" azure:"ro"` }
ThreatIntelligence property bag.
type ThreatIntelligenceAlertRule ¶ added in v0.2.0
type ThreatIntelligenceAlertRule struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Threat Intelligence alert rule properties Properties *ThreatIntelligenceAlertRuleProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ThreatIntelligenceAlertRule - Represents Threat Intelligence alert rule.
func (*ThreatIntelligenceAlertRule) GetAlertRule ¶ added in v0.2.0
func (t *ThreatIntelligenceAlertRule) GetAlertRule() *AlertRule
GetAlertRule implements the AlertRuleClassification interface for type ThreatIntelligenceAlertRule.
func (ThreatIntelligenceAlertRule) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRule.
func (*ThreatIntelligenceAlertRule) UnmarshalJSON ¶ added in v0.2.0
func (t *ThreatIntelligenceAlertRule) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRule.
type ThreatIntelligenceAlertRuleProperties ¶ added in v0.2.0
type ThreatIntelligenceAlertRuleProperties struct { // REQUIRED; The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // REQUIRED; Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // READ-ONLY; The description of the alert rule. Description *string `json:"description,omitempty" azure:"ro"` // READ-ONLY; The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty" azure:"ro"` // READ-ONLY; The last time that this alert has been modified. LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"` // READ-ONLY; The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"` // READ-ONLY; The tactics of the alert rule Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"` }
ThreatIntelligenceAlertRuleProperties - Threat Intelligence alert rule base property bag.
func (ThreatIntelligenceAlertRuleProperties) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceAlertRuleProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleProperties.
func (*ThreatIntelligenceAlertRuleProperties) UnmarshalJSON ¶ added in v0.2.0
func (t *ThreatIntelligenceAlertRuleProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleProperties.
type ThreatIntelligenceAlertRuleTemplate ¶ added in v0.2.0
type ThreatIntelligenceAlertRuleTemplate struct { // REQUIRED; The kind of the alert rule Kind *AlertRuleKind `json:"kind,omitempty"` // Threat Intelligence alert rule template properties Properties *ThreatIntelligenceAlertRuleTemplateProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ThreatIntelligenceAlertRuleTemplate - Represents Threat Intelligence alert rule template.
func (*ThreatIntelligenceAlertRuleTemplate) GetAlertRuleTemplate ¶ added in v0.2.0
func (t *ThreatIntelligenceAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate
GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type ThreatIntelligenceAlertRuleTemplate.
func (ThreatIntelligenceAlertRuleTemplate) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleTemplate.
func (*ThreatIntelligenceAlertRuleTemplate) UnmarshalJSON ¶ added in v0.2.0
func (t *ThreatIntelligenceAlertRuleTemplate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleTemplate.
type ThreatIntelligenceAlertRuleTemplateProperties ¶ added in v0.2.0
type ThreatIntelligenceAlertRuleTemplateProperties struct { // REQUIRED; The severity for alerts created by this alert rule. Severity *AlertSeverity `json:"severity,omitempty"` // the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // The description of the alert rule template. Description *string `json:"description,omitempty"` // The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // The required data sources for this template RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"` // The alert rule template status. Status *TemplateStatus `json:"status,omitempty"` // The tactics of the alert rule template Tactics []*AttackTactic `json:"tactics,omitempty"` // READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"` // READ-ONLY; The last time that this alert rule template has been updated. LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"` }
ThreatIntelligenceAlertRuleTemplateProperties - Threat Intelligence alert rule template properties
func (ThreatIntelligenceAlertRuleTemplateProperties) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleTemplateProperties.
func (*ThreatIntelligenceAlertRuleTemplateProperties) UnmarshalJSON ¶ added in v0.2.0
func (t *ThreatIntelligenceAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleTemplateProperties.
type ThreatIntelligenceAppendTags ¶ added in v0.2.0
type ThreatIntelligenceAppendTags struct { // List of tags to be appended. ThreatIntelligenceTags []*string `json:"threatIntelligenceTags,omitempty"` }
ThreatIntelligenceAppendTags - Array of tags to be appended to the threat intelligence indicator.
func (ThreatIntelligenceAppendTags) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceAppendTags) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAppendTags.
type ThreatIntelligenceExternalReference ¶ added in v0.2.0
type ThreatIntelligenceExternalReference struct { // External reference description Description *string `json:"description,omitempty"` // External reference ID ExternalID *string `json:"externalId,omitempty"` // External reference hashes Hashes map[string]*string `json:"hashes,omitempty"` // External reference source name SourceName *string `json:"sourceName,omitempty"` // External reference URL URL *string `json:"url,omitempty"` }
ThreatIntelligenceExternalReference - Describes external reference
func (ThreatIntelligenceExternalReference) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceExternalReference) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceExternalReference.
type ThreatIntelligenceFilteringCriteria ¶ added in v0.2.0
type ThreatIntelligenceFilteringCriteria struct { // Ids of threat intelligence indicators IDs []*string `json:"ids,omitempty"` // Parameter to include/exclude disabled indicators. IncludeDisabled *bool `json:"includeDisabled,omitempty"` // Keywords for searching threat intelligence indicators Keywords []*string `json:"keywords,omitempty"` // Maximum confidence. MaxConfidence *int32 `json:"maxConfidence,omitempty"` // End time for ValidUntil filter. MaxValidUntil *string `json:"maxValidUntil,omitempty"` // Minimum confidence. MinConfidence *int32 `json:"minConfidence,omitempty"` // Start time for ValidUntil filter. MinValidUntil *string `json:"minValidUntil,omitempty"` // Page size PageSize *int32 `json:"pageSize,omitempty"` // Pattern types PatternTypes []*string `json:"patternTypes,omitempty"` // Skip token. SkipToken *string `json:"skipToken,omitempty"` // Columns to sort by and sorting order SortBy []*ThreatIntelligenceSortingCriteria `json:"sortBy,omitempty"` // Sources of threat intelligence indicators Sources []*string `json:"sources,omitempty"` // Threat types of threat intelligence indicators ThreatTypes []*string `json:"threatTypes,omitempty"` }
ThreatIntelligenceFilteringCriteria - Filtering criteria for querying threat intelligence indicators.
func (ThreatIntelligenceFilteringCriteria) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceFilteringCriteria) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceFilteringCriteria.
type ThreatIntelligenceGranularMarkingModel ¶ added in v0.2.0
type ThreatIntelligenceGranularMarkingModel struct { // Language granular marking model Language *string `json:"language,omitempty"` // marking reference granular marking model MarkingRef *int32 `json:"markingRef,omitempty"` // granular marking model selectors Selectors []*string `json:"selectors,omitempty"` }
ThreatIntelligenceGranularMarkingModel - Describes threat granular marking model entity
func (ThreatIntelligenceGranularMarkingModel) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceGranularMarkingModel) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceGranularMarkingModel.
type ThreatIntelligenceIndicatorClient ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClient struct {
// contains filtered or unexported fields
}
ThreatIntelligenceIndicatorClient contains the methods for the ThreatIntelligenceIndicator group. Don't use this type directly, use NewThreatIntelligenceIndicatorClient() instead.
func NewThreatIntelligenceIndicatorClient ¶ added in v0.2.0
func NewThreatIntelligenceIndicatorClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *ThreatIntelligenceIndicatorClient
NewThreatIntelligenceIndicatorClient creates a new instance of ThreatIntelligenceIndicatorClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*ThreatIntelligenceIndicatorClient) AppendTags ¶ added in v0.2.0
func (client *ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags, options *ThreatIntelligenceIndicatorClientAppendTagsOptions) (ThreatIntelligenceIndicatorClientAppendTagsResponse, error)
AppendTags - Append tags to a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. name - Threat intelligence indicator name field. threatIntelligenceAppendTags - The threat intelligence append tags request body options - ThreatIntelligenceIndicatorClientAppendTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.AppendTags method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil) _, err = client.AppendTags(ctx, "<resource-group-name>", "<workspace-name>", "<name>", armsecurityinsight.ThreatIntelligenceAppendTags{ ThreatIntelligenceTags: []*string{ to.StringPtr("tag1"), to.StringPtr("tag2")}, }, nil) if err != nil { log.Fatal(err) } }
Output:
func (*ThreatIntelligenceIndicatorClient) Create ¶ added in v0.2.0
func (client *ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody, options *ThreatIntelligenceIndicatorClientCreateOptions) (ThreatIntelligenceIndicatorClientCreateResponse, error)
Create - Update a threat Intelligence indicator. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. name - Threat intelligence indicator name field. threatIntelligenceProperties - Properties of threat intelligence indicators to create and update. options - ThreatIntelligenceIndicatorClientCreateOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Create method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil) res, err := client.Create(ctx, "<resource-group-name>", "<workspace-name>", "<name>", armsecurityinsight.ThreatIntelligenceIndicatorModelForRequestBody{ Kind: armsecurityinsight.ThreatIntelligenceResourceKindEnum("indicator").ToPtr(), Properties: &armsecurityinsight.ThreatIntelligenceIndicatorProperties{ Description: to.StringPtr("<description>"), Confidence: to.Int32Ptr(78), CreatedByRef: to.StringPtr("<created-by-ref>"), DisplayName: to.StringPtr("<display-name>"), ExternalReferences: []*armsecurityinsight.ThreatIntelligenceExternalReference{}, GranularMarkings: []*armsecurityinsight.ThreatIntelligenceGranularMarkingModel{}, KillChainPhases: []*armsecurityinsight.ThreatIntelligenceKillChainPhase{}, Labels: []*string{}, Modified: to.StringPtr("<modified>"), Pattern: to.StringPtr("<pattern>"), PatternType: to.StringPtr("<pattern-type>"), Revoked: to.BoolPtr(false), Source: to.StringPtr("<source>"), ThreatIntelligenceTags: []*string{ to.StringPtr("new schema")}, ThreatTypes: []*string{ to.StringPtr("compromised")}, ValidFrom: to.StringPtr("<valid-from>"), ValidUntil: to.StringPtr("<valid-until>"), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.ThreatIntelligenceIndicatorClientCreateResult) }
Output:
func (*ThreatIntelligenceIndicatorClient) CreateIndicator ¶ added in v0.2.0
func (client *ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody, options *ThreatIntelligenceIndicatorClientCreateIndicatorOptions) (ThreatIntelligenceIndicatorClientCreateIndicatorResponse, error)
CreateIndicator - Create a new threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. threatIntelligenceProperties - Properties of threat intelligence indicators to create and update. options - ThreatIntelligenceIndicatorClientCreateIndicatorOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.CreateIndicator method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil) res, err := client.CreateIndicator(ctx, "<resource-group-name>", "<workspace-name>", armsecurityinsight.ThreatIntelligenceIndicatorModelForRequestBody{ Kind: armsecurityinsight.ThreatIntelligenceResourceKindEnum("indicator").ToPtr(), Properties: &armsecurityinsight.ThreatIntelligenceIndicatorProperties{ Description: to.StringPtr("<description>"), Confidence: to.Int32Ptr(78), CreatedByRef: to.StringPtr("<created-by-ref>"), DisplayName: to.StringPtr("<display-name>"), ExternalReferences: []*armsecurityinsight.ThreatIntelligenceExternalReference{}, GranularMarkings: []*armsecurityinsight.ThreatIntelligenceGranularMarkingModel{}, KillChainPhases: []*armsecurityinsight.ThreatIntelligenceKillChainPhase{}, Labels: []*string{}, Modified: to.StringPtr("<modified>"), Pattern: to.StringPtr("<pattern>"), PatternType: to.StringPtr("<pattern-type>"), Revoked: to.BoolPtr(false), Source: to.StringPtr("<source>"), ThreatIntelligenceTags: []*string{ to.StringPtr("new schema")}, ThreatTypes: []*string{ to.StringPtr("compromised")}, ValidFrom: to.StringPtr("<valid-from>"), ValidUntil: to.StringPtr("<valid-until>"), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.ThreatIntelligenceIndicatorClientCreateIndicatorResult) }
Output:
func (*ThreatIntelligenceIndicatorClient) Delete ¶ added in v0.2.0
func (client *ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, name string, options *ThreatIntelligenceIndicatorClientDeleteOptions) (ThreatIntelligenceIndicatorClientDeleteResponse, error)
Delete - Delete a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. name - Threat intelligence indicator name field. options - ThreatIntelligenceIndicatorClientDeleteOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<name>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*ThreatIntelligenceIndicatorClient) Get ¶ added in v0.2.0
func (client *ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, name string, options *ThreatIntelligenceIndicatorClientGetOptions) (ThreatIntelligenceIndicatorClientGetResponse, error)
Get - View a threat intelligence indicator by name. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. name - Threat intelligence indicator name field. options - ThreatIntelligenceIndicatorClientGetOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<name>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.ThreatIntelligenceIndicatorClientGetResult) }
Output:
func (*ThreatIntelligenceIndicatorClient) QueryIndicators ¶ added in v0.2.0
func (client *ThreatIntelligenceIndicatorClient) QueryIndicators(resourceGroupName string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria, options *ThreatIntelligenceIndicatorClientQueryIndicatorsOptions) *ThreatIntelligenceIndicatorClientQueryIndicatorsPager
QueryIndicators - Query threat intelligence indicators as per filtering criteria. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. threatIntelligenceFilteringCriteria - Filtering criteria for querying threat intelligence indicators. options - ThreatIntelligenceIndicatorClientQueryIndicatorsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.QueryIndicators method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil) pager := client.QueryIndicators("<resource-group-name>", "<workspace-name>", armsecurityinsight.ThreatIntelligenceFilteringCriteria{ MaxConfidence: to.Int32Ptr(80), MaxValidUntil: to.StringPtr("<max-valid-until>"), MinConfidence: to.Int32Ptr(25), MinValidUntil: to.StringPtr("<min-valid-until>"), PageSize: to.Int32Ptr(100), SortBy: []*armsecurityinsight.ThreatIntelligenceSortingCriteria{ { ItemKey: to.StringPtr("<item-key>"), SortOrder: armsecurityinsight.ThreatIntelligenceSortingCriteriaEnum("descending").ToPtr(), }}, Sources: []*string{ to.StringPtr("Azure Sentinel")}, }, nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
func (*ThreatIntelligenceIndicatorClient) ReplaceTags ¶ added in v0.2.0
func (client *ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody, options *ThreatIntelligenceIndicatorClientReplaceTagsOptions) (ThreatIntelligenceIndicatorClientReplaceTagsResponse, error)
ReplaceTags - Replace tags added to a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. name - Threat intelligence indicator name field. threatIntelligenceReplaceTags - Tags in the threat intelligence indicator to be replaced. options - ThreatIntelligenceIndicatorClientReplaceTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.ReplaceTags method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil) res, err := client.ReplaceTags(ctx, "<resource-group-name>", "<workspace-name>", "<name>", armsecurityinsight.ThreatIntelligenceIndicatorModelForRequestBody{ Kind: armsecurityinsight.ThreatIntelligenceResourceKindEnum("indicator").ToPtr(), Etag: to.StringPtr("<etag>"), Properties: &armsecurityinsight.ThreatIntelligenceIndicatorProperties{ ThreatIntelligenceTags: []*string{ to.StringPtr("patching tags")}, }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.ThreatIntelligenceIndicatorClientReplaceTagsResult) }
Output:
type ThreatIntelligenceIndicatorClientAppendTagsOptions ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientAppendTagsOptions struct { }
ThreatIntelligenceIndicatorClientAppendTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.AppendTags method.
type ThreatIntelligenceIndicatorClientAppendTagsResponse ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientAppendTagsResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ThreatIntelligenceIndicatorClientAppendTagsResponse contains the response from method ThreatIntelligenceIndicatorClient.AppendTags.
type ThreatIntelligenceIndicatorClientCreateIndicatorOptions ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientCreateIndicatorOptions struct { }
ThreatIntelligenceIndicatorClientCreateIndicatorOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.CreateIndicator method.
type ThreatIntelligenceIndicatorClientCreateIndicatorResponse ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientCreateIndicatorResponse struct { ThreatIntelligenceIndicatorClientCreateIndicatorResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ThreatIntelligenceIndicatorClientCreateIndicatorResponse contains the response from method ThreatIntelligenceIndicatorClient.CreateIndicator.
type ThreatIntelligenceIndicatorClientCreateIndicatorResult ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientCreateIndicatorResult struct {
ThreatIntelligenceInformation
}
ThreatIntelligenceIndicatorClientCreateIndicatorResult contains the result from method ThreatIntelligenceIndicatorClient.CreateIndicator.
type ThreatIntelligenceIndicatorClientCreateOptions ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientCreateOptions struct { }
ThreatIntelligenceIndicatorClientCreateOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Create method.
type ThreatIntelligenceIndicatorClientCreateResponse ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientCreateResponse struct { ThreatIntelligenceIndicatorClientCreateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ThreatIntelligenceIndicatorClientCreateResponse contains the response from method ThreatIntelligenceIndicatorClient.Create.
type ThreatIntelligenceIndicatorClientCreateResult ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientCreateResult struct {
ThreatIntelligenceInformation
}
ThreatIntelligenceIndicatorClientCreateResult contains the result from method ThreatIntelligenceIndicatorClient.Create.
type ThreatIntelligenceIndicatorClientDeleteOptions ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientDeleteOptions struct { }
ThreatIntelligenceIndicatorClientDeleteOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Delete method.
type ThreatIntelligenceIndicatorClientDeleteResponse ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ThreatIntelligenceIndicatorClientDeleteResponse contains the response from method ThreatIntelligenceIndicatorClient.Delete.
type ThreatIntelligenceIndicatorClientGetOptions ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientGetOptions struct { }
ThreatIntelligenceIndicatorClientGetOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Get method.
type ThreatIntelligenceIndicatorClientGetResponse ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientGetResponse struct { ThreatIntelligenceIndicatorClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ThreatIntelligenceIndicatorClientGetResponse contains the response from method ThreatIntelligenceIndicatorClient.Get.
type ThreatIntelligenceIndicatorClientGetResult ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientGetResult struct {
ThreatIntelligenceInformation
}
ThreatIntelligenceIndicatorClientGetResult contains the result from method ThreatIntelligenceIndicatorClient.Get.
type ThreatIntelligenceIndicatorClientQueryIndicatorsOptions ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientQueryIndicatorsOptions struct { }
ThreatIntelligenceIndicatorClientQueryIndicatorsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.QueryIndicators method.
type ThreatIntelligenceIndicatorClientQueryIndicatorsPager ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientQueryIndicatorsPager struct {
// contains filtered or unexported fields
}
ThreatIntelligenceIndicatorClientQueryIndicatorsPager provides operations for iterating over paged responses.
func (*ThreatIntelligenceIndicatorClientQueryIndicatorsPager) Err ¶ added in v0.2.0
func (p *ThreatIntelligenceIndicatorClientQueryIndicatorsPager) Err() error
Err returns the last error encountered while paging.
func (*ThreatIntelligenceIndicatorClientQueryIndicatorsPager) NextPage ¶ added in v0.2.0
func (p *ThreatIntelligenceIndicatorClientQueryIndicatorsPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*ThreatIntelligenceIndicatorClientQueryIndicatorsPager) PageResponse ¶ added in v0.2.0
func (p *ThreatIntelligenceIndicatorClientQueryIndicatorsPager) PageResponse() ThreatIntelligenceIndicatorClientQueryIndicatorsResponse
PageResponse returns the current ThreatIntelligenceIndicatorClientQueryIndicatorsResponse page.
type ThreatIntelligenceIndicatorClientQueryIndicatorsResponse ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientQueryIndicatorsResponse struct { ThreatIntelligenceIndicatorClientQueryIndicatorsResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ThreatIntelligenceIndicatorClientQueryIndicatorsResponse contains the response from method ThreatIntelligenceIndicatorClient.QueryIndicators.
type ThreatIntelligenceIndicatorClientQueryIndicatorsResult ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientQueryIndicatorsResult struct {
ThreatIntelligenceInformationList
}
ThreatIntelligenceIndicatorClientQueryIndicatorsResult contains the result from method ThreatIntelligenceIndicatorClient.QueryIndicators.
type ThreatIntelligenceIndicatorClientReplaceTagsOptions ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientReplaceTagsOptions struct { }
ThreatIntelligenceIndicatorClientReplaceTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.ReplaceTags method.
type ThreatIntelligenceIndicatorClientReplaceTagsResponse ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientReplaceTagsResponse struct { ThreatIntelligenceIndicatorClientReplaceTagsResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ThreatIntelligenceIndicatorClientReplaceTagsResponse contains the response from method ThreatIntelligenceIndicatorClient.ReplaceTags.
type ThreatIntelligenceIndicatorClientReplaceTagsResult ¶ added in v0.2.0
type ThreatIntelligenceIndicatorClientReplaceTagsResult struct {
ThreatIntelligenceInformation
}
ThreatIntelligenceIndicatorClientReplaceTagsResult contains the result from method ThreatIntelligenceIndicatorClient.ReplaceTags.
type ThreatIntelligenceIndicatorMetricsClient ¶ added in v0.2.0
type ThreatIntelligenceIndicatorMetricsClient struct {
// contains filtered or unexported fields
}
ThreatIntelligenceIndicatorMetricsClient contains the methods for the ThreatIntelligenceIndicatorMetrics group. Don't use this type directly, use NewThreatIntelligenceIndicatorMetricsClient() instead.
func NewThreatIntelligenceIndicatorMetricsClient ¶ added in v0.2.0
func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *ThreatIntelligenceIndicatorMetricsClient
NewThreatIntelligenceIndicatorMetricsClient creates a new instance of ThreatIntelligenceIndicatorMetricsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*ThreatIntelligenceIndicatorMetricsClient) List ¶ added in v0.2.0
func (client *ThreatIntelligenceIndicatorMetricsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *ThreatIntelligenceIndicatorMetricsClientListOptions) (ThreatIntelligenceIndicatorMetricsClientListResponse, error)
List - Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - ThreatIntelligenceIndicatorMetricsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorMetricsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewThreatIntelligenceIndicatorMetricsClient("<subscription-id>", cred, nil) res, err := client.List(ctx, "<resource-group-name>", "<workspace-name>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.ThreatIntelligenceIndicatorMetricsClientListResult) }
Output:
type ThreatIntelligenceIndicatorMetricsClientListOptions ¶ added in v0.2.0
type ThreatIntelligenceIndicatorMetricsClientListOptions struct { }
ThreatIntelligenceIndicatorMetricsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorMetricsClient.List method.
type ThreatIntelligenceIndicatorMetricsClientListResponse ¶ added in v0.2.0
type ThreatIntelligenceIndicatorMetricsClientListResponse struct { ThreatIntelligenceIndicatorMetricsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ThreatIntelligenceIndicatorMetricsClientListResponse contains the response from method ThreatIntelligenceIndicatorMetricsClient.List.
type ThreatIntelligenceIndicatorMetricsClientListResult ¶ added in v0.2.0
type ThreatIntelligenceIndicatorMetricsClientListResult struct {
ThreatIntelligenceMetricsList
}
ThreatIntelligenceIndicatorMetricsClientListResult contains the result from method ThreatIntelligenceIndicatorMetricsClient.List.
type ThreatIntelligenceIndicatorModel ¶ added in v0.2.0
type ThreatIntelligenceIndicatorModel struct { // REQUIRED; The kind of the entity. Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Threat Intelligence Entity properties Properties *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ThreatIntelligenceIndicatorModel - Threat intelligence indicator entity.
func (ThreatIntelligenceIndicatorModel) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorModel.
func (*ThreatIntelligenceIndicatorModel) UnmarshalJSON ¶ added in v0.2.0
func (t *ThreatIntelligenceIndicatorModel) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorModel.
type ThreatIntelligenceIndicatorModelForRequestBody ¶ added in v0.2.0
type ThreatIntelligenceIndicatorModelForRequestBody struct { // REQUIRED; The kind of the entity. Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Threat Intelligence Entity properties Properties *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"` }
ThreatIntelligenceIndicatorModelForRequestBody - Threat intelligence indicator entity used in request body.
type ThreatIntelligenceIndicatorProperties ¶ added in v0.2.0
type ThreatIntelligenceIndicatorProperties struct { // Confidence of threat intelligence entity Confidence *int32 `json:"confidence,omitempty"` // Created by Created *string `json:"created,omitempty"` // Created by reference of threat intelligence entity CreatedByRef *string `json:"createdByRef,omitempty"` // Is threat intelligence entity defanged Defanged *bool `json:"defanged,omitempty"` // Description of a threat intelligence entity Description *string `json:"description,omitempty"` // Display name of a threat intelligence entity DisplayName *string `json:"displayName,omitempty"` // Extensions map Extensions map[string]interface{} `json:"extensions,omitempty"` // External ID of threat intelligence entity ExternalID *string `json:"externalId,omitempty"` // External last updated time in UTC ExternalLastUpdatedTimeUTC *string `json:"externalLastUpdatedTimeUtc,omitempty"` // External References ExternalReferences []*ThreatIntelligenceExternalReference `json:"externalReferences,omitempty"` // Granular Markings GranularMarkings []*ThreatIntelligenceGranularMarkingModel `json:"granularMarkings,omitempty"` // Indicator types of threat intelligence entities IndicatorTypes []*string `json:"indicatorTypes,omitempty"` // Kill chain phases KillChainPhases []*ThreatIntelligenceKillChainPhase `json:"killChainPhases,omitempty"` // Labels of threat intelligence entity Labels []*string `json:"labels,omitempty"` // Language of threat intelligence entity Language *string `json:"language,omitempty"` // Last updated time in UTC LastUpdatedTimeUTC *string `json:"lastUpdatedTimeUtc,omitempty"` // Modified by Modified *string `json:"modified,omitempty"` // Threat intelligence entity object marking references ObjectMarkingRefs []*string `json:"objectMarkingRefs,omitempty"` // Parsed patterns ParsedPattern []*ThreatIntelligenceParsedPattern `json:"parsedPattern,omitempty"` // Pattern of a threat intelligence entity Pattern *string `json:"pattern,omitempty"` // Pattern type of a threat intelligence entity PatternType *string `json:"patternType,omitempty"` // Pattern version of a threat intelligence entity PatternVersion *string `json:"patternVersion,omitempty"` // Is threat intelligence entity revoked Revoked *bool `json:"revoked,omitempty"` // Source of a threat intelligence entity Source *string `json:"source,omitempty"` // List of tags ThreatIntelligenceTags []*string `json:"threatIntelligenceTags,omitempty"` // Threat types ThreatTypes []*string `json:"threatTypes,omitempty"` // Valid from ValidFrom *string `json:"validFrom,omitempty"` // Valid until ValidUntil *string `json:"validUntil,omitempty"` // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` }
ThreatIntelligenceIndicatorProperties - Describes threat intelligence entity properties
func (ThreatIntelligenceIndicatorProperties) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorProperties.
type ThreatIntelligenceIndicatorsClient ¶ added in v0.2.0
type ThreatIntelligenceIndicatorsClient struct {
// contains filtered or unexported fields
}
ThreatIntelligenceIndicatorsClient contains the methods for the ThreatIntelligenceIndicators group. Don't use this type directly, use NewThreatIntelligenceIndicatorsClient() instead.
func NewThreatIntelligenceIndicatorsClient ¶ added in v0.2.0
func NewThreatIntelligenceIndicatorsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *ThreatIntelligenceIndicatorsClient
NewThreatIntelligenceIndicatorsClient creates a new instance of ThreatIntelligenceIndicatorsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*ThreatIntelligenceIndicatorsClient) List ¶ added in v0.2.0
func (client *ThreatIntelligenceIndicatorsClient) List(resourceGroupName string, workspaceName string, options *ThreatIntelligenceIndicatorsClientListOptions) *ThreatIntelligenceIndicatorsClientListPager
List - Get all threat intelligence indicators. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - ThreatIntelligenceIndicatorsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewThreatIntelligenceIndicatorsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", &armsecurityinsight.ThreatIntelligenceIndicatorsClientListOptions{Filter: nil, Orderby: nil, Top: nil, SkipToken: nil, }) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type ThreatIntelligenceIndicatorsClientListOptions ¶ added in v0.2.0
type ThreatIntelligenceIndicatorsClientListOptions struct { // Filters the results, based on a Boolean condition. Optional. Filter *string // Sorts the results. Optional. Orderby *string // Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, // the value of the nextLink element will include a skiptoken parameter that // specifies a starting point to use for subsequent calls. Optional. SkipToken *string // Returns only the first n results. Optional. Top *int32 }
ThreatIntelligenceIndicatorsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorsClient.List method.
type ThreatIntelligenceIndicatorsClientListPager ¶ added in v0.2.0
type ThreatIntelligenceIndicatorsClientListPager struct {
// contains filtered or unexported fields
}
ThreatIntelligenceIndicatorsClientListPager provides operations for iterating over paged responses.
func (*ThreatIntelligenceIndicatorsClientListPager) Err ¶ added in v0.2.0
func (p *ThreatIntelligenceIndicatorsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*ThreatIntelligenceIndicatorsClientListPager) NextPage ¶ added in v0.2.0
func (p *ThreatIntelligenceIndicatorsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*ThreatIntelligenceIndicatorsClientListPager) PageResponse ¶ added in v0.2.0
func (p *ThreatIntelligenceIndicatorsClientListPager) PageResponse() ThreatIntelligenceIndicatorsClientListResponse
PageResponse returns the current ThreatIntelligenceIndicatorsClientListResponse page.
type ThreatIntelligenceIndicatorsClientListResponse ¶ added in v0.2.0
type ThreatIntelligenceIndicatorsClientListResponse struct { ThreatIntelligenceIndicatorsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
ThreatIntelligenceIndicatorsClientListResponse contains the response from method ThreatIntelligenceIndicatorsClient.List.
type ThreatIntelligenceIndicatorsClientListResult ¶ added in v0.2.0
type ThreatIntelligenceIndicatorsClientListResult struct {
ThreatIntelligenceInformationList
}
ThreatIntelligenceIndicatorsClientListResult contains the result from method ThreatIntelligenceIndicatorsClient.List.
type ThreatIntelligenceInformation ¶ added in v0.2.0
type ThreatIntelligenceInformation struct { // REQUIRED; The kind of the entity. Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
ThreatIntelligenceInformation - Threat intelligence information object.
type ThreatIntelligenceInformationList ¶ added in v0.2.0
type ThreatIntelligenceInformationList struct { // REQUIRED; Array of threat intelligence information objects. Value []*ThreatIntelligenceInformation `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of information objects. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
ThreatIntelligenceInformationList - List of all the threat intelligence information objects.
func (ThreatIntelligenceInformationList) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceInformationList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceInformationList.
type ThreatIntelligenceKillChainPhase ¶ added in v0.2.0
type ThreatIntelligenceKillChainPhase struct { // Kill chainName name KillChainName *string `json:"killChainName,omitempty"` // Phase name PhaseName *string `json:"phaseName,omitempty"` }
ThreatIntelligenceKillChainPhase - Describes threat kill chain phase entity
type ThreatIntelligenceMetric ¶ added in v0.2.0
type ThreatIntelligenceMetric struct { // Last updated indicator metric LastUpdatedTimeUTC *string `json:"lastUpdatedTimeUtc,omitempty"` // Pattern type metrics PatternTypeMetrics []*ThreatIntelligenceMetricEntity `json:"patternTypeMetrics,omitempty"` // Source metrics SourceMetrics []*ThreatIntelligenceMetricEntity `json:"sourceMetrics,omitempty"` // Threat type metrics ThreatTypeMetrics []*ThreatIntelligenceMetricEntity `json:"threatTypeMetrics,omitempty"` }
ThreatIntelligenceMetric - Describes threat intelligence metric
func (ThreatIntelligenceMetric) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceMetric) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetric.
type ThreatIntelligenceMetricEntity ¶ added in v0.2.0
type ThreatIntelligenceMetricEntity struct { // Metric name MetricName *string `json:"metricName,omitempty"` // Metric value MetricValue *int32 `json:"metricValue,omitempty"` }
ThreatIntelligenceMetricEntity - Describes threat intelligence metric entity
type ThreatIntelligenceMetrics ¶ added in v0.2.0
type ThreatIntelligenceMetrics struct { // Threat intelligence metrics. Properties *ThreatIntelligenceMetric `json:"properties,omitempty"` }
ThreatIntelligenceMetrics - Threat intelligence metrics.
type ThreatIntelligenceMetricsList ¶ added in v0.2.0
type ThreatIntelligenceMetricsList struct { // REQUIRED; Array of threat intelligence metric fields (type/threat type/source). Value []*ThreatIntelligenceMetrics `json:"value,omitempty"` }
ThreatIntelligenceMetricsList - List of all the threat intelligence metric fields (type/threat type/source).
func (ThreatIntelligenceMetricsList) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceMetricsList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetricsList.
type ThreatIntelligenceParsedPattern ¶ added in v0.2.0
type ThreatIntelligenceParsedPattern struct { // Pattern type key PatternTypeKey *string `json:"patternTypeKey,omitempty"` // Pattern type keys PatternTypeValues []*ThreatIntelligenceParsedPatternTypeValue `json:"patternTypeValues,omitempty"` }
ThreatIntelligenceParsedPattern - Describes parsed pattern entity
func (ThreatIntelligenceParsedPattern) MarshalJSON ¶ added in v0.2.0
func (t ThreatIntelligenceParsedPattern) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceParsedPattern.
type ThreatIntelligenceParsedPatternTypeValue ¶ added in v0.2.0
type ThreatIntelligenceParsedPatternTypeValue struct { // Value of parsed pattern Value *string `json:"value,omitempty"` // Type of the value ValueType *string `json:"valueType,omitempty"` }
ThreatIntelligenceParsedPatternTypeValue - Describes threat kill chain phase entity
type ThreatIntelligenceResourceKind ¶ added in v0.2.0
type ThreatIntelligenceResourceKind struct { // REQUIRED; The kind of the entity. Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"` }
ThreatIntelligenceResourceKind - Describes an entity with kind.
type ThreatIntelligenceResourceKindEnum ¶ added in v0.2.0
type ThreatIntelligenceResourceKindEnum string
ThreatIntelligenceResourceKindEnum - The kind of the threat intelligence entity
const ( // ThreatIntelligenceResourceKindEnumIndicator - Entity represents threat intelligence indicator in the system. ThreatIntelligenceResourceKindEnumIndicator ThreatIntelligenceResourceKindEnum = "indicator" )
func PossibleThreatIntelligenceResourceKindEnumValues ¶ added in v0.2.0
func PossibleThreatIntelligenceResourceKindEnumValues() []ThreatIntelligenceResourceKindEnum
PossibleThreatIntelligenceResourceKindEnumValues returns the possible values for the ThreatIntelligenceResourceKindEnum const type.
func (ThreatIntelligenceResourceKindEnum) ToPtr ¶ added in v0.2.0
func (c ThreatIntelligenceResourceKindEnum) ToPtr() *ThreatIntelligenceResourceKindEnum
ToPtr returns a *ThreatIntelligenceResourceKindEnum pointing to the current value.
type ThreatIntelligenceSortingCriteria ¶ added in v0.2.0
type ThreatIntelligenceSortingCriteria struct { // Column name ItemKey *string `json:"itemKey,omitempty"` // Sorting order (ascending/descending/unsorted). SortOrder *ThreatIntelligenceSortingCriteriaEnum `json:"sortOrder,omitempty"` }
ThreatIntelligenceSortingCriteria - List of available columns for sorting
type ThreatIntelligenceSortingCriteriaEnum ¶ added in v0.2.0
type ThreatIntelligenceSortingCriteriaEnum string
ThreatIntelligenceSortingCriteriaEnum - Sorting order (ascending/descending/unsorted).
const ( ThreatIntelligenceSortingCriteriaEnumAscending ThreatIntelligenceSortingCriteriaEnum = "ascending" ThreatIntelligenceSortingCriteriaEnumDescending ThreatIntelligenceSortingCriteriaEnum = "descending" ThreatIntelligenceSortingCriteriaEnumUnsorted ThreatIntelligenceSortingCriteriaEnum = "unsorted" )
func PossibleThreatIntelligenceSortingCriteriaEnumValues ¶ added in v0.2.0
func PossibleThreatIntelligenceSortingCriteriaEnumValues() []ThreatIntelligenceSortingCriteriaEnum
PossibleThreatIntelligenceSortingCriteriaEnumValues returns the possible values for the ThreatIntelligenceSortingCriteriaEnum const type.
func (ThreatIntelligenceSortingCriteriaEnum) ToPtr ¶ added in v0.2.0
func (c ThreatIntelligenceSortingCriteriaEnum) ToPtr() *ThreatIntelligenceSortingCriteriaEnum
ToPtr returns a *ThreatIntelligenceSortingCriteriaEnum pointing to the current value.
type TiTaxiiCheckRequirements ¶ added in v0.2.0
type TiTaxiiCheckRequirements struct { // REQUIRED; Describes the kind of connector to be checked. Kind *DataConnectorKind `json:"kind,omitempty"` // Threat Intelligence TAXII check required properties. Properties *TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"` }
TiTaxiiCheckRequirements - Threat Intelligence TAXII data connector check requirements
func (*TiTaxiiCheckRequirements) GetDataConnectorsCheckRequirements ¶ added in v0.2.0
func (t *TiTaxiiCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type TiTaxiiCheckRequirements.
func (TiTaxiiCheckRequirements) MarshalJSON ¶ added in v0.2.0
func (t TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type TiTaxiiCheckRequirements.
func (*TiTaxiiCheckRequirements) UnmarshalJSON ¶ added in v0.2.0
func (t *TiTaxiiCheckRequirements) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiCheckRequirements.
type TiTaxiiCheckRequirementsProperties ¶ added in v0.2.0
type TiTaxiiCheckRequirementsProperties struct { // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII data connector required properties.
type TiTaxiiDataConnector ¶ added in v0.2.0
type TiTaxiiDataConnector struct { // REQUIRED; The data connector kind Kind *DataConnectorKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Threat intelligence TAXII data connector properties. Properties *TiTaxiiDataConnectorProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
TiTaxiiDataConnector - Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server
func (*TiTaxiiDataConnector) GetDataConnector ¶ added in v0.2.0
func (t *TiTaxiiDataConnector) GetDataConnector() *DataConnector
GetDataConnector implements the DataConnectorClassification interface for type TiTaxiiDataConnector.
func (TiTaxiiDataConnector) MarshalJSON ¶ added in v0.2.0
func (t TiTaxiiDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnector.
func (*TiTaxiiDataConnector) UnmarshalJSON ¶ added in v0.2.0
func (t *TiTaxiiDataConnector) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnector.
type TiTaxiiDataConnectorDataTypes ¶ added in v0.2.0
type TiTaxiiDataConnectorDataTypes struct { // REQUIRED; Data type for TAXII connector. TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"` }
TiTaxiiDataConnectorDataTypes - The available data types for Threat Intelligence TAXII data connector.
type TiTaxiiDataConnectorDataTypesTaxiiClient ¶ added in v0.2.0
type TiTaxiiDataConnectorDataTypesTaxiiClient struct { // REQUIRED; Describe whether this data type connection is enabled or not. State *DataTypeState `json:"state,omitempty"` }
TiTaxiiDataConnectorDataTypesTaxiiClient - Data type for TAXII connector.
type TiTaxiiDataConnectorProperties ¶ added in v0.2.0
type TiTaxiiDataConnectorProperties struct { // REQUIRED; The available data types for Threat Intelligence TAXII data connector. DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"` // REQUIRED; The polling frequency for the TAXII server. PollingFrequency *PollingFrequency `json:"pollingFrequency,omitempty"` // REQUIRED; The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // The collection id of the TAXII server. CollectionID *string `json:"collectionId,omitempty"` // The friendly name for the TAXII server. FriendlyName *string `json:"friendlyName,omitempty"` // The password for the TAXII server. Password *string `json:"password,omitempty"` // The lookback period for the TAXII server. TaxiiLookbackPeriod *time.Time `json:"taxiiLookbackPeriod,omitempty"` // The API root for the TAXII server. TaxiiServer *string `json:"taxiiServer,omitempty"` // The userName for the TAXII server. UserName *string `json:"userName,omitempty"` // The workspace id. WorkspaceID *string `json:"workspaceId,omitempty"` }
TiTaxiiDataConnectorProperties - Threat Intelligence TAXII data connector properties.
func (TiTaxiiDataConnectorProperties) MarshalJSON ¶ added in v0.2.0
func (t TiTaxiiDataConnectorProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnectorProperties.
func (*TiTaxiiDataConnectorProperties) UnmarshalJSON ¶ added in v0.2.0
func (t *TiTaxiiDataConnectorProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnectorProperties.
type TimelineAggregation ¶ added in v0.2.0
type TimelineAggregation struct { // REQUIRED; the total items found for a kind Count *int32 `json:"count,omitempty"` // REQUIRED; the query kind Kind *EntityTimelineKind `json:"kind,omitempty"` }
TimelineAggregation - timeline aggregation information per kind
type TimelineError ¶ added in v0.2.0
type TimelineError struct { // REQUIRED; the error message ErrorMessage *string `json:"errorMessage,omitempty"` // REQUIRED; the query kind Kind *EntityTimelineKind `json:"kind,omitempty"` // the query id QueryID *string `json:"queryId,omitempty"` }
TimelineError - Timeline Query Errors.
type TimelineResultsMetadata ¶ added in v0.2.0
type TimelineResultsMetadata struct { // REQUIRED; timeline aggregation per kind Aggregations []*TimelineAggregation `json:"aggregations,omitempty"` // REQUIRED; the total items found for the timeline request TotalCount *int32 `json:"totalCount,omitempty"` // information about the failure queries Errors []*TimelineError `json:"errors,omitempty"` }
TimelineResultsMetadata - Expansion result metadata.
func (TimelineResultsMetadata) MarshalJSON ¶ added in v0.2.0
func (t TimelineResultsMetadata) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type TimelineResultsMetadata.
type TriggerOperator ¶
type TriggerOperator string
TriggerOperator - The operation against the threshold that triggers alert rule.
const ( TriggerOperatorGreaterThan TriggerOperator = "GreaterThan" TriggerOperatorLessThan TriggerOperator = "LessThan" TriggerOperatorEqual TriggerOperator = "Equal" TriggerOperatorNotEqual TriggerOperator = "NotEqual" )
func PossibleTriggerOperatorValues ¶
func PossibleTriggerOperatorValues() []TriggerOperator
PossibleTriggerOperatorValues returns the possible values for the TriggerOperator const type.
func (TriggerOperator) ToPtr ¶
func (c TriggerOperator) ToPtr() *TriggerOperator
ToPtr returns a *TriggerOperator pointing to the current value.
type TriggersOn ¶ added in v0.2.0
type TriggersOn string
TriggersOn - The type of object the automation rule triggers on
const ( // TriggersOnIncidents - Trigger on Incidents TriggersOnIncidents TriggersOn = "Incidents" )
func PossibleTriggersOnValues ¶ added in v0.2.0
func PossibleTriggersOnValues() []TriggersOn
PossibleTriggersOnValues returns the possible values for the TriggersOn const type.
func (TriggersOn) ToPtr ¶ added in v0.2.0
func (c TriggersOn) ToPtr() *TriggersOn
ToPtr returns a *TriggersOn pointing to the current value.
type TriggersWhen ¶ added in v0.2.0
type TriggersWhen string
TriggersWhen - The type of event the automation rule triggers on
const ( // TriggersWhenCreated - Trigger on created objects TriggersWhenCreated TriggersWhen = "Created" )
func PossibleTriggersWhenValues ¶ added in v0.2.0
func PossibleTriggersWhenValues() []TriggersWhen
PossibleTriggersWhenValues returns the possible values for the TriggersWhen const type.
func (TriggersWhen) ToPtr ¶ added in v0.2.0
func (c TriggersWhen) ToPtr() *TriggersWhen
ToPtr returns a *TriggersWhen pointing to the current value.
type URLEntity ¶ added in v0.2.0
type URLEntity struct { // REQUIRED; The kind of the entity. Kind *EntityKind `json:"kind,omitempty"` // Url entity properties Properties *URLEntityProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
URLEntity - Represents a url entity.
func (*URLEntity) GetEntity ¶ added in v0.2.0
GetEntity implements the EntityClassification interface for type URLEntity.
func (URLEntity) MarshalJSON ¶ added in v0.2.0
MarshalJSON implements the json.Marshaller interface for type URLEntity.
func (*URLEntity) UnmarshalJSON ¶ added in v0.2.0
UnmarshalJSON implements the json.Unmarshaller interface for type URLEntity.
type URLEntityProperties ¶ added in v0.2.0
type URLEntityProperties struct { // READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"` // READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property // is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"` // READ-ONLY; A full URL the entity points to URL *string `json:"url,omitempty" azure:"ro"` }
URLEntityProperties - Url entity property bag.
func (URLEntityProperties) MarshalJSON ¶ added in v0.2.0
func (u URLEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type URLEntityProperties.
type Ueba ¶ added in v0.2.0
type Ueba struct { // REQUIRED; The kind of the setting Kind *SettingKind `json:"kind,omitempty"` // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Ueba properties Properties *UebaProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
Ueba - Settings with single toggle.
func (*Ueba) GetSettings ¶ added in v0.2.0
GetSettings implements the SettingsClassification interface for type Ueba.
func (Ueba) MarshalJSON ¶ added in v0.2.0
MarshalJSON implements the json.Marshaller interface for type Ueba.
func (*Ueba) UnmarshalJSON ¶ added in v0.2.0
UnmarshalJSON implements the json.Unmarshaller interface for type Ueba.
type UebaDataSources ¶ added in v0.2.0
type UebaDataSources string
UebaDataSources - The data source that enriched by ueba.
const ( UebaDataSourcesAuditLogs UebaDataSources = "AuditLogs" UebaDataSourcesAzureActivity UebaDataSources = "AzureActivity" UebaDataSourcesSecurityEvent UebaDataSources = "SecurityEvent" UebaDataSourcesSigninLogs UebaDataSources = "SigninLogs" )
func PossibleUebaDataSourcesValues ¶ added in v0.2.0
func PossibleUebaDataSourcesValues() []UebaDataSources
PossibleUebaDataSourcesValues returns the possible values for the UebaDataSources const type.
func (UebaDataSources) ToPtr ¶ added in v0.2.0
func (c UebaDataSources) ToPtr() *UebaDataSources
ToPtr returns a *UebaDataSources pointing to the current value.
type UebaProperties ¶ added in v0.2.0
type UebaProperties struct { // The relevant data sources that enriched by ueba DataSources []*UebaDataSources `json:"dataSources,omitempty"` }
UebaProperties - Ueba property bag.
func (UebaProperties) MarshalJSON ¶ added in v0.2.0
func (u UebaProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type UebaProperties.
type UserInfo ¶
type UserInfo struct { // The object id of the user. ObjectID *string `json:"objectId,omitempty"` // READ-ONLY; The email of the user. Email *string `json:"email,omitempty" azure:"ro"` // READ-ONLY; The name of the user. Name *string `json:"name,omitempty" azure:"ro"` }
UserInfo - User information that made some action
type Watchlist ¶ added in v0.2.0
type Watchlist struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Watchlist properties Properties *WatchlistProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
Watchlist - Represents a Watchlist in Azure Security Insights.
type WatchlistItem ¶ added in v0.2.0
type WatchlistItem struct { // Etag of the azure resource Etag *string `json:"etag,omitempty"` // Watchlist Item properties Properties *WatchlistItemProperties `json:"properties,omitempty"` // READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} ID *string `json:"id,omitempty" azure:"ro"` // READ-ONLY; The name of the resource Name *string `json:"name,omitempty" azure:"ro"` // READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData *SystemData `json:"systemData,omitempty" azure:"ro"` // READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" Type *string `json:"type,omitempty" azure:"ro"` }
WatchlistItem - Represents a Watchlist item in Azure Security Insights.
type WatchlistItemList ¶ added in v0.2.0
type WatchlistItemList struct { // REQUIRED; Array of watchlist items. Value []*WatchlistItem `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of watchlist item. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
WatchlistItemList - List all the watchlist items.
func (WatchlistItemList) MarshalJSON ¶ added in v0.2.0
func (w WatchlistItemList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type WatchlistItemList.
type WatchlistItemProperties ¶ added in v0.2.0
type WatchlistItemProperties struct { // REQUIRED; key-value pairs for a watchlist item ItemsKeyValue map[string]interface{} `json:"itemsKeyValue,omitempty"` // The time the watchlist item was created Created *time.Time `json:"created,omitempty"` // Describes a user that created the watchlist item CreatedBy *UserInfo `json:"createdBy,omitempty"` // key-value pairs for a watchlist item entity mapping EntityMapping map[string]interface{} `json:"entityMapping,omitempty"` // A flag that indicates if the watchlist item is deleted or not IsDeleted *bool `json:"isDeleted,omitempty"` // The tenantId to which the watchlist item belongs to TenantID *string `json:"tenantId,omitempty"` // The last time the watchlist item was updated Updated *time.Time `json:"updated,omitempty"` // Describes a user that updated the watchlist item UpdatedBy *UserInfo `json:"updatedBy,omitempty"` // The id (a Guid) of the watchlist item WatchlistItemID *string `json:"watchlistItemId,omitempty"` // The type of the watchlist item WatchlistItemType *string `json:"watchlistItemType,omitempty"` }
WatchlistItemProperties - Describes watchlist item properties
func (WatchlistItemProperties) MarshalJSON ¶ added in v0.2.0
func (w WatchlistItemProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type WatchlistItemProperties.
func (*WatchlistItemProperties) UnmarshalJSON ¶ added in v0.2.0
func (w *WatchlistItemProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistItemProperties.
type WatchlistItemsClient ¶ added in v0.2.0
type WatchlistItemsClient struct {
// contains filtered or unexported fields
}
WatchlistItemsClient contains the methods for the WatchlistItems group. Don't use this type directly, use NewWatchlistItemsClient() instead.
func NewWatchlistItemsClient ¶ added in v0.2.0
func NewWatchlistItemsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *WatchlistItemsClient
NewWatchlistItemsClient creates a new instance of WatchlistItemsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*WatchlistItemsClient) CreateOrUpdate ¶ added in v0.2.0
func (client *WatchlistItemsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, watchlistItem WatchlistItem, options *WatchlistItemsClientCreateOrUpdateOptions) (WatchlistItemsClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates a watchlist item. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias watchlistItemID - Watchlist Item Id (GUID) watchlistItem - The watchlist item options - WatchlistItemsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistItemsClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/CreateWatchlistItem.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewWatchlistItemsClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<watchlist-alias>", "<watchlist-item-id>", armsecurityinsight.WatchlistItem{ Etag: to.StringPtr("<etag>"), Properties: &armsecurityinsight.WatchlistItemProperties{ ItemsKeyValue: map[string]interface{}{ "Business tier": "10.0.2.0/24", "Data tier": "10.0.2.0/24", "Gateway subnet": "10.0.255.224/27", "Private DMZ in": "10.0.0.0/27", "Public DMZ out": "10.0.0.96/27", "Web Tier": "10.0.1.0/24", }, }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.WatchlistItemsClientCreateOrUpdateResult) }
Output:
func (*WatchlistItemsClient) Delete ¶ added in v0.2.0
func (client *WatchlistItemsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientDeleteOptions) (WatchlistItemsClientDeleteResponse, error)
Delete - Delete a watchlist item. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias watchlistItemID - Watchlist Item Id (GUID) options - WatchlistItemsClientDeleteOptions contains the optional parameters for the WatchlistItemsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/DeleteWatchlistItem.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewWatchlistItemsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<watchlist-alias>", "<watchlist-item-id>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*WatchlistItemsClient) Get ¶ added in v0.2.0
func (client *WatchlistItemsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientGetOptions) (WatchlistItemsClientGetResponse, error)
Get - Gets a watchlist, without its watchlist items. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias watchlistItemID - Watchlist Item Id (GUID) options - WatchlistItemsClientGetOptions contains the optional parameters for the WatchlistItemsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlistItemById.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewWatchlistItemsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<watchlist-alias>", "<watchlist-item-id>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.WatchlistItemsClientGetResult) }
Output:
func (*WatchlistItemsClient) List ¶ added in v0.2.0
func (client *WatchlistItemsClient) List(resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistItemsClientListOptions) *WatchlistItemsClientListPager
List - Gets all watchlist Items. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias options - WatchlistItemsClientListOptions contains the optional parameters for the WatchlistItemsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlistItems.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewWatchlistItemsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", "<watchlist-alias>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type WatchlistItemsClientCreateOrUpdateOptions ¶ added in v0.2.0
type WatchlistItemsClientCreateOrUpdateOptions struct { }
WatchlistItemsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistItemsClient.CreateOrUpdate method.
type WatchlistItemsClientCreateOrUpdateResponse ¶ added in v0.2.0
type WatchlistItemsClientCreateOrUpdateResponse struct { WatchlistItemsClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
WatchlistItemsClientCreateOrUpdateResponse contains the response from method WatchlistItemsClient.CreateOrUpdate.
type WatchlistItemsClientCreateOrUpdateResult ¶ added in v0.2.0
type WatchlistItemsClientCreateOrUpdateResult struct {
WatchlistItem
}
WatchlistItemsClientCreateOrUpdateResult contains the result from method WatchlistItemsClient.CreateOrUpdate.
type WatchlistItemsClientDeleteOptions ¶ added in v0.2.0
type WatchlistItemsClientDeleteOptions struct { }
WatchlistItemsClientDeleteOptions contains the optional parameters for the WatchlistItemsClient.Delete method.
type WatchlistItemsClientDeleteResponse ¶ added in v0.2.0
type WatchlistItemsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
WatchlistItemsClientDeleteResponse contains the response from method WatchlistItemsClient.Delete.
type WatchlistItemsClientGetOptions ¶ added in v0.2.0
type WatchlistItemsClientGetOptions struct { }
WatchlistItemsClientGetOptions contains the optional parameters for the WatchlistItemsClient.Get method.
type WatchlistItemsClientGetResponse ¶ added in v0.2.0
type WatchlistItemsClientGetResponse struct { WatchlistItemsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
WatchlistItemsClientGetResponse contains the response from method WatchlistItemsClient.Get.
type WatchlistItemsClientGetResult ¶ added in v0.2.0
type WatchlistItemsClientGetResult struct {
WatchlistItem
}
WatchlistItemsClientGetResult contains the result from method WatchlistItemsClient.Get.
type WatchlistItemsClientListOptions ¶ added in v0.2.0
type WatchlistItemsClientListOptions struct { }
WatchlistItemsClientListOptions contains the optional parameters for the WatchlistItemsClient.List method.
type WatchlistItemsClientListPager ¶ added in v0.2.0
type WatchlistItemsClientListPager struct {
// contains filtered or unexported fields
}
WatchlistItemsClientListPager provides operations for iterating over paged responses.
func (*WatchlistItemsClientListPager) Err ¶ added in v0.2.0
func (p *WatchlistItemsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*WatchlistItemsClientListPager) NextPage ¶ added in v0.2.0
func (p *WatchlistItemsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*WatchlistItemsClientListPager) PageResponse ¶ added in v0.2.0
func (p *WatchlistItemsClientListPager) PageResponse() WatchlistItemsClientListResponse
PageResponse returns the current WatchlistItemsClientListResponse page.
type WatchlistItemsClientListResponse ¶ added in v0.2.0
type WatchlistItemsClientListResponse struct { WatchlistItemsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
WatchlistItemsClientListResponse contains the response from method WatchlistItemsClient.List.
type WatchlistItemsClientListResult ¶ added in v0.2.0
type WatchlistItemsClientListResult struct {
WatchlistItemList
}
WatchlistItemsClientListResult contains the result from method WatchlistItemsClient.List.
type WatchlistList ¶ added in v0.2.0
type WatchlistList struct { // REQUIRED; Array of watchlist. Value []*Watchlist `json:"value,omitempty"` // READ-ONLY; URL to fetch the next set of watchlists. NextLink *string `json:"nextLink,omitempty" azure:"ro"` }
WatchlistList - List all the watchlists.
func (WatchlistList) MarshalJSON ¶ added in v0.2.0
func (w WatchlistList) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type WatchlistList.
type WatchlistProperties ¶ added in v0.2.0
type WatchlistProperties struct { // REQUIRED; The display name of the watchlist DisplayName *string `json:"displayName,omitempty"` // REQUIRED; The search key is used to optimize query performance when using watchlists for joins with other data. For example, // enable a column with IP addresses to be the designated SearchKey field, then use this // field as the key field when joining to other event data by IP address. ItemsSearchKey *string `json:"itemsSearchKey,omitempty"` // REQUIRED; The provider of the watchlist Provider *string `json:"provider,omitempty"` // REQUIRED; The source of the watchlist Source *Source `json:"source,omitempty"` // The content type of the raw content. Example : text/csv or text/tsv ContentType *string `json:"contentType,omitempty"` // The time the watchlist was created Created *time.Time `json:"created,omitempty"` // Describes a user that created the watchlist CreatedBy *UserInfo `json:"createdBy,omitempty"` // The default duration of a watchlist (in ISO 8601 duration format) DefaultDuration *string `json:"defaultDuration,omitempty"` // A description of the watchlist Description *string `json:"description,omitempty"` // A flag that indicates if the watchlist is deleted or not IsDeleted *bool `json:"isDeleted,omitempty"` // List of labels relevant to this watchlist Labels []*string `json:"labels,omitempty"` // The number of lines in a csv/tsv content to skip before the header NumberOfLinesToSkip *int32 `json:"numberOfLinesToSkip,omitempty"` // The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the // file that will parsed by the endpoint RawContent *string `json:"rawContent,omitempty"` // The tenantId where the watchlist belongs to TenantID *string `json:"tenantId,omitempty"` // The last time the watchlist was updated Updated *time.Time `json:"updated,omitempty"` // Describes a user that updated the watchlist UpdatedBy *UserInfo `json:"updatedBy,omitempty"` // The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to // InProgress, the Watchlist cannot be deleted UploadStatus *string `json:"uploadStatus,omitempty"` // The alias of the watchlist WatchlistAlias *string `json:"watchlistAlias,omitempty"` // The id (a Guid) of the watchlist WatchlistID *string `json:"watchlistId,omitempty"` // The number of Watchlist Items in the Watchlist WatchlistItemsCount *int32 `json:"watchlistItemsCount,omitempty"` // The type of the watchlist WatchlistType *string `json:"watchlistType,omitempty"` }
WatchlistProperties - Describes watchlist properties
func (WatchlistProperties) MarshalJSON ¶ added in v0.2.0
func (w WatchlistProperties) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaller interface for type WatchlistProperties.
func (*WatchlistProperties) UnmarshalJSON ¶ added in v0.2.0
func (w *WatchlistProperties) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistProperties.
type WatchlistsClient ¶ added in v0.2.0
type WatchlistsClient struct {
// contains filtered or unexported fields
}
WatchlistsClient contains the methods for the Watchlists group. Don't use this type directly, use NewWatchlistsClient() instead.
func NewWatchlistsClient ¶ added in v0.2.0
func NewWatchlistsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *WatchlistsClient
NewWatchlistsClient creates a new instance of WatchlistsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.
func (*WatchlistsClient) CreateOrUpdate ¶ added in v0.2.0
func (client *WatchlistsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist, options *WatchlistsClientCreateOrUpdateOptions) (WatchlistsClientCreateOrUpdateResponse, error)
CreateOrUpdate - Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its items, we should call this endpoint with rawContent and contentType properties. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias watchlist - The watchlist options - WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewWatchlistsClient("<subscription-id>", cred, nil) res, err := client.CreateOrUpdate(ctx, "<resource-group-name>", "<workspace-name>", "<watchlist-alias>", armsecurityinsight.Watchlist{ Etag: to.StringPtr("<etag>"), Properties: &armsecurityinsight.WatchlistProperties{ Description: to.StringPtr("<description>"), ContentType: to.StringPtr("<content-type>"), DisplayName: to.StringPtr("<display-name>"), ItemsSearchKey: to.StringPtr("<items-search-key>"), NumberOfLinesToSkip: to.Int32Ptr(1), Provider: to.StringPtr("<provider>"), RawContent: to.StringPtr("<raw-content>"), Source: armsecurityinsight.Source("Local file").ToPtr(), }, }, nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.WatchlistsClientCreateOrUpdateResult) }
Output:
func (*WatchlistsClient) Delete ¶ added in v0.2.0
func (client *WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientDeleteOptions) (WatchlistsClientDeleteResponse, error)
Delete - Delete a watchlist. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias options - WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/DeleteWatchlist.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewWatchlistsClient("<subscription-id>", cred, nil) _, err = client.Delete(ctx, "<resource-group-name>", "<workspace-name>", "<watchlist-alias>", nil) if err != nil { log.Fatal(err) } }
Output:
func (*WatchlistsClient) Get ¶ added in v0.2.0
func (client *WatchlistsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientGetOptions) (WatchlistsClientGetResponse, error)
Get - Gets a watchlist, without its watchlist items. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias options - WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlistByAlias.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewWatchlistsClient("<subscription-id>", cred, nil) res, err := client.Get(ctx, "<resource-group-name>", "<workspace-name>", "<watchlist-alias>", nil) if err != nil { log.Fatal(err) } log.Printf("Response result: %#v\n", res.WatchlistsClientGetResult) }
Output:
func (*WatchlistsClient) List ¶ added in v0.2.0
func (client *WatchlistsClient) List(resourceGroupName string, workspaceName string, options *WatchlistsClientListOptions) *WatchlistsClientListPager
List - Gets all watchlists, without watchlist items. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - WatchlistsClientListOptions contains the optional parameters for the WatchlistsClient.List method.
Example ¶
x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlists.json
package main import ( "context" "log" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight" ) func main() { cred, err := azidentity.NewDefaultAzureCredential(nil) if err != nil { log.Fatalf("failed to obtain a credential: %v", err) } ctx := context.Background() client := armsecurityinsight.NewWatchlistsClient("<subscription-id>", cred, nil) pager := client.List("<resource-group-name>", "<workspace-name>", nil) for { nextResult := pager.NextPage(ctx) if err := pager.Err(); err != nil { log.Fatalf("failed to advance page: %v", err) } if !nextResult { break } for _, v := range pager.PageResponse().Value { log.Printf("Pager result: %#v\n", v) } } }
Output:
type WatchlistsClientCreateOrUpdateOptions ¶ added in v0.2.0
type WatchlistsClientCreateOrUpdateOptions struct { }
WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate method.
type WatchlistsClientCreateOrUpdateResponse ¶ added in v0.2.0
type WatchlistsClientCreateOrUpdateResponse struct { WatchlistsClientCreateOrUpdateResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
WatchlistsClientCreateOrUpdateResponse contains the response from method WatchlistsClient.CreateOrUpdate.
type WatchlistsClientCreateOrUpdateResult ¶ added in v0.2.0
type WatchlistsClientCreateOrUpdateResult struct {
Watchlist
}
WatchlistsClientCreateOrUpdateResult contains the result from method WatchlistsClient.CreateOrUpdate.
type WatchlistsClientDeleteOptions ¶ added in v0.2.0
type WatchlistsClientDeleteOptions struct { }
WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method.
type WatchlistsClientDeleteResponse ¶ added in v0.2.0
type WatchlistsClientDeleteResponse struct { // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
WatchlistsClientDeleteResponse contains the response from method WatchlistsClient.Delete.
type WatchlistsClientGetOptions ¶ added in v0.2.0
type WatchlistsClientGetOptions struct { }
WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method.
type WatchlistsClientGetResponse ¶ added in v0.2.0
type WatchlistsClientGetResponse struct { WatchlistsClientGetResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
WatchlistsClientGetResponse contains the response from method WatchlistsClient.Get.
type WatchlistsClientGetResult ¶ added in v0.2.0
type WatchlistsClientGetResult struct {
Watchlist
}
WatchlistsClientGetResult contains the result from method WatchlistsClient.Get.
type WatchlistsClientListOptions ¶ added in v0.2.0
type WatchlistsClientListOptions struct { }
WatchlistsClientListOptions contains the optional parameters for the WatchlistsClient.List method.
type WatchlistsClientListPager ¶ added in v0.2.0
type WatchlistsClientListPager struct {
// contains filtered or unexported fields
}
WatchlistsClientListPager provides operations for iterating over paged responses.
func (*WatchlistsClientListPager) Err ¶ added in v0.2.0
func (p *WatchlistsClientListPager) Err() error
Err returns the last error encountered while paging.
func (*WatchlistsClientListPager) NextPage ¶ added in v0.2.0
func (p *WatchlistsClientListPager) NextPage(ctx context.Context) bool
NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.
func (*WatchlistsClientListPager) PageResponse ¶ added in v0.2.0
func (p *WatchlistsClientListPager) PageResponse() WatchlistsClientListResponse
PageResponse returns the current WatchlistsClientListResponse page.
type WatchlistsClientListResponse ¶ added in v0.2.0
type WatchlistsClientListResponse struct { WatchlistsClientListResult // RawResponse contains the underlying HTTP response. RawResponse *http.Response }
WatchlistsClientListResponse contains the response from method WatchlistsClient.List.
type WatchlistsClientListResult ¶ added in v0.2.0
type WatchlistsClientListResult struct {
WatchlistList
}
WatchlistsClientListResult contains the result from method WatchlistsClient.List.
Source Files ¶
- build.go
- zz_generated_actions_client.go
- zz_generated_alertrules_client.go
- zz_generated_alertruletemplates_client.go
- zz_generated_automationrules_client.go
- zz_generated_bookmark_client.go
- zz_generated_bookmarkrelations_client.go
- zz_generated_bookmarks_client.go
- zz_generated_constants.go
- zz_generated_dataconnectors_client.go
- zz_generated_dataconnectorscheckrequirements_client.go
- zz_generated_date_type.go
- zz_generated_domainwhois_client.go
- zz_generated_entities_client.go
- zz_generated_entitiesgettimeline_client.go
- zz_generated_entitiesrelations_client.go
- zz_generated_entityqueries_client.go
- zz_generated_entityquerytemplates_client.go
- zz_generated_entityrelations_client.go
- zz_generated_incidentcomments_client.go
- zz_generated_incidentrelations_client.go
- zz_generated_incidents_client.go
- zz_generated_ipgeodata_client.go
- zz_generated_metadata_client.go
- zz_generated_models.go
- zz_generated_officeconsents_client.go
- zz_generated_operations_client.go
- zz_generated_pagers.go
- zz_generated_polymorphic_helpers.go
- zz_generated_productsettings_client.go
- zz_generated_response_types.go
- zz_generated_sentinelonboardingstates_client.go
- zz_generated_sourcecontrol_client.go
- zz_generated_sourcecontrols_client.go
- zz_generated_threatintelligenceindicator_client.go
- zz_generated_threatintelligenceindicatormetrics_client.go
- zz_generated_threatintelligenceindicators_client.go
- zz_generated_time_rfc3339.go
- zz_generated_watchlistitems_client.go
- zz_generated_watchlists_client.go