armsecurityinsight

package module
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2022 License: MIT Imports: 16 Imported by: 0

README

Azure Security Insight Module for Go

PkgGoDev

The armsecurityinsight module provides operations for working with Azure Security Insight.

Source code

Getting started

Prerequisites

Install the package

This project uses Go modules for versioning and dependency management.

Install the Azure Security Insight module:

go get github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight

Authorization

When creating a client, you will need to provide a credential for authenticating with Azure Security Insight. The azidentity module provides facilities for various ways of authenticating with Azure including client/secret, certificate, managed identity, and more.

cred, err := azidentity.NewDefaultAzureCredential(nil)

For more information on authentication, please see the documentation for azidentity at pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity.

Clients

Azure Security Insight modules consist of one or more clients. A client groups a set of related APIs, providing access to its functionality within the specified subscription. Create one or more clients to access the APIs you require using your credential.

client := armsecurityinsight.NewActionsClient(<subscription ID>, cred, nil)

You can use ClientOptions in package github.com/Azure/azure-sdk-for-go/sdk/azcore/arm to set endpoint to connect with public and sovereign clouds as well as Azure Stack. For more information, please see the documentation for azcore at pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azcore.

options = arm.ClientOptions{
    Host: arm.AzureChina,
}
client := armsecurityinsight.NewActionsClient(<subscription ID>, cred, &options)

Provide Feedback

If you encounter bugs or have suggestions, please open an issue and assign the Security Insight label.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AADCheckRequirements added in v0.2.0 

type AADCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// AAD (Azure Active Directory) requirements check properties.
	Properties *AADCheckRequirementsProperties `json:"properties,omitempty"`
}

AADCheckRequirements - Represents AAD (Azure Active Directory) requirements check request.

func (*AADCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (a *AADCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AADCheckRequirements.

func (AADCheckRequirements) MarshalJSON added in v0.2.0 

func (a AADCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AADCheckRequirements.

func (*AADCheckRequirements) UnmarshalJSON added in v0.2.0 

func (a *AADCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AADCheckRequirements.

type AADCheckRequirementsProperties added in v0.2.0 

type AADCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties.

type AADDataConnector 

type AADDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// AAD (Azure Active Directory) data connector properties.
	Properties *AADDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AADDataConnector - Represents AAD (Azure Active Directory) data connector.

func (*AADDataConnector) GetDataConnector added in v0.2.0 

func (a *AADDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AADDataConnector.

func (AADDataConnector) MarshalJSON 

func (a AADDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AADDataConnector.

func (*AADDataConnector) UnmarshalJSON 

func (a *AADDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AADDataConnector.

type AADDataConnectorProperties 

type AADDataConnectorProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties.

type AATPCheckRequirements added in v0.2.0 

type AATPCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// AATP (Azure Advanced Threat Protection) requirements check properties.
	Properties *AATPCheckRequirementsProperties `json:"properties,omitempty"`
}

AATPCheckRequirements - Represents AATP (Azure Advanced Threat Protection) requirements check request.

func (*AATPCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (a *AATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AATPCheckRequirements.

func (AATPCheckRequirements) MarshalJSON added in v0.2.0 

func (a AATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AATPCheckRequirements.

func (*AATPCheckRequirements) UnmarshalJSON added in v0.2.0 

func (a *AATPCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AATPCheckRequirements.

type AATPCheckRequirementsProperties added in v0.2.0 

type AATPCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties.

type AATPDataConnector 

type AATPDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// AATP (Azure Advanced Threat Protection) data connector properties.
	Properties *AATPDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AATPDataConnector - Represents AATP (Azure Advanced Threat Protection) data connector.

func (*AATPDataConnector) GetDataConnector added in v0.2.0 

func (a *AATPDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AATPDataConnector.

func (AATPDataConnector) MarshalJSON 

func (a AATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AATPDataConnector.

func (*AATPDataConnector) UnmarshalJSON 

func (a *AATPDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AATPDataConnector.

type AATPDataConnectorProperties 

type AATPDataConnectorProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties.

type APIPollingParameters added in v0.2.0 

type APIPollingParameters struct {
	// Config to describe the instructions blade
	ConnectorUIConfig *CodelessUIConnectorConfigProperties `json:"connectorUiConfig,omitempty"`

	// Config to describe the polling instructions
	PollingConfig *CodelessConnectorPollingConfigProperties `json:"pollingConfig,omitempty"`
}

APIPollingParameters - Represents Codeless API Polling data connector

type ASCCheckRequirements added in v0.2.0 

type ASCCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// ASC (Azure Security Center) requirements check properties.
	Properties *ASCCheckRequirementsProperties `json:"properties,omitempty"`
}

ASCCheckRequirements - Represents ASC (Azure Security Center) requirements check request.

func (*ASCCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (a *ASCCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type ASCCheckRequirements.

func (ASCCheckRequirements) MarshalJSON added in v0.2.0 

func (a ASCCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ASCCheckRequirements.

func (*ASCCheckRequirements) UnmarshalJSON added in v0.2.0 

func (a *ASCCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ASCCheckRequirements.

type ASCCheckRequirementsProperties added in v0.2.0 

type ASCCheckRequirementsProperties struct {
	// The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
}

ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties.

type ASCDataConnector 

type ASCDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// ASC (Azure Security Center) data connector properties.
	Properties *ASCDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ASCDataConnector - Represents ASC (Azure Security Center) data connector.

func (*ASCDataConnector) GetDataConnector added in v0.2.0 

func (a *ASCDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type ASCDataConnector.

func (ASCDataConnector) MarshalJSON 

func (a ASCDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ASCDataConnector.

func (*ASCDataConnector) UnmarshalJSON 

func (a *ASCDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ASCDataConnector.

type ASCDataConnectorProperties 

type ASCDataConnectorProperties struct {
	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`

	// The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
}

ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties.

type AccountEntity added in v0.2.0 

type AccountEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Account entity properties
	Properties *AccountEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AccountEntity - Represents an account entity.

func (*AccountEntity) GetEntity added in v0.2.0 

func (a *AccountEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type AccountEntity.

func (AccountEntity) MarshalJSON added in v0.2.0 

func (a AccountEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AccountEntity.

func (*AccountEntity) UnmarshalJSON added in v0.2.0 

func (a *AccountEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AccountEntity.

type AccountEntityProperties added in v0.2.0 

type AccountEntityProperties struct {
	// READ-ONLY; The Azure Active Directory tenant id.
	AADTenantID *string `json:"aadTenantId,omitempty" azure:"ro"`

	// READ-ONLY; The Azure Active Directory user id.
	AADUserID *string `json:"aadUserId,omitempty" azure:"ro"`

	// READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.
	AccountName *string `json:"accountName,omitempty" azure:"ro"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The fully qualified domain DNS name.
	DNSDomain *string `json:"dnsDomain,omitempty" azure:"ro"`

	// READ-ONLY; The display name of the account.
	DisplayName *string `json:"displayName,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined)
	HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"`

	// READ-ONLY; Determines whether this is a domain account.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty" azure:"ro"`

	// READ-ONLY; The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY.
	NtDomain *string `json:"ntDomain,omitempty" azure:"ro"`

	// READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned
	// by active directory.
	ObjectGUID *string `json:"objectGuid,omitempty" azure:"ro"`

	// READ-ONLY; The Azure Active Directory Passport User ID.
	Puid *string `json:"puid,omitempty" azure:"ro"`

	// READ-ONLY; The account security identifier, e.g. S-1-5-18.
	Sid *string `json:"sid,omitempty" azure:"ro"`

	// READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.
	UpnSuffix *string `json:"upnSuffix,omitempty" azure:"ro"`
}

AccountEntityProperties - Account entity property bag.

func (AccountEntityProperties) MarshalJSON added in v0.2.0 

func (a AccountEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AccountEntityProperties.

type ActionPropertiesBase 

type ActionPropertiesBase struct {
	// REQUIRED; Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionPropertiesBase - Action property bag base.

type ActionRequest 

type ActionRequest struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Action properties for put request
	Properties *ActionRequestProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ActionRequest - Action for alert rule.

type ActionRequestProperties 

type ActionRequestProperties struct {
	// REQUIRED; Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`

	// REQUIRED; Logic App Callback URL for this specific workflow.
	TriggerURI *string `json:"triggerUri,omitempty"`
}

ActionRequestProperties - Action property bag.

type ActionResponse 

type ActionResponse struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Action properties for get request
	Properties *ActionResponseProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ActionResponse - Action for alert rule.

type ActionResponseProperties 

type ActionResponseProperties struct {
	// REQUIRED; Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`

	// The name of the logic app's workflow.
	WorkflowID *string `json:"workflowId,omitempty"`
}

ActionResponseProperties - Action property bag.

type ActionsClient 

type ActionsClient struct {
	// contains filtered or unexported fields
}

ActionsClient contains the methods for the Actions group. Don't use this type directly, use NewActionsClient() instead.

func NewActionsClient 

func NewActionsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *ActionsClient

NewActionsClient creates a new instance of ActionsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*ActionsClient) CreateOrUpdate 

func (client *ActionsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest, options *ActionsClientCreateOrUpdateOptions) (ActionsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the action of alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID actionID - Action ID action - The action options - ActionsClientCreateOrUpdateOptions contains the optional parameters for the ActionsClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/CreateActionOfAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewActionsClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<rule-id>",
		"<action-id>",
		armsecurityinsight.ActionRequest{
			Etag: to.StringPtr("<etag>"),
			Properties: &armsecurityinsight.ActionRequestProperties{
				LogicAppResourceID: to.StringPtr("<logic-app-resource-id>"),
				TriggerURI:         to.StringPtr("<trigger-uri>"),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.ActionsClientCreateOrUpdateResult)
}

Output:

func (*ActionsClient) Delete 

func (client *ActionsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, options *ActionsClientDeleteOptions) (ActionsClientDeleteResponse, error)

Delete - Delete the action of alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID actionID - Action ID options - ActionsClientDeleteOptions contains the optional parameters for the ActionsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/DeleteActionOfAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewActionsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<rule-id>",
		"<action-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*ActionsClient) Get 

func (client *ActionsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, options *ActionsClientGetOptions) (ActionsClientGetResponse, error)

Get - Gets the action of alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID actionID - Action ID options - ActionsClientGetOptions contains the optional parameters for the ActionsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/GetActionOfAlertRuleById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewActionsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<rule-id>",
		"<action-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.ActionsClientGetResult)
}

Output:

func (*ActionsClient) ListByAlertRule 

func (client *ActionsClient) ListByAlertRule(resourceGroupName string, workspaceName string, ruleID string, options *ActionsClientListByAlertRuleOptions) *ActionsClientListByAlertRulePager

ListByAlertRule - Gets all actions of alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID options - ActionsClientListByAlertRuleOptions contains the optional parameters for the ActionsClient.ListByAlertRule method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/actions/GetAllActionsByAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewActionsClient("<subscription-id>", cred, nil)
	pager := client.ListByAlertRule("<resource-group-name>",
		"<workspace-name>",
		"<rule-id>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type ActionsClientCreateOrUpdateOptions added in v0.2.0 

type ActionsClientCreateOrUpdateOptions struct {
}

ActionsClientCreateOrUpdateOptions contains the optional parameters for the ActionsClient.CreateOrUpdate method.

type ActionsClientCreateOrUpdateResponse added in v0.2.0 

type ActionsClientCreateOrUpdateResponse struct {
	ActionsClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ActionsClientCreateOrUpdateResponse contains the response from method ActionsClient.CreateOrUpdate.

type ActionsClientCreateOrUpdateResult added in v0.2.0 

type ActionsClientCreateOrUpdateResult struct {
	ActionResponse
}

ActionsClientCreateOrUpdateResult contains the result from method ActionsClient.CreateOrUpdate.

type ActionsClientDeleteOptions added in v0.2.0 

type ActionsClientDeleteOptions struct {
}

ActionsClientDeleteOptions contains the optional parameters for the ActionsClient.Delete method.

type ActionsClientDeleteResponse added in v0.2.0 

type ActionsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ActionsClientDeleteResponse contains the response from method ActionsClient.Delete.

type ActionsClientGetOptions added in v0.2.0 

type ActionsClientGetOptions struct {
}

ActionsClientGetOptions contains the optional parameters for the ActionsClient.Get method.

type ActionsClientGetResponse added in v0.2.0 

type ActionsClientGetResponse struct {
	ActionsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ActionsClientGetResponse contains the response from method ActionsClient.Get.

type ActionsClientGetResult added in v0.2.0 

type ActionsClientGetResult struct {
	ActionResponse
}

ActionsClientGetResult contains the result from method ActionsClient.Get.

type ActionsClientListByAlertRuleOptions added in v0.2.0 

type ActionsClientListByAlertRuleOptions struct {
}

ActionsClientListByAlertRuleOptions contains the optional parameters for the ActionsClient.ListByAlertRule method.

type ActionsClientListByAlertRulePager added in v0.2.0 

type ActionsClientListByAlertRulePager struct {
	// contains filtered or unexported fields
}

ActionsClientListByAlertRulePager provides operations for iterating over paged responses.

func (*ActionsClientListByAlertRulePager) Err added in v0.2.0 

func (p *ActionsClientListByAlertRulePager) Err() error

Err returns the last error encountered while paging.

func (*ActionsClientListByAlertRulePager) NextPage added in v0.2.0 

func (p *ActionsClientListByAlertRulePager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*ActionsClientListByAlertRulePager) PageResponse added in v0.2.0 

func (p *ActionsClientListByAlertRulePager) PageResponse() ActionsClientListByAlertRuleResponse

PageResponse returns the current ActionsClientListByAlertRuleResponse page.

type ActionsClientListByAlertRuleResponse added in v0.2.0 

type ActionsClientListByAlertRuleResponse struct {
	ActionsClientListByAlertRuleResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ActionsClientListByAlertRuleResponse contains the response from method ActionsClient.ListByAlertRule.

type ActionsClientListByAlertRuleResult added in v0.2.0 

type ActionsClientListByAlertRuleResult struct {
	ActionsList
}

ActionsClientListByAlertRuleResult contains the result from method ActionsClient.ListByAlertRule.

type ActionsList 

type ActionsList struct {
	// REQUIRED; Array of actions.
	Value []*ActionResponse `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of actions.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

ActionsList - List all the actions.

func (ActionsList) MarshalJSON 

func (a ActionsList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionsList.

type ActivityCustomEntityQuery added in v0.2.0 

type ActivityCustomEntityQuery struct {
	// REQUIRED; the entity query kind
	Kind *CustomEntityQueryKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Activity entity query properties
	Properties *ActivityEntityQueriesProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ActivityCustomEntityQuery - Represents Activity entity query.

func (*ActivityCustomEntityQuery) GetCustomEntityQuery added in v0.2.0 

func (a *ActivityCustomEntityQuery) GetCustomEntityQuery() *CustomEntityQuery

GetCustomEntityQuery implements the CustomEntityQueryClassification interface for type ActivityCustomEntityQuery.

func (ActivityCustomEntityQuery) MarshalJSON added in v0.2.0 

func (a ActivityCustomEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityCustomEntityQuery.

func (*ActivityCustomEntityQuery) UnmarshalJSON added in v0.2.0 

func (a *ActivityCustomEntityQuery) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityCustomEntityQuery.

type ActivityEntityQueriesProperties added in v0.2.0 

type ActivityEntityQueriesProperties struct {
	// The entity query content to display in timeline
	Content *string `json:"content,omitempty"`

	// The entity query description
	Description *string `json:"description,omitempty"`

	// Determines whether this activity is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// The query applied only to entities matching to all filters
	EntitiesFilter map[string][]*string `json:"entitiesFilter,omitempty"`

	// The type of the query's source entity
	InputEntityType *EntityType `json:"inputEntityType,omitempty"`

	// The Activity query definitions
	QueryDefinitions *ActivityEntityQueriesPropertiesQueryDefinitions `json:"queryDefinitions,omitempty"`

	// List of the fields of the source entity that are required to run the query
	RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"`

	// The template id this activity was created from
	TemplateName *string `json:"templateName,omitempty"`

	// The entity query title
	Title *string `json:"title,omitempty"`

	// READ-ONLY; The time the activity was created
	CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; The last time the activity was updated
	LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"`
}

ActivityEntityQueriesProperties - Describes activity entity query properties

func (ActivityEntityQueriesProperties) MarshalJSON added in v0.2.0 

func (a ActivityEntityQueriesProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueriesProperties.

func (*ActivityEntityQueriesProperties) UnmarshalJSON added in v0.2.0 

func (a *ActivityEntityQueriesProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueriesProperties.

type ActivityEntityQueriesPropertiesQueryDefinitions added in v0.2.0 

type ActivityEntityQueriesPropertiesQueryDefinitions struct {
	// The Activity query to run on a given entity
	Query *string `json:"query,omitempty"`
}

ActivityEntityQueriesPropertiesQueryDefinitions - The Activity query definitions

type ActivityEntityQuery added in v0.2.0 

type ActivityEntityQuery struct {
	// REQUIRED; the entity query kind
	Kind *EntityQueryKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Activity entity query properties
	Properties *ActivityEntityQueriesProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ActivityEntityQuery - Represents Activity entity query.

func (*ActivityEntityQuery) GetEntityQuery added in v0.2.0 

func (a *ActivityEntityQuery) GetEntityQuery() *EntityQuery

GetEntityQuery implements the EntityQueryClassification interface for type ActivityEntityQuery.

func (ActivityEntityQuery) MarshalJSON added in v0.2.0 

func (a ActivityEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityEntityQuery.

func (*ActivityEntityQuery) UnmarshalJSON added in v0.2.0 

func (a *ActivityEntityQuery) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQuery.

type ActivityEntityQueryTemplate added in v0.2.0 

type ActivityEntityQueryTemplate struct {
	// REQUIRED; the entity query template kind
	Kind *EntityQueryTemplateKind `json:"kind,omitempty"`

	// Activity entity query properties
	Properties *ActivityEntityQueryTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ActivityEntityQueryTemplate - Represents Activity entity query.

func (*ActivityEntityQueryTemplate) GetEntityQueryTemplate added in v0.2.0 

func (a *ActivityEntityQueryTemplate) GetEntityQueryTemplate() *EntityQueryTemplate

GetEntityQueryTemplate implements the EntityQueryTemplateClassification interface for type ActivityEntityQueryTemplate.

func (ActivityEntityQueryTemplate) MarshalJSON added in v0.2.0 

func (a ActivityEntityQueryTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplate.

func (*ActivityEntityQueryTemplate) UnmarshalJSON added in v0.2.0 

func (a *ActivityEntityQueryTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueryTemplate.

type ActivityEntityQueryTemplateProperties added in v0.2.0 

type ActivityEntityQueryTemplateProperties struct {
	// The entity query content to display in timeline
	Content *string `json:"content,omitempty"`

	// List of required data types for the given entity query template
	DataTypes []*DataTypeDefinitions `json:"dataTypes,omitempty"`

	// The entity query description
	Description *string `json:"description,omitempty"`

	// The query applied only to entities matching to all filters
	EntitiesFilter map[string][]*string `json:"entitiesFilter,omitempty"`

	// The type of the query's source entity
	InputEntityType *EntityType `json:"inputEntityType,omitempty"`

	// The Activity query definitions
	QueryDefinitions *ActivityEntityQueryTemplatePropertiesQueryDefinitions `json:"queryDefinitions,omitempty"`

	// List of the fields of the source entity that are required to run the query
	RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"`

	// The entity query title
	Title *string `json:"title,omitempty"`
}

ActivityEntityQueryTemplateProperties - Describes activity entity query properties

func (ActivityEntityQueryTemplateProperties) MarshalJSON added in v0.2.0 

func (a ActivityEntityQueryTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplateProperties.

type ActivityEntityQueryTemplatePropertiesQueryDefinitions added in v0.2.0 

type ActivityEntityQueryTemplatePropertiesQueryDefinitions struct {
	// The Activity query to run on a given entity
	Query *string `json:"query,omitempty"`

	// The dimensions we want to summarize the timeline results on, this is comma separated list
	SummarizeBy *string `json:"summarizeBy,omitempty"`
}

ActivityEntityQueryTemplatePropertiesQueryDefinitions - The Activity query definitions

type ActivityTimelineItem added in v0.2.0 

type ActivityTimelineItem struct {
	// REQUIRED; The grouping bucket end time.
	BucketEndTimeUTC *time.Time `json:"bucketEndTimeUTC,omitempty"`

	// REQUIRED; The grouping bucket start time.
	BucketStartTimeUTC *time.Time `json:"bucketStartTimeUTC,omitempty"`

	// REQUIRED; The activity timeline content.
	Content *string `json:"content,omitempty"`

	// REQUIRED; The time of the first activity in the grouping bucket.
	FirstActivityTimeUTC *time.Time `json:"firstActivityTimeUTC,omitempty"`

	// REQUIRED; The entity query kind type.
	Kind *EntityTimelineKind `json:"kind,omitempty"`

	// REQUIRED; The time of the last activity in the grouping bucket.
	LastActivityTimeUTC *time.Time `json:"lastActivityTimeUTC,omitempty"`

	// REQUIRED; The activity query id.
	QueryID *string `json:"queryId,omitempty"`

	// REQUIRED; The activity timeline title.
	Title *string `json:"title,omitempty"`
}

ActivityTimelineItem - Represents Activity timeline item.

func (*ActivityTimelineItem) GetEntityTimelineItem added in v0.2.0 

func (a *ActivityTimelineItem) GetEntityTimelineItem() *EntityTimelineItem

GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type ActivityTimelineItem.

func (ActivityTimelineItem) MarshalJSON added in v0.2.0 

func (a ActivityTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityTimelineItem.

func (*ActivityTimelineItem) UnmarshalJSON added in v0.2.0 

func (a *ActivityTimelineItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityTimelineItem.

type AlertDetail added in v0.2.0 

type AlertDetail string

AlertDetail - Alert detail 

const (
	// AlertDetailDisplayName - Alert display name
	AlertDetailDisplayName AlertDetail = "DisplayName"
	// AlertDetailSeverity - Alert severity
	AlertDetailSeverity AlertDetail = "Severity"
)

func PossibleAlertDetailValues added in v0.2.0 

func PossibleAlertDetailValues() []AlertDetail

PossibleAlertDetailValues returns the possible values for the AlertDetail const type.

func (AlertDetail) ToPtr added in v0.2.0 

func (c AlertDetail) ToPtr() *AlertDetail

ToPtr returns a *AlertDetail pointing to the current value.

type AlertDetailsOverride added in v0.2.0 

type AlertDetailsOverride struct {
	// the format containing columns name(s) to override the alert description
	AlertDescriptionFormat *string `json:"alertDescriptionFormat,omitempty"`

	// the format containing columns name(s) to override the alert name
	AlertDisplayNameFormat *string `json:"alertDisplayNameFormat,omitempty"`

	// the column name to take the alert severity from
	AlertSeverityColumnName *string `json:"alertSeverityColumnName,omitempty"`

	// the column name to take the alert tactics from
	AlertTacticsColumnName *string `json:"alertTacticsColumnName,omitempty"`
}

AlertDetailsOverride - Settings for how to dynamically override alert static details

type AlertRule 

type AlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AlertRule - Alert rule.

func (*AlertRule) GetAlertRule 

func (a *AlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type AlertRule.

type AlertRuleClassification 

type AlertRuleClassification interface {
	// GetAlertRule returns the AlertRule content of the underlying type.
	GetAlertRule() *AlertRule
}

AlertRuleClassification provides polymorphic access to related types. Call the interface's GetAlertRule() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AlertRule, *FusionAlertRule, *MLBehaviorAnalyticsAlertRule, *MicrosoftSecurityIncidentCreationAlertRule, *NrtAlertRule, - *ScheduledAlertRule, *ThreatIntelligenceAlertRule

type AlertRuleKind 

type AlertRuleKind string

AlertRuleKind - The kind of the alert rule 

const (
	AlertRuleKindFusion                            AlertRuleKind = "Fusion"
	AlertRuleKindMLBehaviorAnalytics               AlertRuleKind = "MLBehaviorAnalytics"
	AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation"
	AlertRuleKindNRT                               AlertRuleKind = "NRT"
	AlertRuleKindScheduled                         AlertRuleKind = "Scheduled"
	AlertRuleKindThreatIntelligence                AlertRuleKind = "ThreatIntelligence"
)

func PossibleAlertRuleKindValues 

func PossibleAlertRuleKindValues() []AlertRuleKind

PossibleAlertRuleKindValues returns the possible values for the AlertRuleKind const type.

func (AlertRuleKind) ToPtr 

func (c AlertRuleKind) ToPtr() *AlertRuleKind

ToPtr returns a *AlertRuleKind pointing to the current value.

type AlertRuleTemplate 

type AlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AlertRuleTemplate - Alert rule template.

func (*AlertRuleTemplate) GetAlertRuleTemplate 

func (a *AlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type AlertRuleTemplate.

type AlertRuleTemplateClassification 

type AlertRuleTemplateClassification interface {
	// GetAlertRuleTemplate returns the AlertRuleTemplate content of the underlying type.
	GetAlertRuleTemplate() *AlertRuleTemplate
}

AlertRuleTemplateClassification provides polymorphic access to related types. Call the interface's GetAlertRuleTemplate() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AlertRuleTemplate, *FusionAlertRuleTemplate, *MLBehaviorAnalyticsAlertRuleTemplate, *MicrosoftSecurityIncidentCreationAlertRuleTemplate, - *NrtAlertRuleTemplate, *ScheduledAlertRuleTemplate, *ThreatIntelligenceAlertRuleTemplate

type AlertRuleTemplateDataSource 

type AlertRuleTemplateDataSource struct {
	// The connector id that provides the following data types
	ConnectorID *string `json:"connectorId,omitempty"`

	// The data types used by the alert rule template
	DataTypes []*string `json:"dataTypes,omitempty"`
}

AlertRuleTemplateDataSource - alert rule template data sources

func (AlertRuleTemplateDataSource) MarshalJSON 

func (a AlertRuleTemplateDataSource) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplateDataSource.

type AlertRuleTemplatePropertiesBase added in v0.2.0 

type AlertRuleTemplatePropertiesBase struct {
	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

AlertRuleTemplatePropertiesBase - Base alert rule template property bag.

func (AlertRuleTemplatePropertiesBase) MarshalJSON added in v0.2.0 

func (a AlertRuleTemplatePropertiesBase) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplatePropertiesBase.

func (*AlertRuleTemplatePropertiesBase) UnmarshalJSON added in v0.2.0 

func (a *AlertRuleTemplatePropertiesBase) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatePropertiesBase.

type AlertRuleTemplatesClient 

type AlertRuleTemplatesClient struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesClient contains the methods for the AlertRuleTemplates group. Don't use this type directly, use NewAlertRuleTemplatesClient() instead.

func NewAlertRuleTemplatesClient 

func NewAlertRuleTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *AlertRuleTemplatesClient

NewAlertRuleTemplatesClient creates a new instance of AlertRuleTemplatesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*AlertRuleTemplatesClient) Get 

func (client *AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string, options *AlertRuleTemplatesClientGetOptions) (AlertRuleTemplatesClientGetResponse, error)

Get - Gets the alert rule template. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. alertRuleTemplateID - Alert rule template ID options - AlertRuleTemplatesClientGetOptions contains the optional parameters for the AlertRuleTemplatesClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewAlertRuleTemplatesClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<alert-rule-template-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.AlertRuleTemplatesClientGetResult)
}

Output:

func (*AlertRuleTemplatesClient) List 

func (client *AlertRuleTemplatesClient) List(resourceGroupName string, workspaceName string, options *AlertRuleTemplatesClientListOptions) *AlertRuleTemplatesClientListPager

List - Gets all alert rule templates. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - AlertRuleTemplatesClientListOptions contains the optional parameters for the AlertRuleTemplatesClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewAlertRuleTemplatesClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type AlertRuleTemplatesClientGetOptions added in v0.2.0 

type AlertRuleTemplatesClientGetOptions struct {
}

AlertRuleTemplatesClientGetOptions contains the optional parameters for the AlertRuleTemplatesClient.Get method.

type AlertRuleTemplatesClientGetResponse added in v0.2.0 

type AlertRuleTemplatesClientGetResponse struct {
	AlertRuleTemplatesClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

AlertRuleTemplatesClientGetResponse contains the response from method AlertRuleTemplatesClient.Get.

type AlertRuleTemplatesClientGetResult added in v0.2.0 

type AlertRuleTemplatesClientGetResult struct {
	AlertRuleTemplateClassification
}

AlertRuleTemplatesClientGetResult contains the result from method AlertRuleTemplatesClient.Get.

func (*AlertRuleTemplatesClientGetResult) UnmarshalJSON added in v0.2.0 

func (a *AlertRuleTemplatesClientGetResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesClientGetResult.

type AlertRuleTemplatesClientListOptions added in v0.2.0 

type AlertRuleTemplatesClientListOptions struct {
}

AlertRuleTemplatesClientListOptions contains the optional parameters for the AlertRuleTemplatesClient.List method.

type AlertRuleTemplatesClientListPager added in v0.2.0 

type AlertRuleTemplatesClientListPager struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesClientListPager provides operations for iterating over paged responses.

func (*AlertRuleTemplatesClientListPager) Err added in v0.2.0 

func (p *AlertRuleTemplatesClientListPager) Err() error

Err returns the last error encountered while paging.

func (*AlertRuleTemplatesClientListPager) NextPage added in v0.2.0 

func (p *AlertRuleTemplatesClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*AlertRuleTemplatesClientListPager) PageResponse added in v0.2.0 

func (p *AlertRuleTemplatesClientListPager) PageResponse() AlertRuleTemplatesClientListResponse

PageResponse returns the current AlertRuleTemplatesClientListResponse page.

type AlertRuleTemplatesClientListResponse added in v0.2.0 

type AlertRuleTemplatesClientListResponse struct {
	AlertRuleTemplatesClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

AlertRuleTemplatesClientListResponse contains the response from method AlertRuleTemplatesClient.List.

type AlertRuleTemplatesClientListResult added in v0.2.0 

type AlertRuleTemplatesClientListResult struct {
	AlertRuleTemplatesList
}

AlertRuleTemplatesClientListResult contains the result from method AlertRuleTemplatesClient.List.

type AlertRuleTemplatesList 

type AlertRuleTemplatesList struct {
	// REQUIRED; Array of alert rule templates.
	Value []AlertRuleTemplateClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of alert rule templates.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

AlertRuleTemplatesList - List all the alert rule templates.

func (AlertRuleTemplatesList) MarshalJSON 

func (a AlertRuleTemplatesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplatesList.

func (*AlertRuleTemplatesList) UnmarshalJSON 

func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesList.

type AlertRulesClient 

type AlertRulesClient struct {
	// contains filtered or unexported fields
}

AlertRulesClient contains the methods for the AlertRules group. Don't use this type directly, use NewAlertRulesClient() instead.

func NewAlertRulesClient 

func NewAlertRulesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *AlertRulesClient

NewAlertRulesClient creates a new instance of AlertRulesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*AlertRulesClient) CreateOrUpdate 

func (client *AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule AlertRuleClassification, options *AlertRulesClientCreateOrUpdateOptions) (AlertRulesClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID alertRule - The alert rule options - AlertRulesClientCreateOrUpdateOptions contains the optional parameters for the AlertRulesClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/CreateFusionAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewAlertRulesClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<rule-id>",
		&armsecurityinsight.FusionAlertRule{
			Etag: to.StringPtr("<etag>"),
			Kind: armsecurityinsight.AlertRuleKind("Fusion").ToPtr(),
			Properties: &armsecurityinsight.FusionAlertRuleProperties{
				AlertRuleTemplateName: to.StringPtr("<alert-rule-template-name>"),
				Enabled:               to.BoolPtr(true),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.AlertRulesClientCreateOrUpdateResult)
}

Output:

func (*AlertRulesClient) Delete 

func (client *AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, options *AlertRulesClientDeleteOptions) (AlertRulesClientDeleteResponse, error)

Delete - Delete the alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID options - AlertRulesClientDeleteOptions contains the optional parameters for the AlertRulesClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/DeleteAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewAlertRulesClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<rule-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*AlertRulesClient) Get 

func (client *AlertRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, options *AlertRulesClientGetOptions) (AlertRulesClientGetResponse, error)

Get - Gets the alert rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. ruleID - Alert rule ID options - AlertRulesClientGetOptions contains the optional parameters for the AlertRulesClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/GetFusionAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewAlertRulesClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<rule-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.AlertRulesClientGetResult)
}

Output:

func (*AlertRulesClient) List 

func (client *AlertRulesClient) List(resourceGroupName string, workspaceName string, options *AlertRulesClientListOptions) *AlertRulesClientListPager

List - Gets all alert rules. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - AlertRulesClientListOptions contains the optional parameters for the AlertRulesClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/alertRules/GetAllAlertRules.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewAlertRulesClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type AlertRulesClientCreateOrUpdateOptions added in v0.2.0 

type AlertRulesClientCreateOrUpdateOptions struct {
}

AlertRulesClientCreateOrUpdateOptions contains the optional parameters for the AlertRulesClient.CreateOrUpdate method.

type AlertRulesClientCreateOrUpdateResponse added in v0.2.0 

type AlertRulesClientCreateOrUpdateResponse struct {
	AlertRulesClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

AlertRulesClientCreateOrUpdateResponse contains the response from method AlertRulesClient.CreateOrUpdate.

type AlertRulesClientCreateOrUpdateResult added in v0.2.0 

type AlertRulesClientCreateOrUpdateResult struct {
	AlertRuleClassification
}

AlertRulesClientCreateOrUpdateResult contains the result from method AlertRulesClient.CreateOrUpdate.

func (*AlertRulesClientCreateOrUpdateResult) UnmarshalJSON added in v0.2.0 

func (a *AlertRulesClientCreateOrUpdateResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesClientCreateOrUpdateResult.

type AlertRulesClientDeleteOptions added in v0.2.0 

type AlertRulesClientDeleteOptions struct {
}

AlertRulesClientDeleteOptions contains the optional parameters for the AlertRulesClient.Delete method.

type AlertRulesClientDeleteResponse added in v0.2.0 

type AlertRulesClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

AlertRulesClientDeleteResponse contains the response from method AlertRulesClient.Delete.

type AlertRulesClientGetOptions added in v0.2.0 

type AlertRulesClientGetOptions struct {
}

AlertRulesClientGetOptions contains the optional parameters for the AlertRulesClient.Get method.

type AlertRulesClientGetResponse added in v0.2.0 

type AlertRulesClientGetResponse struct {
	AlertRulesClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

AlertRulesClientGetResponse contains the response from method AlertRulesClient.Get.

type AlertRulesClientGetResult added in v0.2.0 

type AlertRulesClientGetResult struct {
	AlertRuleClassification
}

AlertRulesClientGetResult contains the result from method AlertRulesClient.Get.

func (*AlertRulesClientGetResult) UnmarshalJSON added in v0.2.0 

func (a *AlertRulesClientGetResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesClientGetResult.

type AlertRulesClientListOptions added in v0.2.0 

type AlertRulesClientListOptions struct {
}

AlertRulesClientListOptions contains the optional parameters for the AlertRulesClient.List method.

type AlertRulesClientListPager added in v0.2.0 

type AlertRulesClientListPager struct {
	// contains filtered or unexported fields
}

AlertRulesClientListPager provides operations for iterating over paged responses.

func (*AlertRulesClientListPager) Err added in v0.2.0 

func (p *AlertRulesClientListPager) Err() error

Err returns the last error encountered while paging.

func (*AlertRulesClientListPager) NextPage added in v0.2.0 

func (p *AlertRulesClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*AlertRulesClientListPager) PageResponse added in v0.2.0 

func (p *AlertRulesClientListPager) PageResponse() AlertRulesClientListResponse

PageResponse returns the current AlertRulesClientListResponse page.

type AlertRulesClientListResponse added in v0.2.0 

type AlertRulesClientListResponse struct {
	AlertRulesClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

AlertRulesClientListResponse contains the response from method AlertRulesClient.List.

type AlertRulesClientListResult added in v0.2.0 

type AlertRulesClientListResult struct {
	AlertRulesList
}

AlertRulesClientListResult contains the result from method AlertRulesClient.List.

type AlertRulesList 

type AlertRulesList struct {
	// REQUIRED; Array of alert rules.
	Value []AlertRuleClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of alert rules.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

AlertRulesList - List all the alert rules.

func (AlertRulesList) MarshalJSON 

func (a AlertRulesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRulesList.

func (*AlertRulesList) UnmarshalJSON 

func (a *AlertRulesList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesList.

type AlertSeverity 

type AlertSeverity string

AlertSeverity - The severity of the alert 

const (
	// AlertSeverityHigh - High severity
	AlertSeverityHigh AlertSeverity = "High"
	// AlertSeverityInformational - Informational severity
	AlertSeverityInformational AlertSeverity = "Informational"
	// AlertSeverityLow - Low severity
	AlertSeverityLow AlertSeverity = "Low"
	// AlertSeverityMedium - Medium severity
	AlertSeverityMedium AlertSeverity = "Medium"
)

func PossibleAlertSeverityValues 

func PossibleAlertSeverityValues() []AlertSeverity

PossibleAlertSeverityValues returns the possible values for the AlertSeverity const type.

func (AlertSeverity) ToPtr 

func (c AlertSeverity) ToPtr() *AlertSeverity

ToPtr returns a *AlertSeverity pointing to the current value.

type AlertStatus added in v0.2.0 

type AlertStatus string

AlertStatus - The lifecycle status of the alert. 

const (
	// AlertStatusDismissed - Alert dismissed as false positive
	AlertStatusDismissed AlertStatus = "Dismissed"
	// AlertStatusInProgress - Alert is being handled
	AlertStatusInProgress AlertStatus = "InProgress"
	// AlertStatusNew - New alert
	AlertStatusNew AlertStatus = "New"
	// AlertStatusResolved - Alert closed after handling
	AlertStatusResolved AlertStatus = "Resolved"
	// AlertStatusUnknown - Unknown value
	AlertStatusUnknown AlertStatus = "Unknown"
)

func PossibleAlertStatusValues added in v0.2.0 

func PossibleAlertStatusValues() []AlertStatus

PossibleAlertStatusValues returns the possible values for the AlertStatus const type.

func (AlertStatus) ToPtr added in v0.2.0 

func (c AlertStatus) ToPtr() *AlertStatus

ToPtr returns a *AlertStatus pointing to the current value.

type AlertsDataTypeOfDataConnector 

type AlertsDataTypeOfDataConnector struct {
	// REQUIRED; Alerts data type connection.
	Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"`
}

AlertsDataTypeOfDataConnector - Alerts data type for data connectors.

type Anomalies added in v0.2.0 

type Anomalies struct {
	// REQUIRED; The kind of the setting
	Kind *SettingKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Anomalies properties
	Properties *AnomaliesSettingsProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Anomalies - Settings with single toggle.

func (*Anomalies) GetSettings added in v0.2.0 

func (a *Anomalies) GetSettings() *Settings

GetSettings implements the SettingsClassification interface for type Anomalies.

func (Anomalies) MarshalJSON added in v0.2.0 

func (a Anomalies) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Anomalies.

func (*Anomalies) UnmarshalJSON added in v0.2.0 

func (a *Anomalies) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Anomalies.

type AnomaliesSettingsProperties added in v0.2.0 

type AnomaliesSettingsProperties struct {
	// READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty" azure:"ro"`
}

AnomaliesSettingsProperties - Anomalies property bag.

type AntispamMailDirection added in v0.2.0 

type AntispamMailDirection string

AntispamMailDirection - The directionality of this mail message 

const (
	// AntispamMailDirectionInbound - Inbound
	AntispamMailDirectionInbound AntispamMailDirection = "Inbound"
	// AntispamMailDirectionIntraorg - Intraorg
	AntispamMailDirectionIntraorg AntispamMailDirection = "Intraorg"
	// AntispamMailDirectionOutbound - Outbound
	AntispamMailDirectionOutbound AntispamMailDirection = "Outbound"
	// AntispamMailDirectionUnknown - Unknown
	AntispamMailDirectionUnknown AntispamMailDirection = "Unknown"
)

func PossibleAntispamMailDirectionValues added in v0.2.0 

func PossibleAntispamMailDirectionValues() []AntispamMailDirection

PossibleAntispamMailDirectionValues returns the possible values for the AntispamMailDirection const type.

func (AntispamMailDirection) ToPtr added in v0.2.0 

func (c AntispamMailDirection) ToPtr() *AntispamMailDirection

ToPtr returns a *AntispamMailDirection pointing to the current value.

type AttackTactic 

type AttackTactic string

AttackTactic - The severity for alerts created by this alert rule. 

const (
	AttackTacticCollection          AttackTactic = "Collection"
	AttackTacticCommandAndControl   AttackTactic = "CommandAndControl"
	AttackTacticCredentialAccess    AttackTactic = "CredentialAccess"
	AttackTacticDefenseEvasion      AttackTactic = "DefenseEvasion"
	AttackTacticDiscovery           AttackTactic = "Discovery"
	AttackTacticExecution           AttackTactic = "Execution"
	AttackTacticExfiltration        AttackTactic = "Exfiltration"
	AttackTacticImpact              AttackTactic = "Impact"
	AttackTacticInitialAccess       AttackTactic = "InitialAccess"
	AttackTacticLateralMovement     AttackTactic = "LateralMovement"
	AttackTacticPersistence         AttackTactic = "Persistence"
	AttackTacticPreAttack           AttackTactic = "PreAttack"
	AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation"
)

func PossibleAttackTacticValues 

func PossibleAttackTacticValues() []AttackTactic

PossibleAttackTacticValues returns the possible values for the AttackTactic const type.

func (AttackTactic) ToPtr 

func (c AttackTactic) ToPtr() *AttackTactic

ToPtr returns a *AttackTactic pointing to the current value.

type AutomationRule added in v0.2.0 

type AutomationRule struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Automation rule properties
	Properties *AutomationRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AutomationRule - Represents an automation rule.

type AutomationRuleAction added in v0.2.0 

type AutomationRuleAction struct {
	// REQUIRED; The type of the automation rule action
	ActionType *AutomationRuleActionType `json:"actionType,omitempty"`

	// REQUIRED; The order of execution of the automation rule action
	Order *int32 `json:"order,omitempty"`
}

AutomationRuleAction - Describes an automation rule action

func (*AutomationRuleAction) GetAutomationRuleAction added in v0.2.0 

func (a *AutomationRuleAction) GetAutomationRuleAction() *AutomationRuleAction

GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleAction.

type AutomationRuleActionClassification added in v0.2.0 

type AutomationRuleActionClassification interface {
	// GetAutomationRuleAction returns the AutomationRuleAction content of the underlying type.
	GetAutomationRuleAction() *AutomationRuleAction
}

AutomationRuleActionClassification provides polymorphic access to related types. Call the interface's GetAutomationRuleAction() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AutomationRuleAction, *AutomationRuleModifyPropertiesAction, *AutomationRuleRunPlaybookAction

type AutomationRuleActionType added in v0.2.0 

type AutomationRuleActionType string

AutomationRuleActionType - The type of the automation rule action 

const (
	// AutomationRuleActionTypeModifyProperties - Modify an object's properties
	AutomationRuleActionTypeModifyProperties AutomationRuleActionType = "ModifyProperties"
	// AutomationRuleActionTypeRunPlaybook - Run a playbook on an object
	AutomationRuleActionTypeRunPlaybook AutomationRuleActionType = "RunPlaybook"
)

func PossibleAutomationRuleActionTypeValues added in v0.2.0 

func PossibleAutomationRuleActionTypeValues() []AutomationRuleActionType

PossibleAutomationRuleActionTypeValues returns the possible values for the AutomationRuleActionType const type.

func (AutomationRuleActionType) ToPtr added in v0.2.0 

func (c AutomationRuleActionType) ToPtr() *AutomationRuleActionType

ToPtr returns a *AutomationRuleActionType pointing to the current value.

type AutomationRuleCondition added in v0.2.0 

type AutomationRuleCondition struct {
	// REQUIRED; The type of the automation rule condition
	ConditionType *AutomationRuleConditionType `json:"conditionType,omitempty"`
}

AutomationRuleCondition - Describes an automation rule condition

func (*AutomationRuleCondition) GetAutomationRuleCondition added in v0.2.0 

func (a *AutomationRuleCondition) GetAutomationRuleCondition() *AutomationRuleCondition

GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type AutomationRuleCondition.

type AutomationRuleConditionClassification added in v0.2.0 

type AutomationRuleConditionClassification interface {
	// GetAutomationRuleCondition returns the AutomationRuleCondition content of the underlying type.
	GetAutomationRuleCondition() *AutomationRuleCondition
}

AutomationRuleConditionClassification provides polymorphic access to related types. Call the interface's GetAutomationRuleCondition() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AutomationRuleCondition, *AutomationRulePropertyValuesCondition

type AutomationRuleConditionType added in v0.2.0 

type AutomationRuleConditionType string

AutomationRuleConditionType - The type of the automation rule condition 

const (
	// AutomationRuleConditionTypeProperty - Evaluate an object property value
	AutomationRuleConditionTypeProperty AutomationRuleConditionType = "Property"
)

func PossibleAutomationRuleConditionTypeValues added in v0.2.0 

func PossibleAutomationRuleConditionTypeValues() []AutomationRuleConditionType

PossibleAutomationRuleConditionTypeValues returns the possible values for the AutomationRuleConditionType const type.

func (AutomationRuleConditionType) ToPtr added in v0.2.0 

func (c AutomationRuleConditionType) ToPtr() *AutomationRuleConditionType

ToPtr returns a *AutomationRuleConditionType pointing to the current value.

type AutomationRuleModifyPropertiesAction added in v0.2.0 

type AutomationRuleModifyPropertiesAction struct {
	// REQUIRED; The configuration of the modify properties automation rule action
	ActionConfiguration *AutomationRuleModifyPropertiesActionConfiguration `json:"actionConfiguration,omitempty"`

	// REQUIRED; The type of the automation rule action
	ActionType *AutomationRuleActionType `json:"actionType,omitempty"`

	// REQUIRED; The order of execution of the automation rule action
	Order *int32 `json:"order,omitempty"`
}

AutomationRuleModifyPropertiesAction - Describes an automation rule action to modify an object's properties

func (*AutomationRuleModifyPropertiesAction) GetAutomationRuleAction added in v0.2.0 

func (a *AutomationRuleModifyPropertiesAction) GetAutomationRuleAction() *AutomationRuleAction

GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleModifyPropertiesAction.

func (AutomationRuleModifyPropertiesAction) MarshalJSON added in v0.2.0 

func (a AutomationRuleModifyPropertiesAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleModifyPropertiesAction.

func (*AutomationRuleModifyPropertiesAction) UnmarshalJSON added in v0.2.0 

func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleModifyPropertiesAction.

type AutomationRuleModifyPropertiesActionConfiguration added in v0.2.0 

type AutomationRuleModifyPropertiesActionConfiguration struct {
	// The reason the incident was closed
	Classification *IncidentClassification `json:"classification,omitempty"`

	// Describes the reason the incident was closed
	ClassificationComment *string `json:"classificationComment,omitempty"`

	// The classification reason the incident was closed with
	ClassificationReason *IncidentClassificationReason `json:"classificationReason,omitempty"`

	// List of labels to add to the incident
	Labels []*IncidentLabel `json:"labels,omitempty"`

	// Describes a user that the incident is assigned to
	Owner *IncidentOwnerInfo `json:"owner,omitempty"`

	// The severity of the incident
	Severity *IncidentSeverity `json:"severity,omitempty"`

	// The status of the incident
	Status *IncidentStatus `json:"status,omitempty"`
}

AutomationRuleModifyPropertiesActionConfiguration - The configuration of the modify properties automation rule action

func (AutomationRuleModifyPropertiesActionConfiguration) MarshalJSON added in v0.2.0 

func (a AutomationRuleModifyPropertiesActionConfiguration) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleModifyPropertiesActionConfiguration.

type AutomationRuleProperties added in v0.2.0 

type AutomationRuleProperties struct {
	// REQUIRED; The actions to execute when the automation rule is triggered
	Actions []AutomationRuleActionClassification `json:"actions,omitempty"`

	// REQUIRED; The display name of the automation rule
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The order of execution of the automation rule
	Order *int32 `json:"order,omitempty"`

	// REQUIRED; The triggering logic of the automation rule
	TriggeringLogic *AutomationRuleTriggeringLogic `json:"triggeringLogic,omitempty"`

	// READ-ONLY; Describes the client that created the automation rule
	CreatedBy *ClientInfo `json:"createdBy,omitempty" azure:"ro"`

	// READ-ONLY; The time the automation rule was created
	CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; Describes the client that last updated the automation rule
	LastModifiedBy *ClientInfo `json:"lastModifiedBy,omitempty" azure:"ro"`

	// READ-ONLY; The last time the automation rule was updated
	LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"`
}

AutomationRuleProperties - Describes automation rule properties

func (AutomationRuleProperties) MarshalJSON added in v0.2.0 

func (a AutomationRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleProperties.

func (*AutomationRuleProperties) UnmarshalJSON added in v0.2.0 

func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleProperties.

type AutomationRulePropertyConditionSupportedOperator added in v0.2.0 

type AutomationRulePropertyConditionSupportedOperator string

AutomationRulePropertyConditionSupportedOperator - The operator to use for evaluation the condition 

const (
	// AutomationRulePropertyConditionSupportedOperatorContains - Evaluates if the property contains at least one of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorContains AutomationRulePropertyConditionSupportedOperator = "Contains"
	// AutomationRulePropertyConditionSupportedOperatorEndsWith - Evaluates if the property ends with any of the condition values
	AutomationRulePropertyConditionSupportedOperatorEndsWith AutomationRulePropertyConditionSupportedOperator = "EndsWith"
	// AutomationRulePropertyConditionSupportedOperatorEquals - Evaluates if the property equals at least one of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorEquals AutomationRulePropertyConditionSupportedOperator = "Equals"
	// AutomationRulePropertyConditionSupportedOperatorNotContains - Evaluates if the property does not contain any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorNotContains AutomationRulePropertyConditionSupportedOperator = "NotContains"
	// AutomationRulePropertyConditionSupportedOperatorNotEndsWith - Evaluates if the property does not end with any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorNotEndsWith AutomationRulePropertyConditionSupportedOperator = "NotEndsWith"
	// AutomationRulePropertyConditionSupportedOperatorNotEquals - Evaluates if the property does not equal any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorNotEquals AutomationRulePropertyConditionSupportedOperator = "NotEquals"
	// AutomationRulePropertyConditionSupportedOperatorNotStartsWith - Evaluates if the property does not start with any of the
	// condition values
	AutomationRulePropertyConditionSupportedOperatorNotStartsWith AutomationRulePropertyConditionSupportedOperator = "NotStartsWith"
	// AutomationRulePropertyConditionSupportedOperatorStartsWith - Evaluates if the property starts with any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorStartsWith AutomationRulePropertyConditionSupportedOperator = "StartsWith"
)

func PossibleAutomationRulePropertyConditionSupportedOperatorValues added in v0.2.0 

func PossibleAutomationRulePropertyConditionSupportedOperatorValues() []AutomationRulePropertyConditionSupportedOperator

PossibleAutomationRulePropertyConditionSupportedOperatorValues returns the possible values for the AutomationRulePropertyConditionSupportedOperator const type.

func (AutomationRulePropertyConditionSupportedOperator) ToPtr added in v0.2.0 

func (c AutomationRulePropertyConditionSupportedOperator) ToPtr() *AutomationRulePropertyConditionSupportedOperator

ToPtr returns a *AutomationRulePropertyConditionSupportedOperator pointing to the current value.

type AutomationRulePropertyConditionSupportedProperty added in v0.2.0 

type AutomationRulePropertyConditionSupportedProperty string

AutomationRulePropertyConditionSupportedProperty - The property to evaluate in an automation rule property condition 

const (
	// AutomationRulePropertyConditionSupportedPropertyAccountAADTenantID - The account Azure Active Directory tenant id
	AutomationRulePropertyConditionSupportedPropertyAccountAADTenantID AutomationRulePropertyConditionSupportedProperty = "AccountAadTenantId"
	// AutomationRulePropertyConditionSupportedPropertyAccountAADUserID - The account Azure Active Directory user id.
	AutomationRulePropertyConditionSupportedPropertyAccountAADUserID AutomationRulePropertyConditionSupportedProperty = "AccountAadUserId"
	// AutomationRulePropertyConditionSupportedPropertyAccountNTDomain - The account NetBIOS domain name
	AutomationRulePropertyConditionSupportedPropertyAccountNTDomain AutomationRulePropertyConditionSupportedProperty = "AccountNTDomain"
	// AutomationRulePropertyConditionSupportedPropertyAccountName - The account name
	AutomationRulePropertyConditionSupportedPropertyAccountName AutomationRulePropertyConditionSupportedProperty = "AccountName"
	// AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID - The account unique identifier
	AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID AutomationRulePropertyConditionSupportedProperty = "AccountObjectGuid"
	// AutomationRulePropertyConditionSupportedPropertyAccountPUID - The account Azure Active Directory Passport User ID
	AutomationRulePropertyConditionSupportedPropertyAccountPUID AutomationRulePropertyConditionSupportedProperty = "AccountPUID"
	// AutomationRulePropertyConditionSupportedPropertyAccountSid - The account security identifier
	AutomationRulePropertyConditionSupportedPropertyAccountSid AutomationRulePropertyConditionSupportedProperty = "AccountSid"
	// AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix - The account user principal name suffix
	AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix AutomationRulePropertyConditionSupportedProperty = "AccountUPNSuffix"
	// AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID - The Azure resource id
	AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID AutomationRulePropertyConditionSupportedProperty = "AzureResourceResourceId"
	// AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID - The Azure resource subscription id
	AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID AutomationRulePropertyConditionSupportedProperty = "AzureResourceSubscriptionId"
	// AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID - The cloud application identifier
	AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppId"
	// AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName - The cloud application name
	AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppName"
	// AutomationRulePropertyConditionSupportedPropertyDNSDomainName - The dns record domain name
	AutomationRulePropertyConditionSupportedPropertyDNSDomainName AutomationRulePropertyConditionSupportedProperty = "DNSDomainName"
	// AutomationRulePropertyConditionSupportedPropertyFileDirectory - The file directory full path
	AutomationRulePropertyConditionSupportedPropertyFileDirectory AutomationRulePropertyConditionSupportedProperty = "FileDirectory"
	// AutomationRulePropertyConditionSupportedPropertyFileHashValue - The file hash value
	AutomationRulePropertyConditionSupportedPropertyFileHashValue AutomationRulePropertyConditionSupportedProperty = "FileHashValue"
	// AutomationRulePropertyConditionSupportedPropertyFileName - The file name without path
	AutomationRulePropertyConditionSupportedPropertyFileName AutomationRulePropertyConditionSupportedProperty = "FileName"
	// AutomationRulePropertyConditionSupportedPropertyHostAzureID - The host Azure resource id
	AutomationRulePropertyConditionSupportedPropertyHostAzureID AutomationRulePropertyConditionSupportedProperty = "HostAzureID"
	// AutomationRulePropertyConditionSupportedPropertyHostNTDomain - The host NT domain
	AutomationRulePropertyConditionSupportedPropertyHostNTDomain AutomationRulePropertyConditionSupportedProperty = "HostNTDomain"
	// AutomationRulePropertyConditionSupportedPropertyHostName - The host name without domain
	AutomationRulePropertyConditionSupportedPropertyHostName AutomationRulePropertyConditionSupportedProperty = "HostName"
	// AutomationRulePropertyConditionSupportedPropertyHostNetBiosName - The host NetBIOS name
	AutomationRulePropertyConditionSupportedPropertyHostNetBiosName AutomationRulePropertyConditionSupportedProperty = "HostNetBiosName"
	// AutomationRulePropertyConditionSupportedPropertyHostOSVersion - The host operating system
	AutomationRulePropertyConditionSupportedPropertyHostOSVersion AutomationRulePropertyConditionSupportedProperty = "HostOSVersion"
	// AutomationRulePropertyConditionSupportedPropertyIPAddress - The IP address
	AutomationRulePropertyConditionSupportedPropertyIPAddress AutomationRulePropertyConditionSupportedProperty = "IPAddress"
	// AutomationRulePropertyConditionSupportedPropertyIncidentDescription - The description of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentDescription AutomationRulePropertyConditionSupportedProperty = "IncidentDescription"
	// AutomationRulePropertyConditionSupportedPropertyIncidentProviderName - The provider name of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentProviderName AutomationRulePropertyConditionSupportedProperty = "IncidentProviderName"
	// AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs - The related Analytic rule ids of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs AutomationRulePropertyConditionSupportedProperty = "IncidentRelatedAnalyticRuleIds"
	// AutomationRulePropertyConditionSupportedPropertyIncidentSeverity - The severity of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentSeverity AutomationRulePropertyConditionSupportedProperty = "IncidentSeverity"
	// AutomationRulePropertyConditionSupportedPropertyIncidentStatus - The status of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentStatus AutomationRulePropertyConditionSupportedProperty = "IncidentStatus"
	// AutomationRulePropertyConditionSupportedPropertyIncidentTactics - The tactics of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentTactics AutomationRulePropertyConditionSupportedProperty = "IncidentTactics"
	// AutomationRulePropertyConditionSupportedPropertyIncidentTitle - The title of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentTitle AutomationRulePropertyConditionSupportedProperty = "IncidentTitle"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceID - The IoT device id
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceID AutomationRulePropertyConditionSupportedProperty = "IoTDeviceId"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel - The IoT device model
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel AutomationRulePropertyConditionSupportedProperty = "IoTDeviceModel"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceName - The IoT device name
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceName AutomationRulePropertyConditionSupportedProperty = "IoTDeviceName"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem - The IoT device operating system
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem AutomationRulePropertyConditionSupportedProperty = "IoTDeviceOperatingSystem"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceType - The IoT device type
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceType AutomationRulePropertyConditionSupportedProperty = "IoTDeviceType"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor - The IoT device vendor
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor AutomationRulePropertyConditionSupportedProperty = "IoTDeviceVendor"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction - The mail message delivery action
	AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryAction"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation - The mail message delivery location
	AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryLocation"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender - The mail message P1 sender
	AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP1Sender"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender - The mail message P2 sender
	AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP2Sender"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient - The mail message recipient
	AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient AutomationRulePropertyConditionSupportedProperty = "MailMessageRecipient"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP - The mail message sender IP address
	AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP AutomationRulePropertyConditionSupportedProperty = "MailMessageSenderIP"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageSubject - The mail message subject
	AutomationRulePropertyConditionSupportedPropertyMailMessageSubject AutomationRulePropertyConditionSupportedProperty = "MailMessageSubject"
	// AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName - The mailbox display name
	AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName AutomationRulePropertyConditionSupportedProperty = "MailboxDisplayName"
	// AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress - The mailbox primary address
	AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress AutomationRulePropertyConditionSupportedProperty = "MailboxPrimaryAddress"
	// AutomationRulePropertyConditionSupportedPropertyMailboxUPN - The mailbox user principal name
	AutomationRulePropertyConditionSupportedPropertyMailboxUPN AutomationRulePropertyConditionSupportedProperty = "MailboxUPN"
	// AutomationRulePropertyConditionSupportedPropertyMalwareCategory - The malware category
	AutomationRulePropertyConditionSupportedPropertyMalwareCategory AutomationRulePropertyConditionSupportedProperty = "MalwareCategory"
	// AutomationRulePropertyConditionSupportedPropertyMalwareName - The malware name
	AutomationRulePropertyConditionSupportedPropertyMalwareName AutomationRulePropertyConditionSupportedProperty = "MalwareName"
	// AutomationRulePropertyConditionSupportedPropertyProcessCommandLine - The process execution command line
	AutomationRulePropertyConditionSupportedPropertyProcessCommandLine AutomationRulePropertyConditionSupportedProperty = "ProcessCommandLine"
	// AutomationRulePropertyConditionSupportedPropertyProcessID - The process id
	AutomationRulePropertyConditionSupportedPropertyProcessID AutomationRulePropertyConditionSupportedProperty = "ProcessId"
	// AutomationRulePropertyConditionSupportedPropertyRegistryKey - The registry key path
	AutomationRulePropertyConditionSupportedPropertyRegistryKey AutomationRulePropertyConditionSupportedProperty = "RegistryKey"
	// AutomationRulePropertyConditionSupportedPropertyRegistryValueData - The registry key value in string formatted representation
	AutomationRulePropertyConditionSupportedPropertyRegistryValueData AutomationRulePropertyConditionSupportedProperty = "RegistryValueData"
	// AutomationRulePropertyConditionSupportedPropertyURL - The url
	AutomationRulePropertyConditionSupportedPropertyURL AutomationRulePropertyConditionSupportedProperty = "Url"
)

func PossibleAutomationRulePropertyConditionSupportedPropertyValues added in v0.2.0 

func PossibleAutomationRulePropertyConditionSupportedPropertyValues() []AutomationRulePropertyConditionSupportedProperty

PossibleAutomationRulePropertyConditionSupportedPropertyValues returns the possible values for the AutomationRulePropertyConditionSupportedProperty const type.

func (AutomationRulePropertyConditionSupportedProperty) ToPtr added in v0.2.0 

func (c AutomationRulePropertyConditionSupportedProperty) ToPtr() *AutomationRulePropertyConditionSupportedProperty

ToPtr returns a *AutomationRulePropertyConditionSupportedProperty pointing to the current value.

type AutomationRulePropertyValuesCondition added in v0.2.0 

type AutomationRulePropertyValuesCondition struct {
	// REQUIRED; The configuration of the automation rule condition
	ConditionProperties *AutomationRulePropertyValuesConditionProperties `json:"conditionProperties,omitempty"`

	// REQUIRED; The type of the automation rule condition
	ConditionType *AutomationRuleConditionType `json:"conditionType,omitempty"`
}

AutomationRulePropertyValuesCondition - Describes an automation rule condition that evaluates a property's value

func (*AutomationRulePropertyValuesCondition) GetAutomationRuleCondition added in v0.2.0 

func (a *AutomationRulePropertyValuesCondition) GetAutomationRuleCondition() *AutomationRuleCondition

GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type AutomationRulePropertyValuesCondition.

func (AutomationRulePropertyValuesCondition) MarshalJSON added in v0.2.0 

func (a AutomationRulePropertyValuesCondition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesCondition.

func (*AutomationRulePropertyValuesCondition) UnmarshalJSON added in v0.2.0 

func (a *AutomationRulePropertyValuesCondition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyValuesCondition.

type AutomationRulePropertyValuesConditionProperties added in v0.2.0 

type AutomationRulePropertyValuesConditionProperties struct {
	// The operator to use for evaluation the condition
	Operator *AutomationRulePropertyConditionSupportedOperator `json:"operator,omitempty"`

	// The property to evaluate
	PropertyName *AutomationRulePropertyConditionSupportedProperty `json:"propertyName,omitempty"`

	// The values to use for evaluating the condition
	PropertyValues []*string `json:"propertyValues,omitempty"`
}

AutomationRulePropertyValuesConditionProperties - The configuration of the automation rule condition

func (AutomationRulePropertyValuesConditionProperties) MarshalJSON added in v0.2.0 

func (a AutomationRulePropertyValuesConditionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesConditionProperties.

type AutomationRuleRunPlaybookAction added in v0.2.0 

type AutomationRuleRunPlaybookAction struct {
	// REQUIRED; The configuration of the run playbook automation rule action
	ActionConfiguration *AutomationRuleRunPlaybookActionConfiguration `json:"actionConfiguration,omitempty"`

	// REQUIRED; The type of the automation rule action
	ActionType *AutomationRuleActionType `json:"actionType,omitempty"`

	// REQUIRED; The order of execution of the automation rule action
	Order *int32 `json:"order,omitempty"`
}

AutomationRuleRunPlaybookAction - Describes an automation rule action to run a playbook

func (*AutomationRuleRunPlaybookAction) GetAutomationRuleAction added in v0.2.0 

func (a *AutomationRuleRunPlaybookAction) GetAutomationRuleAction() *AutomationRuleAction

GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleRunPlaybookAction.

func (AutomationRuleRunPlaybookAction) MarshalJSON added in v0.2.0 

func (a AutomationRuleRunPlaybookAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleRunPlaybookAction.

func (*AutomationRuleRunPlaybookAction) UnmarshalJSON added in v0.2.0 

func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleRunPlaybookAction.

type AutomationRuleRunPlaybookActionConfiguration added in v0.2.0 

type AutomationRuleRunPlaybookActionConfiguration struct {
	// The resource id of the playbook resource
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`

	// The tenant id of the playbook resource
	TenantID *string `json:"tenantId,omitempty"`
}

AutomationRuleRunPlaybookActionConfiguration - The configuration of the run playbook automation rule action

type AutomationRuleTriggeringLogic added in v0.2.0 

type AutomationRuleTriggeringLogic struct {
	// REQUIRED; Determines whether the automation rule is enabled or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`

	// REQUIRED; The type of object the automation rule triggers on
	TriggersOn *TriggersOn `json:"triggersOn,omitempty"`

	// REQUIRED; The type of event the automation rule triggers on
	TriggersWhen *TriggersWhen `json:"triggersWhen,omitempty"`

	// The conditions to evaluate to determine if the automation rule should be triggered on a given object
	Conditions []AutomationRuleConditionClassification `json:"conditions,omitempty"`

	// Determines when the automation rule should automatically expire and be disabled.
	ExpirationTimeUTC *time.Time `json:"expirationTimeUtc,omitempty"`
}

AutomationRuleTriggeringLogic - Describes automation rule triggering logic

func (AutomationRuleTriggeringLogic) MarshalJSON added in v0.2.0 

func (a AutomationRuleTriggeringLogic) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleTriggeringLogic.

func (*AutomationRuleTriggeringLogic) UnmarshalJSON added in v0.2.0 

func (a *AutomationRuleTriggeringLogic) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleTriggeringLogic.

type AutomationRulesClient added in v0.2.0 

type AutomationRulesClient struct {
	// contains filtered or unexported fields
}

AutomationRulesClient contains the methods for the AutomationRules group. Don't use this type directly, use NewAutomationRulesClient() instead.

func NewAutomationRulesClient added in v0.2.0 

func NewAutomationRulesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *AutomationRulesClient

NewAutomationRulesClient creates a new instance of AutomationRulesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*AutomationRulesClient) CreateOrUpdate added in v0.2.0 

func (client *AutomationRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, automationRule AutomationRule, options *AutomationRulesClientCreateOrUpdateOptions) (AutomationRulesClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the automation rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. automationRuleID - Automation rule ID automationRule - The automation rule options - AutomationRulesClientCreateOrUpdateOptions contains the optional parameters for the AutomationRulesClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/CreateAutomationRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewAutomationRulesClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<automation-rule-id>",
		armsecurityinsight.AutomationRule{
			Etag: to.StringPtr("<etag>"),
			Properties: &armsecurityinsight.AutomationRuleProperties{
				Actions: []armsecurityinsight.AutomationRuleActionClassification{
					&armsecurityinsight.AutomationRuleModifyPropertiesAction{
						ActionType: armsecurityinsight.AutomationRuleActionType("ModifyProperties").ToPtr(),
						Order:      to.Int32Ptr(1),
						ActionConfiguration: &armsecurityinsight.AutomationRuleModifyPropertiesActionConfiguration{
							Severity: armsecurityinsight.IncidentSeverity("High").ToPtr(),
						},
					},
					&armsecurityinsight.AutomationRuleRunPlaybookAction{
						ActionType: armsecurityinsight.AutomationRuleActionType("RunPlaybook").ToPtr(),
						Order:      to.Int32Ptr(2),
						ActionConfiguration: &armsecurityinsight.AutomationRuleRunPlaybookActionConfiguration{
							LogicAppResourceID: to.StringPtr("<logic-app-resource-id>"),
							TenantID:           to.StringPtr("<tenant-id>"),
						},
					}},
				DisplayName: to.StringPtr("<display-name>"),
				Order:       to.Int32Ptr(1),
				TriggeringLogic: &armsecurityinsight.AutomationRuleTriggeringLogic{
					Conditions: []armsecurityinsight.AutomationRuleConditionClassification{
						&armsecurityinsight.AutomationRulePropertyValuesCondition{
							ConditionType: armsecurityinsight.AutomationRuleConditionType("Property").ToPtr(),
							ConditionProperties: &armsecurityinsight.AutomationRulePropertyValuesConditionProperties{
								Operator:     armsecurityinsight.AutomationRulePropertyConditionSupportedOperator("Contains").ToPtr(),
								PropertyName: armsecurityinsight.AutomationRulePropertyConditionSupportedProperty("IncidentRelatedAnalyticRuleIds").ToPtr(),
								PropertyValues: []*string{
									to.StringPtr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
									to.StringPtr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")},
							},
						}},
					IsEnabled:    to.BoolPtr(true),
					TriggersOn:   armsecurityinsight.TriggersOn("Incidents").ToPtr(),
					TriggersWhen: armsecurityinsight.TriggersWhen("Created").ToPtr(),
				},
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.AutomationRulesClientCreateOrUpdateResult)
}

Output:

func (*AutomationRulesClient) Delete added in v0.2.0 

func (client *AutomationRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, options *AutomationRulesClientDeleteOptions) (AutomationRulesClientDeleteResponse, error)

Delete - Delete the automation rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. automationRuleID - Automation rule ID options - AutomationRulesClientDeleteOptions contains the optional parameters for the AutomationRulesClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/DeleteAutomationRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewAutomationRulesClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<automation-rule-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*AutomationRulesClient) Get added in v0.2.0 

func (client *AutomationRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, options *AutomationRulesClientGetOptions) (AutomationRulesClientGetResponse, error)

Get - Gets the automation rule. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. automationRuleID - Automation rule ID options - AutomationRulesClientGetOptions contains the optional parameters for the AutomationRulesClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/GetAutomationRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewAutomationRulesClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<automation-rule-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.AutomationRulesClientGetResult)
}

Output:

func (*AutomationRulesClient) List added in v0.2.0 

func (client *AutomationRulesClient) List(resourceGroupName string, workspaceName string, options *AutomationRulesClientListOptions) *AutomationRulesClientListPager

List - Gets all automation rules. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - AutomationRulesClientListOptions contains the optional parameters for the AutomationRulesClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/automationRules/GetAllAutomationRules.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewAutomationRulesClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type AutomationRulesClientCreateOrUpdateOptions added in v0.2.0 

type AutomationRulesClientCreateOrUpdateOptions struct {
}

AutomationRulesClientCreateOrUpdateOptions contains the optional parameters for the AutomationRulesClient.CreateOrUpdate method.

type AutomationRulesClientCreateOrUpdateResponse added in v0.2.0 

type AutomationRulesClientCreateOrUpdateResponse struct {
	AutomationRulesClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

AutomationRulesClientCreateOrUpdateResponse contains the response from method AutomationRulesClient.CreateOrUpdate.

type AutomationRulesClientCreateOrUpdateResult added in v0.2.0 

type AutomationRulesClientCreateOrUpdateResult struct {
	AutomationRule
}

AutomationRulesClientCreateOrUpdateResult contains the result from method AutomationRulesClient.CreateOrUpdate.

type AutomationRulesClientDeleteOptions added in v0.2.0 

type AutomationRulesClientDeleteOptions struct {
}

AutomationRulesClientDeleteOptions contains the optional parameters for the AutomationRulesClient.Delete method.

type AutomationRulesClientDeleteResponse added in v0.2.0 

type AutomationRulesClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

AutomationRulesClientDeleteResponse contains the response from method AutomationRulesClient.Delete.

type AutomationRulesClientGetOptions added in v0.2.0 

type AutomationRulesClientGetOptions struct {
}

AutomationRulesClientGetOptions contains the optional parameters for the AutomationRulesClient.Get method.

type AutomationRulesClientGetResponse added in v0.2.0 

type AutomationRulesClientGetResponse struct {
	AutomationRulesClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

AutomationRulesClientGetResponse contains the response from method AutomationRulesClient.Get.

type AutomationRulesClientGetResult added in v0.2.0 

type AutomationRulesClientGetResult struct {
	AutomationRule
}

AutomationRulesClientGetResult contains the result from method AutomationRulesClient.Get.

type AutomationRulesClientListOptions added in v0.2.0 

type AutomationRulesClientListOptions struct {
}

AutomationRulesClientListOptions contains the optional parameters for the AutomationRulesClient.List method.

type AutomationRulesClientListPager added in v0.2.0 

type AutomationRulesClientListPager struct {
	// contains filtered or unexported fields
}

AutomationRulesClientListPager provides operations for iterating over paged responses.

func (*AutomationRulesClientListPager) Err added in v0.2.0 

func (p *AutomationRulesClientListPager) Err() error

Err returns the last error encountered while paging.

func (*AutomationRulesClientListPager) NextPage added in v0.2.0 

func (p *AutomationRulesClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*AutomationRulesClientListPager) PageResponse added in v0.2.0 

func (p *AutomationRulesClientListPager) PageResponse() AutomationRulesClientListResponse

PageResponse returns the current AutomationRulesClientListResponse page.

type AutomationRulesClientListResponse added in v0.2.0 

type AutomationRulesClientListResponse struct {
	AutomationRulesClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

AutomationRulesClientListResponse contains the response from method AutomationRulesClient.List.

type AutomationRulesClientListResult added in v0.2.0 

type AutomationRulesClientListResult struct {
	AutomationRulesList
}

AutomationRulesClientListResult contains the result from method AutomationRulesClient.List.

type AutomationRulesList added in v0.2.0 

type AutomationRulesList struct {
	// REQUIRED; Array of automation rules.
	Value []*AutomationRule `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of automation rules.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

AutomationRulesList - List all the automation rules.

func (AutomationRulesList) MarshalJSON added in v0.2.0 

func (a AutomationRulesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRulesList.

type Availability added in v0.2.0 

type Availability struct {
	// Set connector as preview
	IsPreview *bool `json:"isPreview,omitempty"`

	// The connector Availability Status
	Status *int32 `json:"status,omitempty"`
}

Availability - Connector Availability Status

type AwsCloudTrailCheckRequirements added in v0.2.0 

type AwsCloudTrailCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`
}

AwsCloudTrailCheckRequirements - Amazon Web Services CloudTrail requirements check request.

func (*AwsCloudTrailCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (a *AwsCloudTrailCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) MarshalJSON added in v0.2.0 

func (a AwsCloudTrailCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailCheckRequirements.

func (*AwsCloudTrailCheckRequirements) UnmarshalJSON added in v0.2.0 

func (a *AwsCloudTrailCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailCheckRequirements.

type AwsCloudTrailDataConnector 

type AwsCloudTrailDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Amazon Web Services CloudTrail data connector properties.
	Properties *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AwsCloudTrailDataConnector - Represents Amazon Web Services CloudTrail data connector.

func (*AwsCloudTrailDataConnector) GetDataConnector added in v0.2.0 

func (a *AwsCloudTrailDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) MarshalJSON 

func (a AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnector.

func (*AwsCloudTrailDataConnector) UnmarshalJSON 

func (a *AwsCloudTrailDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnector.

type AwsCloudTrailDataConnectorDataTypes 

type AwsCloudTrailDataConnectorDataTypes struct {
	// REQUIRED; Logs data type.
	Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsCloudTrailDataConnectorDataTypes - The available data types for Amazon Web Services CloudTrail data connector.

type AwsCloudTrailDataConnectorDataTypesLogs 

type AwsCloudTrailDataConnectorDataTypesLogs struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

AwsCloudTrailDataConnectorDataTypesLogs - Logs data type.

type AwsCloudTrailDataConnectorProperties 

type AwsCloudTrailDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
	AwsRoleArn *string `json:"awsRoleArn,omitempty"`
}

AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.

type AwsS3CheckRequirements added in v0.2.0 

type AwsS3CheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`
}

AwsS3CheckRequirements - Amazon Web Services S3 requirements check request.

func (*AwsS3CheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (a *AwsS3CheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AwsS3CheckRequirements.

func (AwsS3CheckRequirements) MarshalJSON added in v0.2.0 

func (a AwsS3CheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsS3CheckRequirements.

func (*AwsS3CheckRequirements) UnmarshalJSON added in v0.2.0 

func (a *AwsS3CheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3CheckRequirements.

type AwsS3DataConnector added in v0.2.0 

type AwsS3DataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Amazon Web Services S3 data connector properties.
	Properties *AwsS3DataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AwsS3DataConnector - Represents Amazon Web Services S3 data connector.

func (*AwsS3DataConnector) GetDataConnector added in v0.2.0 

func (a *AwsS3DataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AwsS3DataConnector.

func (AwsS3DataConnector) MarshalJSON added in v0.2.0 

func (a AwsS3DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnector.

func (*AwsS3DataConnector) UnmarshalJSON added in v0.2.0 

func (a *AwsS3DataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnector.

type AwsS3DataConnectorDataTypes added in v0.2.0 

type AwsS3DataConnectorDataTypes struct {
	// REQUIRED; Logs data type.
	Logs *AwsS3DataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsS3DataConnectorDataTypes - The available data types for Amazon Web Services S3 data connector.

type AwsS3DataConnectorDataTypesLogs added in v0.2.0 

type AwsS3DataConnectorDataTypesLogs struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

AwsS3DataConnectorDataTypesLogs - Logs data type.

type AwsS3DataConnectorProperties added in v0.2.0 

type AwsS3DataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *AwsS3DataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The logs destination table name in LogAnalytics.
	DestinationTable *string `json:"destinationTable,omitempty"`

	// REQUIRED; The Aws Role Arn that is used to access the Aws account.
	RoleArn *string `json:"roleArn,omitempty"`

	// REQUIRED; The AWS sqs urls for the connector.
	SqsUrls []*string `json:"sqsUrls,omitempty"`
}

AwsS3DataConnectorProperties - Amazon Web Services S3 data connector properties.

func (AwsS3DataConnectorProperties) MarshalJSON added in v0.2.0 

func (a AwsS3DataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnectorProperties.

type AzureResourceEntity added in v0.2.0 

type AzureResourceEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// AzureResource entity properties
	Properties *AzureResourceEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AzureResourceEntity - Represents an azure resource entity.

func (*AzureResourceEntity) GetEntity added in v0.2.0 

func (a *AzureResourceEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type AzureResourceEntity.

func (AzureResourceEntity) MarshalJSON added in v0.2.0 

func (a AzureResourceEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AzureResourceEntity.

func (*AzureResourceEntity) UnmarshalJSON added in v0.2.0 

func (a *AzureResourceEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntity.

type AzureResourceEntityProperties added in v0.2.0 

type AzureResourceEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The azure resource id of the resource
	ResourceID *string `json:"resourceId,omitempty" azure:"ro"`

	// READ-ONLY; The subscription id of the resource
	SubscriptionID *string `json:"subscriptionId,omitempty" azure:"ro"`
}

AzureResourceEntityProperties - AzureResource entity property bag.

func (AzureResourceEntityProperties) MarshalJSON added in v0.2.0 

func (a AzureResourceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AzureResourceEntityProperties.

type Bookmark 

type Bookmark struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Bookmark properties
	Properties *BookmarkProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Bookmark - Represents a bookmark in Azure Security Insights.

type BookmarkClient added in v0.2.0 

type BookmarkClient struct {
	// contains filtered or unexported fields
}

BookmarkClient contains the methods for the Bookmark group. Don't use this type directly, use NewBookmarkClient() instead.

func NewBookmarkClient added in v0.2.0 

func NewBookmarkClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *BookmarkClient

NewBookmarkClient creates a new instance of BookmarkClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*BookmarkClient) Expand added in v0.2.0 

func (client *BookmarkClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters, options *BookmarkClientExpandOptions) (BookmarkClientExpandResponse, error)

Expand - Expand an bookmark If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID parameters - The parameters required to execute an expand operation on the given bookmark. options - BookmarkClientExpandOptions contains the optional parameters for the BookmarkClient.Expand method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json 

package main

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewBookmarkClient("<subscription-id>", cred, nil)
	res, err := client.Expand(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<bookmark-id>",
		armsecurityinsight.BookmarkExpandParameters{
			EndTime:     to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-24T17:21:00.000Z"); return t }()),
			ExpansionID: to.StringPtr("<expansion-id>"),
			StartTime:   to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-25T17:21:00.000Z"); return t }()),
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.BookmarkClientExpandResult)
}

Output:

type BookmarkClientExpandOptions added in v0.2.0 

type BookmarkClientExpandOptions struct {
}

BookmarkClientExpandOptions contains the optional parameters for the BookmarkClient.Expand method.

type BookmarkClientExpandResponse added in v0.2.0 

type BookmarkClientExpandResponse struct {
	BookmarkClientExpandResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

BookmarkClientExpandResponse contains the response from method BookmarkClient.Expand.

type BookmarkClientExpandResult added in v0.2.0 

type BookmarkClientExpandResult struct {
	BookmarkExpandResponse
}

BookmarkClientExpandResult contains the result from method BookmarkClient.Expand.

type BookmarkExpandParameters added in v0.2.0 

type BookmarkExpandParameters struct {
	// The end date filter, so the only expansion results returned are before this date.
	EndTime *time.Time `json:"endTime,omitempty"`

	// The Id of the expansion to perform.
	ExpansionID *string `json:"expansionId,omitempty"`

	// The start date filter, so the only expansion results returned are after this date.
	StartTime *time.Time `json:"startTime,omitempty"`
}

BookmarkExpandParameters - The parameters required to execute an expand operation on the given bookmark.

func (BookmarkExpandParameters) MarshalJSON added in v0.2.0 

func (b BookmarkExpandParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkExpandParameters.

func (*BookmarkExpandParameters) UnmarshalJSON added in v0.2.0 

func (b *BookmarkExpandParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandParameters.

type BookmarkExpandResponse added in v0.2.0 

type BookmarkExpandResponse struct {
	// The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`

	// The expansion result values.
	Value *BookmarkExpandResponseValue `json:"value,omitempty"`
}

BookmarkExpandResponse - The entity expansion result operation response.

type BookmarkExpandResponseValue added in v0.2.0 

type BookmarkExpandResponseValue struct {
	// Array of expansion result connected entities
	Edges []*ConnectedEntity `json:"edges,omitempty"`

	// Array of the expansion result entities.
	Entities []EntityClassification `json:"entities,omitempty"`
}

BookmarkExpandResponseValue - The expansion result values.

func (BookmarkExpandResponseValue) MarshalJSON added in v0.2.0 

func (b BookmarkExpandResponseValue) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkExpandResponseValue.

func (*BookmarkExpandResponseValue) UnmarshalJSON added in v0.2.0 

func (b *BookmarkExpandResponseValue) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandResponseValue.

type BookmarkList 

type BookmarkList struct {
	// REQUIRED; Array of bookmarks.
	Value []*Bookmark `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of cases.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

BookmarkList - List all the bookmarks.

func (BookmarkList) MarshalJSON 

func (b BookmarkList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkList.

type BookmarkProperties 

type BookmarkProperties struct {
	// REQUIRED; The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The query of the bookmark.
	Query *string `json:"query,omitempty"`

	// The time the bookmark was created
	Created *time.Time `json:"created,omitempty"`

	// Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`

	// The bookmark event time
	EventTime *time.Time `json:"eventTime,omitempty"`

	// Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`

	// List of labels relevant to this bookmark
	Labels []*string `json:"labels,omitempty"`

	// The notes of the bookmark
	Notes *string `json:"notes,omitempty"`

	// The end time for the query
	QueryEndTime *time.Time `json:"queryEndTime,omitempty"`

	// The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`

	// The start time for the query
	QueryStartTime *time.Time `json:"queryStartTime,omitempty"`

	// The last time the bookmark was updated
	Updated *time.Time `json:"updated,omitempty"`

	// Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
}

BookmarkProperties - Describes bookmark properties

func (BookmarkProperties) MarshalJSON 

func (b BookmarkProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkProperties.

func (*BookmarkProperties) UnmarshalJSON 

func (b *BookmarkProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkProperties.

type BookmarkRelationsClient added in v0.2.0 

type BookmarkRelationsClient struct {
	// contains filtered or unexported fields
}

BookmarkRelationsClient contains the methods for the BookmarkRelations group. Don't use this type directly, use NewBookmarkRelationsClient() instead.

func NewBookmarkRelationsClient added in v0.2.0 

func NewBookmarkRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *BookmarkRelationsClient

NewBookmarkRelationsClient creates a new instance of BookmarkRelationsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*BookmarkRelationsClient) CreateOrUpdate added in v0.2.0 

func (client *BookmarkRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, relation Relation, options *BookmarkRelationsClientCreateOrUpdateOptions) (BookmarkRelationsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates the bookmark relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID relationName - Relation Name relation - The relation model options - BookmarkRelationsClientCreateOrUpdateOptions contains the optional parameters for the BookmarkRelationsClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewBookmarkRelationsClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<bookmark-id>",
		"<relation-name>",
		armsecurityinsight.Relation{
			Properties: &armsecurityinsight.RelationProperties{
				RelatedResourceID: to.StringPtr("<related-resource-id>"),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.BookmarkRelationsClientCreateOrUpdateResult)
}

Output:

func (*BookmarkRelationsClient) Delete added in v0.2.0 

func (client *BookmarkRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientDeleteOptions) (BookmarkRelationsClientDeleteResponse, error)

Delete - Delete the bookmark relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID relationName - Relation Name options - BookmarkRelationsClientDeleteOptions contains the optional parameters for the BookmarkRelationsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewBookmarkRelationsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<bookmark-id>",
		"<relation-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*BookmarkRelationsClient) Get added in v0.2.0 

func (client *BookmarkRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientGetOptions) (BookmarkRelationsClientGetResponse, error)

Get - Gets a bookmark relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID relationName - Relation Name options - BookmarkRelationsClientGetOptions contains the optional parameters for the BookmarkRelationsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewBookmarkRelationsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<bookmark-id>",
		"<relation-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.BookmarkRelationsClientGetResult)
}

Output:

func (*BookmarkRelationsClient) List added in v0.2.0 

func (client *BookmarkRelationsClient) List(resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarkRelationsClientListOptions) *BookmarkRelationsClientListPager

List - Gets all bookmark relations. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID options - BookmarkRelationsClientListOptions contains the optional parameters for the BookmarkRelationsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewBookmarkRelationsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		"<bookmark-id>",
		&armsecurityinsight.BookmarkRelationsClientListOptions{Filter: nil,
			Orderby:   nil,
			Top:       nil,
			SkipToken: nil,
		})
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type BookmarkRelationsClientCreateOrUpdateOptions added in v0.2.0 

type BookmarkRelationsClientCreateOrUpdateOptions struct {
}

BookmarkRelationsClientCreateOrUpdateOptions contains the optional parameters for the BookmarkRelationsClient.CreateOrUpdate method.

type BookmarkRelationsClientCreateOrUpdateResponse added in v0.2.0 

type BookmarkRelationsClientCreateOrUpdateResponse struct {
	BookmarkRelationsClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

BookmarkRelationsClientCreateOrUpdateResponse contains the response from method BookmarkRelationsClient.CreateOrUpdate.

type BookmarkRelationsClientCreateOrUpdateResult added in v0.2.0 

type BookmarkRelationsClientCreateOrUpdateResult struct {
	Relation
}

BookmarkRelationsClientCreateOrUpdateResult contains the result from method BookmarkRelationsClient.CreateOrUpdate.

type BookmarkRelationsClientDeleteOptions added in v0.2.0 

type BookmarkRelationsClientDeleteOptions struct {
}

BookmarkRelationsClientDeleteOptions contains the optional parameters for the BookmarkRelationsClient.Delete method.

type BookmarkRelationsClientDeleteResponse added in v0.2.0 

type BookmarkRelationsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

BookmarkRelationsClientDeleteResponse contains the response from method BookmarkRelationsClient.Delete.

type BookmarkRelationsClientGetOptions added in v0.2.0 

type BookmarkRelationsClientGetOptions struct {
}

BookmarkRelationsClientGetOptions contains the optional parameters for the BookmarkRelationsClient.Get method.

type BookmarkRelationsClientGetResponse added in v0.2.0 

type BookmarkRelationsClientGetResponse struct {
	BookmarkRelationsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

BookmarkRelationsClientGetResponse contains the response from method BookmarkRelationsClient.Get.

type BookmarkRelationsClientGetResult added in v0.2.0 

type BookmarkRelationsClientGetResult struct {
	Relation
}

BookmarkRelationsClientGetResult contains the result from method BookmarkRelationsClient.Get.

type BookmarkRelationsClientListOptions added in v0.2.0 

type BookmarkRelationsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

BookmarkRelationsClientListOptions contains the optional parameters for the BookmarkRelationsClient.List method.

type BookmarkRelationsClientListPager added in v0.2.0 

type BookmarkRelationsClientListPager struct {
	// contains filtered or unexported fields
}

BookmarkRelationsClientListPager provides operations for iterating over paged responses.

func (*BookmarkRelationsClientListPager) Err added in v0.2.0 

func (p *BookmarkRelationsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*BookmarkRelationsClientListPager) NextPage added in v0.2.0 

func (p *BookmarkRelationsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*BookmarkRelationsClientListPager) PageResponse added in v0.2.0 

func (p *BookmarkRelationsClientListPager) PageResponse() BookmarkRelationsClientListResponse

PageResponse returns the current BookmarkRelationsClientListResponse page.

type BookmarkRelationsClientListResponse added in v0.2.0 

type BookmarkRelationsClientListResponse struct {
	BookmarkRelationsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

BookmarkRelationsClientListResponse contains the response from method BookmarkRelationsClient.List.

type BookmarkRelationsClientListResult added in v0.2.0 

type BookmarkRelationsClientListResult struct {
	RelationList
}

BookmarkRelationsClientListResult contains the result from method BookmarkRelationsClient.List.

type BookmarkTimelineItem added in v0.2.0 

type BookmarkTimelineItem struct {
	// REQUIRED; The bookmark azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`

	// REQUIRED; The entity query kind type.
	Kind *EntityTimelineKind `json:"kind,omitempty"`

	// Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`

	// The bookmark display name.
	DisplayName *string `json:"displayName,omitempty"`

	// The bookmark end time.
	EndTimeUTC *time.Time `json:"endTimeUtc,omitempty"`

	// The bookmark event time.
	EventTime *time.Time `json:"eventTime,omitempty"`

	// List of labels relevant to this bookmark
	Labels []*string `json:"labels,omitempty"`

	// The notes of the bookmark
	Notes *string `json:"notes,omitempty"`

	// The bookmark start time.
	StartTimeUTC *time.Time `json:"startTimeUtc,omitempty"`
}

BookmarkTimelineItem - Represents bookmark timeline item.

func (*BookmarkTimelineItem) GetEntityTimelineItem added in v0.2.0 

func (b *BookmarkTimelineItem) GetEntityTimelineItem() *EntityTimelineItem

GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type BookmarkTimelineItem.

func (BookmarkTimelineItem) MarshalJSON added in v0.2.0 

func (b BookmarkTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkTimelineItem.

func (*BookmarkTimelineItem) UnmarshalJSON added in v0.2.0 

func (b *BookmarkTimelineItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkTimelineItem.

type BookmarksClient 

type BookmarksClient struct {
	// contains filtered or unexported fields
}

BookmarksClient contains the methods for the Bookmarks group. Don't use this type directly, use NewBookmarksClient() instead.

func NewBookmarksClient 

func NewBookmarksClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *BookmarksClient

NewBookmarksClient creates a new instance of BookmarksClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*BookmarksClient) CreateOrUpdate 

func (client *BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark Bookmark, options *BookmarksClientCreateOrUpdateOptions) (BookmarksClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the bookmark. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID bookmark - The bookmark options - BookmarksClientCreateOrUpdateOptions contains the optional parameters for the BookmarksClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/CreateBookmark.json 

package main

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewBookmarksClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<bookmark-id>",
		armsecurityinsight.Bookmark{
			Etag: to.StringPtr("<etag>"),
			Properties: &armsecurityinsight.BookmarkProperties{
				Created: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t }()),
				CreatedBy: &armsecurityinsight.UserInfo{
					ObjectID: to.StringPtr("<object-id>"),
				},
				DisplayName: to.StringPtr("<display-name>"),
				Labels: []*string{
					to.StringPtr("Tag1"),
					to.StringPtr("Tag2")},
				Notes:       to.StringPtr("<notes>"),
				Query:       to.StringPtr("<query>"),
				QueryResult: to.StringPtr("<query-result>"),
				Updated:     to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t }()),
				UpdatedBy: &armsecurityinsight.UserInfo{
					ObjectID: to.StringPtr("<object-id>"),
				},
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.BookmarksClientCreateOrUpdateResult)
}

Output:

func (*BookmarksClient) Delete 

func (client *BookmarksClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarksClientDeleteOptions) (BookmarksClientDeleteResponse, error)

Delete - Delete the bookmark. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID options - BookmarksClientDeleteOptions contains the optional parameters for the BookmarksClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/DeleteBookmark.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewBookmarksClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<bookmark-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*BookmarksClient) Get 

func (client *BookmarksClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarksClientGetOptions) (BookmarksClientGetResponse, error)

Get - Gets a bookmark. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. bookmarkID - Bookmark ID options - BookmarksClientGetOptions contains the optional parameters for the BookmarksClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/GetBookmarkById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewBookmarksClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<bookmark-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.BookmarksClientGetResult)
}

Output:

func (*BookmarksClient) List 

func (client *BookmarksClient) List(resourceGroupName string, workspaceName string, options *BookmarksClientListOptions) *BookmarksClientListPager

List - Gets all bookmarks. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - BookmarksClientListOptions contains the optional parameters for the BookmarksClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/bookmarks/GetBookmarks.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewBookmarksClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type BookmarksClientCreateOrUpdateOptions added in v0.2.0 

type BookmarksClientCreateOrUpdateOptions struct {
}

BookmarksClientCreateOrUpdateOptions contains the optional parameters for the BookmarksClient.CreateOrUpdate method.

type BookmarksClientCreateOrUpdateResponse added in v0.2.0 

type BookmarksClientCreateOrUpdateResponse struct {
	BookmarksClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

BookmarksClientCreateOrUpdateResponse contains the response from method BookmarksClient.CreateOrUpdate.

type BookmarksClientCreateOrUpdateResult added in v0.2.0 

type BookmarksClientCreateOrUpdateResult struct {
	Bookmark
}

BookmarksClientCreateOrUpdateResult contains the result from method BookmarksClient.CreateOrUpdate.

type BookmarksClientDeleteOptions added in v0.2.0 

type BookmarksClientDeleteOptions struct {
}

BookmarksClientDeleteOptions contains the optional parameters for the BookmarksClient.Delete method.

type BookmarksClientDeleteResponse added in v0.2.0 

type BookmarksClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

BookmarksClientDeleteResponse contains the response from method BookmarksClient.Delete.

type BookmarksClientGetOptions added in v0.2.0 

type BookmarksClientGetOptions struct {
}

BookmarksClientGetOptions contains the optional parameters for the BookmarksClient.Get method.

type BookmarksClientGetResponse added in v0.2.0 

type BookmarksClientGetResponse struct {
	BookmarksClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

BookmarksClientGetResponse contains the response from method BookmarksClient.Get.

type BookmarksClientGetResult added in v0.2.0 

type BookmarksClientGetResult struct {
	Bookmark
}

BookmarksClientGetResult contains the result from method BookmarksClient.Get.

type BookmarksClientListOptions added in v0.2.0 

type BookmarksClientListOptions struct {
}

BookmarksClientListOptions contains the optional parameters for the BookmarksClient.List method.

type BookmarksClientListPager added in v0.2.0 

type BookmarksClientListPager struct {
	// contains filtered or unexported fields
}

BookmarksClientListPager provides operations for iterating over paged responses.

func (*BookmarksClientListPager) Err added in v0.2.0 

func (p *BookmarksClientListPager) Err() error

Err returns the last error encountered while paging.

func (*BookmarksClientListPager) NextPage added in v0.2.0 

func (p *BookmarksClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*BookmarksClientListPager) PageResponse added in v0.2.0 

func (p *BookmarksClientListPager) PageResponse() BookmarksClientListResponse

PageResponse returns the current BookmarksClientListResponse page.

type BookmarksClientListResponse added in v0.2.0 

type BookmarksClientListResponse struct {
	BookmarksClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

BookmarksClientListResponse contains the response from method BookmarksClient.List.

type BookmarksClientListResult added in v0.2.0 

type BookmarksClientListResult struct {
	BookmarkList
}

BookmarksClientListResult contains the result from method BookmarksClient.List.

type ClientInfo 

type ClientInfo struct {
	// The email of the client.
	Email *string `json:"email,omitempty"`

	// The name of the client.
	Name *string `json:"name,omitempty"`

	// The object id of the client.
	ObjectID *string `json:"objectId,omitempty"`

	// The user principal name of the client.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
}

ClientInfo - Information on the client (user or application) that made some action

type CloudApplicationEntity added in v0.2.0 

type CloudApplicationEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// CloudApplication entity properties
	Properties *CloudApplicationEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

CloudApplicationEntity - Represents a cloud application entity.

func (*CloudApplicationEntity) GetEntity added in v0.2.0 

func (c *CloudApplicationEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type CloudApplicationEntity.

func (CloudApplicationEntity) MarshalJSON added in v0.2.0 

func (c CloudApplicationEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntity.

func (*CloudApplicationEntity) UnmarshalJSON added in v0.2.0 

func (c *CloudApplicationEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntity.

type CloudApplicationEntityProperties added in v0.2.0 

type CloudApplicationEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The technical identifier of the application.
	AppID *int32 `json:"appId,omitempty" azure:"ro"`

	// READ-ONLY; The name of the related cloud application.
	AppName *string `json:"appName,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications
	// of the same type that a customer has.
	InstanceName *string `json:"instanceName,omitempty" azure:"ro"`
}

CloudApplicationEntityProperties - CloudApplication entity property bag.

func (CloudApplicationEntityProperties) MarshalJSON added in v0.2.0 

func (c CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntityProperties.

type CloudError 

type CloudError struct {
	// Error data
	Error *CloudErrorBody `json:"error,omitempty"`
}

CloudError - Error response structure.

type CloudErrorBody added in v0.2.0 

type CloudErrorBody struct {
	// READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
	Code *string `json:"code,omitempty" azure:"ro"`

	// READ-ONLY; A message describing the error, intended to be suitable for display in a user interface.
	Message *string `json:"message,omitempty" azure:"ro"`
}

CloudErrorBody - Error details.

type CodelessAPIPollingDataConnector added in v0.2.0 

type CodelessAPIPollingDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Codeless poling data connector properties
	Properties *APIPollingParameters `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

CodelessAPIPollingDataConnector - Represents Codeless API Polling data connector.

func (*CodelessAPIPollingDataConnector) GetDataConnector added in v0.2.0 

func (c *CodelessAPIPollingDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) MarshalJSON added in v0.2.0 

func (c CodelessAPIPollingDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessAPIPollingDataConnector.

func (*CodelessAPIPollingDataConnector) UnmarshalJSON added in v0.2.0 

func (c *CodelessAPIPollingDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessAPIPollingDataConnector.

type CodelessConnectorPollingAuthProperties added in v0.2.0 

type CodelessConnectorPollingAuthProperties struct {
	// REQUIRED; The authentication type
	AuthType *string `json:"authType,omitempty"`

	// A prefix send in the header before the actual token
	APIKeyIdentifier *string `json:"apiKeyIdentifier,omitempty"`

	// The header name which the token is sent with
	APIKeyName *string `json:"apiKeyName,omitempty"`

	// The endpoint used to authorize the user, used in Oauth 2.0 flow
	AuthorizationEndpoint *string `json:"authorizationEndpoint,omitempty"`

	// The query parameters used in authorization request, used in Oauth 2.0 flow
	AuthorizationEndpointQueryParameters map[string]interface{} `json:"authorizationEndpointQueryParameters,omitempty"`

	// Describes the flow name, for example 'AuthCode' for Oauth 2.0
	FlowName *string `json:"flowName,omitempty"`

	// Marks if the key should sent in header
	IsAPIKeyInPostPayload *string `json:"isApiKeyInPostPayload,omitempty"`

	// Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow
	IsClientSecretInHeader *bool `json:"isClientSecretInHeader,omitempty"`

	// The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow
	RedirectionEndpoint *string `json:"redirectionEndpoint,omitempty"`

	// The OAuth token scope
	Scope *string `json:"scope,omitempty"`

	// The endpoint used to issue a token, used in Oauth 2.0 flow
	TokenEndpoint *string `json:"tokenEndpoint,omitempty"`

	// The query headers used in token request, used in Oauth 2.0 flow
	TokenEndpointHeaders map[string]interface{} `json:"tokenEndpointHeaders,omitempty"`

	// The query parameters used in token request, used in Oauth 2.0 flow
	TokenEndpointQueryParameters map[string]interface{} `json:"tokenEndpointQueryParameters,omitempty"`
}

CodelessConnectorPollingAuthProperties - Describe the authentication properties needed to successfully authenticate with the server

type CodelessConnectorPollingConfigProperties added in v0.2.0 

type CodelessConnectorPollingConfigProperties struct {
	// REQUIRED; Describe the authentication type of the poller
	Auth *CodelessConnectorPollingAuthProperties `json:"auth,omitempty"`

	// REQUIRED; Describe the poll request config parameters of the poller
	Request *CodelessConnectorPollingRequestProperties `json:"request,omitempty"`

	// The poller active status
	IsActive *bool `json:"isActive,omitempty"`

	// Describe the poll request paging config of the poller
	Paging *CodelessConnectorPollingPagingProperties `json:"paging,omitempty"`

	// Describe the response config parameters of the poller
	Response *CodelessConnectorPollingResponseProperties `json:"response,omitempty"`
}

CodelessConnectorPollingConfigProperties - Config to describe the polling config for API poller connector

type CodelessConnectorPollingPagingProperties added in v0.2.0 

type CodelessConnectorPollingPagingProperties struct {
	// REQUIRED; Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'
	PagingType *string `json:"pagingType,omitempty"`

	// Defines the name of a next page attribute
	NextPageParaName *string `json:"nextPageParaName,omitempty"`

	// Defines the path to a next page token JSON
	NextPageTokenJSONPath *string `json:"nextPageTokenJsonPath,omitempty"`

	// Defines the path to a page count attribute
	PageCountAttributePath *string `json:"pageCountAttributePath,omitempty"`

	// Defines the paging size
	PageSize *int32 `json:"pageSize,omitempty"`

	// Defines the name of the page size parameter
	PageSizeParaName *string `json:"pageSizeParaName,omitempty"`

	// Defines the path to a paging time stamp attribute
	PageTimeStampAttributePath *string `json:"pageTimeStampAttributePath,omitempty"`

	// Defines the path to a page total count attribute
	PageTotalCountAttributePath *string `json:"pageTotalCountAttributePath,omitempty"`

	// Determines whether to search for the latest time stamp in the events list
	SearchTheLatestTimeStampFromEventsList *string `json:"searchTheLatestTimeStampFromEventsList,omitempty"`
}

CodelessConnectorPollingPagingProperties - Describe the properties needed to make a pagination call

type CodelessConnectorPollingRequestProperties added in v0.2.0 

type CodelessConnectorPollingRequestProperties struct {
	// REQUIRED; Describe the endpoint we should pull the data from
	APIEndpoint *string `json:"apiEndpoint,omitempty"`

	// REQUIRED; The http method type we will use in the poll request, GET or POST
	HTTPMethod *string `json:"httpMethod,omitempty"`

	// REQUIRED; The time format will be used the query events in a specific window
	QueryTimeFormat *string `json:"queryTimeFormat,omitempty"`

	// REQUIRED; The window interval we will use the pull the data
	QueryWindowInMin *int32 `json:"queryWindowInMin,omitempty"`

	// This will be used the query events from the end of the time window
	EndTimeAttributeName *string `json:"endTimeAttributeName,omitempty"`

	// Describe the headers sent in the poll request
	Headers map[string]interface{} `json:"headers,omitempty"`

	// Describe the query parameters sent in the poll request
	QueryParameters map[string]interface{} `json:"queryParameters,omitempty"`

	// For advanced scenarios for example user name/password embedded in nested JSON payload
	QueryParametersTemplate *string `json:"queryParametersTemplate,omitempty"`

	// Defines the rate limit QPS
	RateLimitQPS *int32 `json:"rateLimitQps,omitempty"`

	// Describe the amount of time we should try and poll the data in case of failure
	RetryCount *int32 `json:"retryCount,omitempty"`

	// This will be used the query events from a start of the time window
	StartTimeAttributeName *string `json:"startTimeAttributeName,omitempty"`

	// The number of seconds we will consider as a request timeout
	TimeoutInSeconds *int32 `json:"timeoutInSeconds,omitempty"`
}

CodelessConnectorPollingRequestProperties - Describe the request properties needed to successfully pull from the server

type CodelessConnectorPollingResponseProperties added in v0.2.0 

type CodelessConnectorPollingResponseProperties struct {
	// REQUIRED; Describes the path we should extract the data in the response
	EventsJSONPaths []*string `json:"eventsJsonPaths,omitempty"`

	// Describes if the data in the response is Gzip
	IsGzipCompressed *bool `json:"isGzipCompressed,omitempty"`

	// Describes the path we should extract the status code in the response
	SuccessStatusJSONPath *string `json:"successStatusJsonPath,omitempty"`

	// Describes the path we should extract the status value in the response
	SuccessStatusValue *string `json:"successStatusValue,omitempty"`
}

CodelessConnectorPollingResponseProperties - Describes the response from the external server

func (CodelessConnectorPollingResponseProperties) MarshalJSON added in v0.2.0 

func (c CodelessConnectorPollingResponseProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingResponseProperties.

type CodelessParameters added in v0.2.0 

type CodelessParameters struct {
	// Config to describe the instructions blade
	ConnectorUIConfig *CodelessUIConnectorConfigProperties `json:"connectorUiConfig,omitempty"`
}

CodelessParameters - Represents Codeless UI data connector

type CodelessUIConnectorConfigProperties added in v0.2.0 

type CodelessUIConnectorConfigProperties struct {
	// REQUIRED; Connector Availability Status
	Availability *Availability `json:"availability,omitempty"`

	// REQUIRED; Define the way the connector check connectivity
	ConnectivityCriteria []*CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem `json:"connectivityCriteria,omitempty"`

	// REQUIRED; Data types to check for last data received
	DataTypes []*CodelessUIConnectorConfigPropertiesDataTypesItem `json:"dataTypes,omitempty"`

	// REQUIRED; Connector description
	DescriptionMarkdown *string `json:"descriptionMarkdown,omitempty"`

	// REQUIRED; The graph query to show the current data status
	GraphQueries []*CodelessUIConnectorConfigPropertiesGraphQueriesItem `json:"graphQueries,omitempty"`

	// REQUIRED; Name of the table the connector will insert the data to
	GraphQueriesTableName *string `json:"graphQueriesTableName,omitempty"`

	// REQUIRED; Instruction steps to enable the connector
	InstructionSteps []*CodelessUIConnectorConfigPropertiesInstructionStepsItem `json:"instructionSteps,omitempty"`

	// REQUIRED; Permissions required for the connector
	Permissions *Permissions `json:"permissions,omitempty"`

	// REQUIRED; Connector publisher name
	Publisher *string `json:"publisher,omitempty"`

	// REQUIRED; The sample queries for the connector
	SampleQueries []*CodelessUIConnectorConfigPropertiesSampleQueriesItem `json:"sampleQueries,omitempty"`

	// REQUIRED; Connector blade title
	Title *string `json:"title,omitempty"`

	// An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery
	CustomImage *string `json:"customImage,omitempty"`
}

CodelessUIConnectorConfigProperties - Config to describe the instructions blade

func (CodelessUIConnectorConfigProperties) MarshalJSON added in v0.2.0 

func (c CodelessUIConnectorConfigProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigProperties.

type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem added in v0.2.0 

type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem struct {
	// type of connectivity
	Type *ConnectivityType `json:"type,omitempty"`

	// Queries for checking connectivity
	Value []*string `json:"value,omitempty"`
}

func (CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) MarshalJSON added in v0.2.0 

func (c CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem.

type CodelessUIConnectorConfigPropertiesDataTypesItem added in v0.2.0 

type CodelessUIConnectorConfigPropertiesDataTypesItem struct {
	// Query for indicate last data received
	LastDataReceivedQuery *string `json:"lastDataReceivedQuery,omitempty"`

	// Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder
	Name *string `json:"name,omitempty"`
}

type CodelessUIConnectorConfigPropertiesGraphQueriesItem added in v0.2.0 

type CodelessUIConnectorConfigPropertiesGraphQueriesItem struct {
	// The base query for the graph
	BaseQuery *string `json:"baseQuery,omitempty"`

	// The legend for the graph
	Legend *string `json:"legend,omitempty"`

	// the metric that the query is checking
	MetricName *string `json:"metricName,omitempty"`
}

type CodelessUIConnectorConfigPropertiesInstructionStepsItem added in v0.2.0 

type CodelessUIConnectorConfigPropertiesInstructionStepsItem struct {
	// Instruction step description
	Description *string `json:"description,omitempty"`

	// Instruction step details
	Instructions []*InstructionStepsInstructionsItem `json:"instructions,omitempty"`

	// Instruction step title
	Title *string `json:"title,omitempty"`
}

func (CodelessUIConnectorConfigPropertiesInstructionStepsItem) MarshalJSON added in v0.2.0 

func (c CodelessUIConnectorConfigPropertiesInstructionStepsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesInstructionStepsItem.

type CodelessUIConnectorConfigPropertiesSampleQueriesItem added in v0.2.0 

type CodelessUIConnectorConfigPropertiesSampleQueriesItem struct {
	// The sample query description
	Description *string `json:"description,omitempty"`

	// the sample query
	Query *string `json:"query,omitempty"`
}

type CodelessUIDataConnector added in v0.2.0 

type CodelessUIDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Codeless UI data connector properties
	Properties *CodelessParameters `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

CodelessUIDataConnector - Represents Codeless UI data connector.

func (*CodelessUIDataConnector) GetDataConnector added in v0.2.0 

func (c *CodelessUIDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type CodelessUIDataConnector.

func (CodelessUIDataConnector) MarshalJSON added in v0.2.0 

func (c CodelessUIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIDataConnector.

func (*CodelessUIDataConnector) UnmarshalJSON added in v0.2.0 

func (c *CodelessUIDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIDataConnector.

type ConfidenceLevel added in v0.2.0 

type ConfidenceLevel string

ConfidenceLevel - The confidence level of this alert. 

const (
	// ConfidenceLevelHigh - High confidence that the alert is true positive malicious
	ConfidenceLevelHigh ConfidenceLevel = "High"
	// ConfidenceLevelLow - Low confidence, meaning we have some doubts this is indeed malicious or part of an attack
	ConfidenceLevelLow ConfidenceLevel = "Low"
	// ConfidenceLevelUnknown - Unknown confidence, the is the default value
	ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)

func PossibleConfidenceLevelValues added in v0.2.0 

func PossibleConfidenceLevelValues() []ConfidenceLevel

PossibleConfidenceLevelValues returns the possible values for the ConfidenceLevel const type.

func (ConfidenceLevel) ToPtr added in v0.2.0 

func (c ConfidenceLevel) ToPtr() *ConfidenceLevel

ToPtr returns a *ConfidenceLevel pointing to the current value.

type ConfidenceScoreStatus added in v0.2.0 

type ConfidenceScoreStatus string

ConfidenceScoreStatus - The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. 

const (
	// ConfidenceScoreStatusFinal - Final score was calculated and available
	ConfidenceScoreStatusFinal ConfidenceScoreStatus = "Final"
	// ConfidenceScoreStatusInProcess - No score was set yet and calculation is in progress
	ConfidenceScoreStatusInProcess ConfidenceScoreStatus = "InProcess"
	// ConfidenceScoreStatusNotApplicable - Score will not be calculated for this alert as it is not supported by virtual analyst
	ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable"
	// ConfidenceScoreStatusNotFinal - Score is calculated and shown as part of the alert, but may be updated again at a later
	// time following the processing of additional data
	ConfidenceScoreStatusNotFinal ConfidenceScoreStatus = "NotFinal"
)

func PossibleConfidenceScoreStatusValues added in v0.2.0 

func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus

PossibleConfidenceScoreStatusValues returns the possible values for the ConfidenceScoreStatus const type.

func (ConfidenceScoreStatus) ToPtr added in v0.2.0 

func (c ConfidenceScoreStatus) ToPtr() *ConfidenceScoreStatus

ToPtr returns a *ConfidenceScoreStatus pointing to the current value.

type ConnectAuthKind added in v0.2.0 

type ConnectAuthKind string

ConnectAuthKind - The authentication kind used to poll the data 

const (
	ConnectAuthKindAPIKey ConnectAuthKind = "APIKey"
	ConnectAuthKindBasic  ConnectAuthKind = "Basic"
	ConnectAuthKindOAuth2 ConnectAuthKind = "OAuth2"
)

func PossibleConnectAuthKindValues added in v0.2.0 

func PossibleConnectAuthKindValues() []ConnectAuthKind

PossibleConnectAuthKindValues returns the possible values for the ConnectAuthKind const type.

func (ConnectAuthKind) ToPtr added in v0.2.0 

func (c ConnectAuthKind) ToPtr() *ConnectAuthKind

ToPtr returns a *ConnectAuthKind pointing to the current value.

type ConnectedEntity added in v0.2.0 

type ConnectedEntity struct {
	// key-value pairs for a connected entity mapping
	AdditionalData map[string]interface{} `json:"additionalData,omitempty"`

	// Entity Id of the connected entity
	TargetEntityID *string `json:"targetEntityId,omitempty"`
}

ConnectedEntity - Expansion result connected entities

type ConnectivityCriteria added in v0.2.0 

type ConnectivityCriteria struct {
	// type of connectivity
	Type *ConnectivityType `json:"type,omitempty"`

	// Queries for checking connectivity
	Value []*string `json:"value,omitempty"`
}

ConnectivityCriteria - Setting for the connector check connectivity

func (ConnectivityCriteria) MarshalJSON added in v0.2.0 

func (c ConnectivityCriteria) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ConnectivityCriteria.

type ConnectivityType added in v0.2.0 

type ConnectivityType string

ConnectivityType - type of connectivity 

const (
	ConnectivityTypeIsConnectedQuery ConnectivityType = "IsConnectedQuery"
)

func PossibleConnectivityTypeValues added in v0.2.0 

func PossibleConnectivityTypeValues() []ConnectivityType

PossibleConnectivityTypeValues returns the possible values for the ConnectivityType const type.

func (ConnectivityType) ToPtr added in v0.2.0 

func (c ConnectivityType) ToPtr() *ConnectivityType

ToPtr returns a *ConnectivityType pointing to the current value.

type ConnectorInstructionModelBase added in v0.2.0 

type ConnectorInstructionModelBase struct {
	// REQUIRED; The kind of the setting
	Type *SettingType `json:"type,omitempty"`

	// The parameters for the setting
	Parameters map[string]interface{} `json:"parameters,omitempty"`
}

ConnectorInstructionModelBase - Instruction step details

type ContentPathMap added in v0.2.0 

type ContentPathMap struct {
	// Content type.
	ContentType *ContentType `json:"contentType,omitempty"`

	// The path to the content.
	Path *string `json:"path,omitempty"`
}

ContentPathMap - The mapping of content type to a repo path.

type ContentType added in v0.2.0 

type ContentType string

ContentType - The content type of a source control path. 

const (
	ContentTypeAnalyticRule ContentType = "AnalyticRule"
	ContentTypeWorkbook     ContentType = "Workbook"
)

func PossibleContentTypeValues added in v0.2.0 

func PossibleContentTypeValues() []ContentType

PossibleContentTypeValues returns the possible values for the ContentType const type.

func (ContentType) ToPtr added in v0.2.0 

func (c ContentType) ToPtr() *ContentType

ToPtr returns a *ContentType pointing to the current value.

type CreatedByType added in v0.2.0 

type CreatedByType string

CreatedByType - The type of identity that created the resource. 

const (
	CreatedByTypeApplication     CreatedByType = "Application"
	CreatedByTypeKey             CreatedByType = "Key"
	CreatedByTypeManagedIdentity CreatedByType = "ManagedIdentity"
	CreatedByTypeUser            CreatedByType = "User"
)

func PossibleCreatedByTypeValues added in v0.2.0 

func PossibleCreatedByTypeValues() []CreatedByType

PossibleCreatedByTypeValues returns the possible values for the CreatedByType const type.

func (CreatedByType) ToPtr added in v0.2.0 

func (c CreatedByType) ToPtr() *CreatedByType

ToPtr returns a *CreatedByType pointing to the current value.

type CustomEntityQuery added in v0.2.0 

type CustomEntityQuery struct {
	// REQUIRED; the entity query kind
	Kind *CustomEntityQueryKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

CustomEntityQuery - Specific entity query that supports put requests.

func (*CustomEntityQuery) GetCustomEntityQuery added in v0.2.0 

func (c *CustomEntityQuery) GetCustomEntityQuery() *CustomEntityQuery

GetCustomEntityQuery implements the CustomEntityQueryClassification interface for type CustomEntityQuery.

type CustomEntityQueryClassification added in v0.2.0 

type CustomEntityQueryClassification interface {
	// GetCustomEntityQuery returns the CustomEntityQuery content of the underlying type.
	GetCustomEntityQuery() *CustomEntityQuery
}

CustomEntityQueryClassification provides polymorphic access to related types. Call the interface's GetCustomEntityQuery() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityCustomEntityQuery, *CustomEntityQuery

type CustomEntityQueryKind added in v0.2.0 

type CustomEntityQueryKind string

CustomEntityQueryKind - The kind of the entity query that supports put request. 

const (
	CustomEntityQueryKindActivity CustomEntityQueryKind = "Activity"
)

func PossibleCustomEntityQueryKindValues added in v0.2.0 

func PossibleCustomEntityQueryKindValues() []CustomEntityQueryKind

PossibleCustomEntityQueryKindValues returns the possible values for the CustomEntityQueryKind const type.

func (CustomEntityQueryKind) ToPtr added in v0.2.0 

func (c CustomEntityQueryKind) ToPtr() *CustomEntityQueryKind

ToPtr returns a *CustomEntityQueryKind pointing to the current value.

type Customs added in v0.2.0 

type Customs struct {
	// Customs permissions description
	Description *string `json:"description,omitempty"`

	// Customs permissions name
	Name *string `json:"name,omitempty"`
}

Customs permissions required for the connector

type CustomsPermission added in v0.2.0 

type CustomsPermission struct {
	// Customs permissions description
	Description *string `json:"description,omitempty"`

	// Customs permissions name
	Name *string `json:"name,omitempty"`
}

CustomsPermission - Customs permissions required for the connector

type DNSEntity added in v0.2.0 

type DNSEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Dns entity properties
	Properties *DNSEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

DNSEntity - Represents a dns entity.

func (*DNSEntity) GetEntity added in v0.2.0 

func (d *DNSEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type DNSEntity.

func (DNSEntity) MarshalJSON added in v0.2.0 

func (d DNSEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DNSEntity.

func (*DNSEntity) UnmarshalJSON added in v0.2.0 

func (d *DNSEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntity.

type DNSEntityProperties added in v0.2.0 

type DNSEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; An ip entity id for the dns server resolving the request
	DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The name of the dns record associated with the alert
	DomainName *string `json:"domainName,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; An ip entity id for the dns request client
	HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty" azure:"ro"`

	// READ-ONLY; Ip entity identifiers for the resolved ip address.
	IPAddressEntityIDs []*string `json:"ipAddressEntityIds,omitempty" azure:"ro"`
}

DNSEntityProperties - Dns entity property bag.

func (DNSEntityProperties) MarshalJSON added in v0.2.0 

func (d DNSEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DNSEntityProperties.

type DataConnector 

type DataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

DataConnector - Data connector

func (*DataConnector) GetDataConnector 

func (d *DataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type DataConnector.

type DataConnectorAuthorizationState added in v0.2.0 

type DataConnectorAuthorizationState string

DataConnectorAuthorizationState - Describes the state of user's authorization for a connector kind. 

const (
	DataConnectorAuthorizationStateInvalid DataConnectorAuthorizationState = "Invalid"
	DataConnectorAuthorizationStateValid   DataConnectorAuthorizationState = "Valid"
)

func PossibleDataConnectorAuthorizationStateValues added in v0.2.0 

func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState

PossibleDataConnectorAuthorizationStateValues returns the possible values for the DataConnectorAuthorizationState const type.

func (DataConnectorAuthorizationState) ToPtr added in v0.2.0 

func (c DataConnectorAuthorizationState) ToPtr() *DataConnectorAuthorizationState

ToPtr returns a *DataConnectorAuthorizationState pointing to the current value.

type DataConnectorClassification 

type DataConnectorClassification interface {
	// GetDataConnector returns the DataConnector content of the underlying type.
	GetDataConnector() *DataConnector
}

DataConnectorClassification provides polymorphic access to related types. Call the interface's GetDataConnector() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AADDataConnector, *AATPDataConnector, *ASCDataConnector, *AwsCloudTrailDataConnector, *AwsS3DataConnector, *CodelessAPIPollingDataConnector, - *CodelessUIDataConnector, *DataConnector, *Dynamics365DataConnector, *MCASDataConnector, *MDATPDataConnector, *MSTIDataConnector, - *MTPDataConnector, *OfficeATPDataConnector, *OfficeDataConnector, *OfficeIRMDataConnector, *TIDataConnector, *TiTaxiiDataConnector

type DataConnectorConnectBody added in v0.2.0 

type DataConnectorConnectBody struct {
	// The API key of the audit server.
	APIKey *string `json:"apiKey,omitempty"`

	// The authorization code used in OAuth 2.0 code flow to issue a token.
	AuthorizationCode *string `json:"authorizationCode,omitempty"`

	// The client id of the OAuth 2.0 application.
	ClientID *string `json:"clientId,omitempty"`

	// The client secret of the OAuth 2.0 application.
	ClientSecret *string `json:"clientSecret,omitempty"`

	// The authentication kind used to poll the data
	Kind *ConnectAuthKind `json:"kind,omitempty"`

	// The user password in the audit log server.
	Password                     *string                  `json:"password,omitempty"`
	RequestConfigUserInputValues []map[string]interface{} `json:"requestConfigUserInputValues,omitempty"`

	// The user name in the audit log server.
	UserName *string `json:"userName,omitempty"`
}

DataConnectorConnectBody - Represents Codeless API Polling data connector.

func (DataConnectorConnectBody) MarshalJSON added in v0.2.0 

func (d DataConnectorConnectBody) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnectorConnectBody.

type DataConnectorDataTypeCommon 

type DataConnectorDataTypeCommon struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

DataConnectorDataTypeCommon - Common field for data type in data connectors.

type DataConnectorKind 

type DataConnectorKind string

DataConnectorKind - The kind of the data connector 

const (
	DataConnectorKindAPIPolling                                DataConnectorKind = "APIPolling"
	DataConnectorKindAmazonWebServicesCloudTrail               DataConnectorKind = "AmazonWebServicesCloudTrail"
	DataConnectorKindAmazonWebServicesS3                       DataConnectorKind = "AmazonWebServicesS3"
	DataConnectorKindAzureActiveDirectory                      DataConnectorKind = "AzureActiveDirectory"
	DataConnectorKindAzureAdvancedThreatProtection             DataConnectorKind = "AzureAdvancedThreatProtection"
	DataConnectorKindAzureSecurityCenter                       DataConnectorKind = "AzureSecurityCenter"
	DataConnectorKindDynamics365                               DataConnectorKind = "Dynamics365"
	DataConnectorKindGenericUI                                 DataConnectorKind = "GenericUI"
	DataConnectorKindMicrosoftCloudAppSecurity                 DataConnectorKind = "MicrosoftCloudAppSecurity"
	DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
	DataConnectorKindMicrosoftThreatIntelligence               DataConnectorKind = "MicrosoftThreatIntelligence"
	DataConnectorKindMicrosoftThreatProtection                 DataConnectorKind = "MicrosoftThreatProtection"
	DataConnectorKindOffice365                                 DataConnectorKind = "Office365"
	DataConnectorKindOfficeATP                                 DataConnectorKind = "OfficeATP"
	DataConnectorKindOfficeIRM                                 DataConnectorKind = "OfficeIRM"
	DataConnectorKindThreatIntelligence                        DataConnectorKind = "ThreatIntelligence"
	DataConnectorKindThreatIntelligenceTaxii                   DataConnectorKind = "ThreatIntelligenceTaxii"
)

func PossibleDataConnectorKindValues 

func PossibleDataConnectorKindValues() []DataConnectorKind

PossibleDataConnectorKindValues returns the possible values for the DataConnectorKind const type.

func (DataConnectorKind) ToPtr 

func (c DataConnectorKind) ToPtr() *DataConnectorKind

ToPtr returns a *DataConnectorKind pointing to the current value.

type DataConnectorLicenseState added in v0.2.0 

type DataConnectorLicenseState string

DataConnectorLicenseState - Describes the state of user's license for a connector kind. 

const (
	DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid"
	DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown"
	DataConnectorLicenseStateValid   DataConnectorLicenseState = "Valid"
)

func PossibleDataConnectorLicenseStateValues added in v0.2.0 

func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState

PossibleDataConnectorLicenseStateValues returns the possible values for the DataConnectorLicenseState const type.

func (DataConnectorLicenseState) ToPtr added in v0.2.0 

func (c DataConnectorLicenseState) ToPtr() *DataConnectorLicenseState

ToPtr returns a *DataConnectorLicenseState pointing to the current value.

type DataConnectorList 

type DataConnectorList struct {
	// REQUIRED; Array of data connectors.
	Value []DataConnectorClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of data connectors.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

DataConnectorList - List all the data connectors.

func (DataConnectorList) MarshalJSON 

func (d DataConnectorList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnectorList.

func (*DataConnectorList) UnmarshalJSON 

func (d *DataConnectorList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorList.

type DataConnectorRequirementsState added in v0.2.0 

type DataConnectorRequirementsState struct {
	// Authorization state for this connector
	AuthorizationState *DataConnectorAuthorizationState `json:"authorizationState,omitempty"`

	// License state for this connector
	LicenseState *DataConnectorLicenseState `json:"licenseState,omitempty"`
}

DataConnectorRequirementsState - Data connector requirements status.

type DataConnectorTenantID 

type DataConnectorTenantID struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

DataConnectorTenantID - Properties data connector on tenant level.

type DataConnectorWithAlertsProperties 

type DataConnectorWithAlertsProperties struct {
	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

DataConnectorWithAlertsProperties - Data connector properties.

type DataConnectorsCheckRequirements added in v0.2.0 

type DataConnectorsCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`
}

DataConnectorsCheckRequirements - Data connector requirements properties.

func (*DataConnectorsCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (d *DataConnectorsCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type DataConnectorsCheckRequirements.

type DataConnectorsCheckRequirementsClassification added in v0.2.0 

type DataConnectorsCheckRequirementsClassification interface {
	// GetDataConnectorsCheckRequirements returns the DataConnectorsCheckRequirements content of the underlying type.
	GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
}

DataConnectorsCheckRequirementsClassification provides polymorphic access to related types. Call the interface's GetDataConnectorsCheckRequirements() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AADCheckRequirements, *AATPCheckRequirements, *ASCCheckRequirements, *AwsCloudTrailCheckRequirements, *AwsS3CheckRequirements, - *DataConnectorsCheckRequirements, *Dynamics365CheckRequirements, *MCASCheckRequirements, *MDATPCheckRequirements, *MSTICheckRequirements, - *MtpCheckRequirements, *OfficeATPCheckRequirements, *OfficeIRMCheckRequirements, *TICheckRequirements, *TiTaxiiCheckRequirements

type DataConnectorsCheckRequirementsClient added in v0.2.0 

type DataConnectorsCheckRequirementsClient struct {
	// contains filtered or unexported fields
}

DataConnectorsCheckRequirementsClient contains the methods for the DataConnectorsCheckRequirements group. Don't use this type directly, use NewDataConnectorsCheckRequirementsClient() instead.

func NewDataConnectorsCheckRequirementsClient added in v0.2.0 

func NewDataConnectorsCheckRequirementsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *DataConnectorsCheckRequirementsClient

NewDataConnectorsCheckRequirementsClient creates a new instance of DataConnectorsCheckRequirementsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*DataConnectorsCheckRequirementsClient) Post added in v0.2.0 

func (client *DataConnectorsCheckRequirementsClient) Post(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorsCheckRequirements DataConnectorsCheckRequirementsClassification, options *DataConnectorsCheckRequirementsClientPostOptions) (DataConnectorsCheckRequirementsClientPostResponse, error)

Post - Get requirements state for a data connector type. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorsCheckRequirements - The parameters for requirements check message options - DataConnectorsCheckRequirementsClientPostOptions contains the optional parameters for the DataConnectorsCheckRequirementsClient.Post method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewDataConnectorsCheckRequirementsClient("<subscription-id>", cred, nil)
	res, err := client.Post(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		&armsecurityinsight.AADCheckRequirements{
			Kind: armsecurityinsight.DataConnectorKind("AzureActiveDirectory").ToPtr(),
			Properties: &armsecurityinsight.AADCheckRequirementsProperties{
				TenantID: to.StringPtr("<tenant-id>"),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.DataConnectorsCheckRequirementsClientPostResult)
}

Output:

type DataConnectorsCheckRequirementsClientPostOptions added in v0.2.0 

type DataConnectorsCheckRequirementsClientPostOptions struct {
}

DataConnectorsCheckRequirementsClientPostOptions contains the optional parameters for the DataConnectorsCheckRequirementsClient.Post method.

type DataConnectorsCheckRequirementsClientPostResponse added in v0.2.0 

type DataConnectorsCheckRequirementsClientPostResponse struct {
	DataConnectorsCheckRequirementsClientPostResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

DataConnectorsCheckRequirementsClientPostResponse contains the response from method DataConnectorsCheckRequirementsClient.Post.

type DataConnectorsCheckRequirementsClientPostResult added in v0.2.0 

type DataConnectorsCheckRequirementsClientPostResult struct {
	DataConnectorRequirementsState
}

DataConnectorsCheckRequirementsClientPostResult contains the result from method DataConnectorsCheckRequirementsClient.Post.

type DataConnectorsClient 

type DataConnectorsClient struct {
	// contains filtered or unexported fields
}

DataConnectorsClient contains the methods for the DataConnectors group. Don't use this type directly, use NewDataConnectorsClient() instead.

func NewDataConnectorsClient 

func NewDataConnectorsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *DataConnectorsClient

NewDataConnectorsClient creates a new instance of DataConnectorsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*DataConnectorsClient) Connect added in v0.2.0 

func (client *DataConnectorsClient) Connect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, connectBody DataConnectorConnectBody, options *DataConnectorsClientConnectOptions) (DataConnectorsClientConnectResponse, error)

Connect - Connects a data connector. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorID - Connector ID connectBody - The data connector options - DataConnectorsClientConnectOptions contains the optional parameters for the DataConnectorsClient.Connect method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil)
	_, err = client.Connect(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<data-connector-id>",
		armsecurityinsight.DataConnectorConnectBody{
			APIKey: to.StringPtr("<apikey>"),
			Kind:   armsecurityinsight.ConnectAuthKind("APIKey").ToPtr(),
			RequestConfigUserInputValues: []map[string]interface{}{
				{
					"displayText":      "Organization Name",
					"placeHolderName":  "{{placeHolder1}}",
					"placeHolderValue": "somePlaceHolderValue",
					"requestObjectKey": "apiEndpoint",
				}},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*DataConnectorsClient) CreateOrUpdate 

func (client *DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector DataConnectorClassification, options *DataConnectorsClientCreateOrUpdateOptions) (DataConnectorsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the data connector. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorID - Connector ID dataConnector - The data connector options - DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/CreateAPIPolling.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<data-connector-id>",
		&armsecurityinsight.CodelessAPIPollingDataConnector{
			Kind: armsecurityinsight.DataConnectorKind("APIPolling").ToPtr(),
			Properties: &armsecurityinsight.APIPollingParameters{
				ConnectorUIConfig: &armsecurityinsight.CodelessUIConnectorConfigProperties{
					Availability: &armsecurityinsight.Availability{
						IsPreview: to.BoolPtr(true),
						Status:    to.Int32Ptr(1),
					},
					ConnectivityCriteria: []*armsecurityinsight.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{
						{
							Type:  armsecurityinsight.ConnectivityType("SentinelKindsV2").ToPtr(),
							Value: []*string{},
						}},
					DataTypes: []*armsecurityinsight.CodelessUIConnectorConfigPropertiesDataTypesItem{
						{
							Name:                  to.StringPtr("<name>"),
							LastDataReceivedQuery: to.StringPtr("<last-data-received-query>"),
						}},
					DescriptionMarkdown: to.StringPtr("<description-markdown>"),
					GraphQueries: []*armsecurityinsight.CodelessUIConnectorConfigPropertiesGraphQueriesItem{
						{
							BaseQuery:  to.StringPtr("<base-query>"),
							Legend:     to.StringPtr("<legend>"),
							MetricName: to.StringPtr("<metric-name>"),
						}},
					GraphQueriesTableName: to.StringPtr("<graph-queries-table-name>"),
					InstructionSteps: []*armsecurityinsight.CodelessUIConnectorConfigPropertiesInstructionStepsItem{
						{
							Description: to.StringPtr("<description>"),
							Instructions: []*armsecurityinsight.InstructionStepsInstructionsItem{
								{
									Type: armsecurityinsight.SettingType("APIKey").ToPtr(),
									Parameters: map[string]interface{}{
										"enable": "true",
										"userRequestPlaceHoldersInput": []interface{}{
											map[string]interface{}{
												"displayText":      "Organization Name",
												"placeHolderName":  "{{placeHolder1}}",
												"placeHolderValue": "",
												"requestObjectKey": "apiEndpoint",
											},
										},
									},
								}},
							Title: to.StringPtr("<title>"),
						}},
					Permissions: &armsecurityinsight.Permissions{
						Customs: []*armsecurityinsight.PermissionsCustomsItem{
							{
								Name:        to.StringPtr("<name>"),
								Description: to.StringPtr("<description>"),
							}},
						ResourceProvider: []*armsecurityinsight.PermissionsResourceProviderItem{
							{
								PermissionsDisplayText: to.StringPtr("<permissions-display-text>"),
								Provider:               armsecurityinsight.ProviderName("Microsoft.OperationalInsights/workspaces").ToPtr(),
								ProviderDisplayName:    to.StringPtr("<provider-display-name>"),
								RequiredPermissions: &armsecurityinsight.RequiredPermissions{
									Delete: to.BoolPtr(true),
									Read:   to.BoolPtr(true),
									Write:  to.BoolPtr(true),
								},
								Scope: armsecurityinsight.PermissionProviderScope("Workspace").ToPtr(),
							}},
					},
					Publisher: to.StringPtr("<publisher>"),
					SampleQueries: []*armsecurityinsight.CodelessUIConnectorConfigPropertiesSampleQueriesItem{
						{
							Description: to.StringPtr("<description>"),
							Query:       to.StringPtr("<query>"),
						}},
					Title: to.StringPtr("<title>"),
				},
				PollingConfig: &armsecurityinsight.CodelessConnectorPollingConfigProperties{
					Auth: &armsecurityinsight.CodelessConnectorPollingAuthProperties{
						APIKeyIdentifier: to.StringPtr("<apikey-identifier>"),
						APIKeyName:       to.StringPtr("<apikey-name>"),
						AuthType:         to.StringPtr("<auth-type>"),
					},
					Paging: &armsecurityinsight.CodelessConnectorPollingPagingProperties{
						PageSizeParaName: to.StringPtr("<page-size-para-name>"),
						PagingType:       to.StringPtr("<paging-type>"),
					},
					Response: &armsecurityinsight.CodelessConnectorPollingResponseProperties{
						EventsJSONPaths: []*string{
							to.StringPtr("$")},
					},
					Request: &armsecurityinsight.CodelessConnectorPollingRequestProperties{
						APIEndpoint: to.StringPtr("<apiendpoint>"),
						Headers: map[string]interface{}{
							"Accept":     "application/json",
							"User-Agent": "Scuba",
						},
						HTTPMethod: to.StringPtr("<httpmethod>"),
						QueryParameters: map[string]interface{}{
							"phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}",
						},
						QueryTimeFormat:  to.StringPtr("<query-time-format>"),
						QueryWindowInMin: to.Int32Ptr(15),
						RateLimitQPS:     to.Int32Ptr(50),
						RetryCount:       to.Int32Ptr(2),
						TimeoutInSeconds: to.Int32Ptr(60),
					},
				},
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.DataConnectorsClientCreateOrUpdateResult)
}

Output:

func (*DataConnectorsClient) Delete 

func (client *DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDeleteOptions) (DataConnectorsClientDeleteResponse, error)

Delete - Delete the data connector. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorID - Connector ID options - DataConnectorsClientDeleteOptions contains the optional parameters for the DataConnectorsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<data-connector-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*DataConnectorsClient) Disconnect added in v0.2.0 

func (client *DataConnectorsClient) Disconnect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDisconnectOptions) (DataConnectorsClientDisconnectResponse, error)

Disconnect - Disconnect a data connector. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorID - Connector ID options - DataConnectorsClientDisconnectOptions contains the optional parameters for the DataConnectorsClient.Disconnect method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil)
	_, err = client.Disconnect(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<data-connector-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*DataConnectorsClient) Get 

func (client *DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientGetOptions) (DataConnectorsClientGetResponse, error)

Get - Gets a data connector. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. dataConnectorID - Connector ID options - DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetAPIPolling.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<data-connector-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.DataConnectorsClientGetResult)
}

Output:

func (*DataConnectorsClient) List 

func (client *DataConnectorsClient) List(resourceGroupName string, workspaceName string, options *DataConnectorsClientListOptions) *DataConnectorsClientListPager

List - Gets all data connectors. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/dataConnectors/GetDataConnectors.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewDataConnectorsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type DataConnectorsClientConnectOptions added in v0.2.0 

type DataConnectorsClientConnectOptions struct {
}

DataConnectorsClientConnectOptions contains the optional parameters for the DataConnectorsClient.Connect method.

type DataConnectorsClientConnectResponse added in v0.2.0 

type DataConnectorsClientConnectResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

DataConnectorsClientConnectResponse contains the response from method DataConnectorsClient.Connect.

type DataConnectorsClientCreateOrUpdateOptions added in v0.2.0 

type DataConnectorsClientCreateOrUpdateOptions struct {
}

DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate method.

type DataConnectorsClientCreateOrUpdateResponse added in v0.2.0 

type DataConnectorsClientCreateOrUpdateResponse struct {
	DataConnectorsClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

DataConnectorsClientCreateOrUpdateResponse contains the response from method DataConnectorsClient.CreateOrUpdate.

type DataConnectorsClientCreateOrUpdateResult added in v0.2.0 

type DataConnectorsClientCreateOrUpdateResult struct {
	DataConnectorClassification
}

DataConnectorsClientCreateOrUpdateResult contains the result from method DataConnectorsClient.CreateOrUpdate.

func (*DataConnectorsClientCreateOrUpdateResult) UnmarshalJSON added in v0.2.0 

func (d *DataConnectorsClientCreateOrUpdateResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientCreateOrUpdateResult.

type DataConnectorsClientDeleteOptions added in v0.2.0 

type DataConnectorsClientDeleteOptions struct {
}

DataConnectorsClientDeleteOptions contains the optional parameters for the DataConnectorsClient.Delete method.

type DataConnectorsClientDeleteResponse added in v0.2.0 

type DataConnectorsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

DataConnectorsClientDeleteResponse contains the response from method DataConnectorsClient.Delete.

type DataConnectorsClientDisconnectOptions added in v0.2.0 

type DataConnectorsClientDisconnectOptions struct {
}

DataConnectorsClientDisconnectOptions contains the optional parameters for the DataConnectorsClient.Disconnect method.

type DataConnectorsClientDisconnectResponse added in v0.2.0 

type DataConnectorsClientDisconnectResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

DataConnectorsClientDisconnectResponse contains the response from method DataConnectorsClient.Disconnect.

type DataConnectorsClientGetOptions added in v0.2.0 

type DataConnectorsClientGetOptions struct {
}

DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method.

type DataConnectorsClientGetResponse added in v0.2.0 

type DataConnectorsClientGetResponse struct {
	DataConnectorsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

DataConnectorsClientGetResponse contains the response from method DataConnectorsClient.Get.

type DataConnectorsClientGetResult added in v0.2.0 

type DataConnectorsClientGetResult struct {
	DataConnectorClassification
}

DataConnectorsClientGetResult contains the result from method DataConnectorsClient.Get.

func (*DataConnectorsClientGetResult) UnmarshalJSON added in v0.2.0 

func (d *DataConnectorsClientGetResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientGetResult.

type DataConnectorsClientListOptions added in v0.2.0 

type DataConnectorsClientListOptions struct {
}

DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.List method.

type DataConnectorsClientListPager added in v0.2.0 

type DataConnectorsClientListPager struct {
	// contains filtered or unexported fields
}

DataConnectorsClientListPager provides operations for iterating over paged responses.

func (*DataConnectorsClientListPager) Err added in v0.2.0 

func (p *DataConnectorsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*DataConnectorsClientListPager) NextPage added in v0.2.0 

func (p *DataConnectorsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*DataConnectorsClientListPager) PageResponse added in v0.2.0 

func (p *DataConnectorsClientListPager) PageResponse() DataConnectorsClientListResponse

PageResponse returns the current DataConnectorsClientListResponse page.

type DataConnectorsClientListResponse added in v0.2.0 

type DataConnectorsClientListResponse struct {
	DataConnectorsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

DataConnectorsClientListResponse contains the response from method DataConnectorsClient.List.

type DataConnectorsClientListResult added in v0.2.0 

type DataConnectorsClientListResult struct {
	DataConnectorList
}

DataConnectorsClientListResult contains the result from method DataConnectorsClient.List.

type DataTypeDefinitions added in v0.2.0 

type DataTypeDefinitions struct {
	// The data type name
	DataType *string `json:"dataType,omitempty"`
}

DataTypeDefinitions - The data type definition

type DataTypeState 

type DataTypeState string

DataTypeState - Describe whether this data type connection is enabled or not. 

const (
	DataTypeStateDisabled DataTypeState = "Disabled"
	DataTypeStateEnabled  DataTypeState = "Enabled"
)

func PossibleDataTypeStateValues 

func PossibleDataTypeStateValues() []DataTypeState

PossibleDataTypeStateValues returns the possible values for the DataTypeState const type.

func (DataTypeState) ToPtr 

func (c DataTypeState) ToPtr() *DataTypeState

ToPtr returns a *DataTypeState pointing to the current value.

type DeliveryAction added in v0.2.0 

type DeliveryAction string

DeliveryAction - The delivery action of this mail message like Delivered, Blocked, Replaced etc 

const (
	// DeliveryActionUnknown - Unknown
	DeliveryActionUnknown DeliveryAction = "Unknown"
	// DeliveryActionDeliveredAsSpam - DeliveredAsSpam
	DeliveryActionDeliveredAsSpam DeliveryAction = "DeliveredAsSpam"
	// DeliveryActionDelivered - Delivered
	DeliveryActionDelivered DeliveryAction = "Delivered"
	// DeliveryActionBlocked - Blocked
	DeliveryActionBlocked DeliveryAction = "Blocked"
	// DeliveryActionReplaced - Replaced
	DeliveryActionReplaced DeliveryAction = "Replaced"
)

func PossibleDeliveryActionValues added in v0.2.0 

func PossibleDeliveryActionValues() []DeliveryAction

PossibleDeliveryActionValues returns the possible values for the DeliveryAction const type.

func (DeliveryAction) ToPtr added in v0.2.0 

func (c DeliveryAction) ToPtr() *DeliveryAction

ToPtr returns a *DeliveryAction pointing to the current value.

type DeliveryLocation added in v0.2.0 

type DeliveryLocation string

DeliveryLocation - The delivery location of this mail message like Inbox, JunkFolder etc 

const (
	// DeliveryLocationUnknown - Unknown
	DeliveryLocationUnknown DeliveryLocation = "Unknown"
	// DeliveryLocationInbox - Inbox
	DeliveryLocationInbox DeliveryLocation = "Inbox"
	// DeliveryLocationJunkFolder - JunkFolder
	DeliveryLocationJunkFolder DeliveryLocation = "JunkFolder"
	// DeliveryLocationDeletedFolder - DeletedFolder
	DeliveryLocationDeletedFolder DeliveryLocation = "DeletedFolder"
	// DeliveryLocationQuarantine - Quarantine
	DeliveryLocationQuarantine DeliveryLocation = "Quarantine"
	// DeliveryLocationExternal - External
	DeliveryLocationExternal DeliveryLocation = "External"
	// DeliveryLocationFailed - Failed
	DeliveryLocationFailed DeliveryLocation = "Failed"
	// DeliveryLocationDropped - Dropped
	DeliveryLocationDropped DeliveryLocation = "Dropped"
	// DeliveryLocationForwarded - Forwarded
	DeliveryLocationForwarded DeliveryLocation = "Forwarded"
)

func PossibleDeliveryLocationValues added in v0.2.0 

func PossibleDeliveryLocationValues() []DeliveryLocation

PossibleDeliveryLocationValues returns the possible values for the DeliveryLocation const type.

func (DeliveryLocation) ToPtr added in v0.2.0 

func (c DeliveryLocation) ToPtr() *DeliveryLocation

ToPtr returns a *DeliveryLocation pointing to the current value.

type DomainWhoisClient added in v0.2.0 

type DomainWhoisClient struct {
	// contains filtered or unexported fields
}

DomainWhoisClient contains the methods for the DomainWhois group. Don't use this type directly, use NewDomainWhoisClient() instead.

func NewDomainWhoisClient added in v0.2.0 

func NewDomainWhoisClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *DomainWhoisClient

NewDomainWhoisClient creates a new instance of DomainWhoisClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*DomainWhoisClient) Get added in v0.2.0 

func (client *DomainWhoisClient) Get(ctx context.Context, resourceGroupName string, domain string, options *DomainWhoisClientGetOptions) (DomainWhoisClientGetResponse, error)

Get - Get whois information for a single domain name If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. domain - Domain name to be enriched options - DomainWhoisClientGetOptions contains the optional parameters for the DomainWhoisClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/enrichment/GetWhoisByDomainName.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewDomainWhoisClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<domain>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.DomainWhoisClientGetResult)
}

Output:

type DomainWhoisClientGetOptions added in v0.2.0 

type DomainWhoisClientGetOptions struct {
}

DomainWhoisClientGetOptions contains the optional parameters for the DomainWhoisClient.Get method.

type DomainWhoisClientGetResponse added in v0.2.0 

type DomainWhoisClientGetResponse struct {
	DomainWhoisClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

DomainWhoisClientGetResponse contains the response from method DomainWhoisClient.Get.

type DomainWhoisClientGetResult added in v0.2.0 

type DomainWhoisClientGetResult struct {
	EnrichmentDomainWhois
}

DomainWhoisClientGetResult contains the result from method DomainWhoisClient.Get.

type Dynamics365CheckRequirements added in v0.2.0 

type Dynamics365CheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Dynamics365 requirements check properties.
	Properties *Dynamics365CheckRequirementsProperties `json:"properties,omitempty"`
}

Dynamics365CheckRequirements - Represents Dynamics365 requirements check request.

func (*Dynamics365CheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (d *Dynamics365CheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) MarshalJSON added in v0.2.0 

func (d Dynamics365CheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Dynamics365CheckRequirements.

func (*Dynamics365CheckRequirements) UnmarshalJSON added in v0.2.0 

func (d *Dynamics365CheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365CheckRequirements.

type Dynamics365CheckRequirementsProperties added in v0.2.0 

type Dynamics365CheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

Dynamics365CheckRequirementsProperties - Dynamics365 requirements check properties.

type Dynamics365DataConnector added in v0.2.0 

type Dynamics365DataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Dynamics365 data connector properties.
	Properties *Dynamics365DataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Dynamics365DataConnector - Represents Dynamics365 data connector.

func (*Dynamics365DataConnector) GetDataConnector added in v0.2.0 

func (d *Dynamics365DataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type Dynamics365DataConnector.

func (Dynamics365DataConnector) MarshalJSON added in v0.2.0 

func (d Dynamics365DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnector.

func (*Dynamics365DataConnector) UnmarshalJSON added in v0.2.0 

func (d *Dynamics365DataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnector.

type Dynamics365DataConnectorDataTypes added in v0.2.0 

type Dynamics365DataConnectorDataTypes struct {
	// REQUIRED; Common Data Service data type connection.
	Dynamics365CdsActivities *Dynamics365DataConnectorDataTypesDynamics365CdsActivities `json:"dynamics365CdsActivities,omitempty"`
}

Dynamics365DataConnectorDataTypes - The available data types for Dynamics365 data connector.

type Dynamics365DataConnectorDataTypesDynamics365CdsActivities added in v0.2.0 

type Dynamics365DataConnectorDataTypesDynamics365CdsActivities struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

Dynamics365DataConnectorDataTypesDynamics365CdsActivities - Common Data Service data type connection.

type Dynamics365DataConnectorProperties added in v0.2.0 

type Dynamics365DataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *Dynamics365DataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

Dynamics365DataConnectorProperties - Dynamics365 data connector properties.

type ElevationToken added in v0.2.0 

type ElevationToken string

ElevationToken - The elevation token associated with the process. 

const (
	// ElevationTokenDefault - Default elevation token
	ElevationTokenDefault ElevationToken = "Default"
	// ElevationTokenFull - Full elevation token
	ElevationTokenFull ElevationToken = "Full"
	// ElevationTokenLimited - Limited elevation token
	ElevationTokenLimited ElevationToken = "Limited"
)

func PossibleElevationTokenValues added in v0.2.0 

func PossibleElevationTokenValues() []ElevationToken

PossibleElevationTokenValues returns the possible values for the ElevationToken const type.

func (ElevationToken) ToPtr added in v0.2.0 

func (c ElevationToken) ToPtr() *ElevationToken

ToPtr returns a *ElevationToken pointing to the current value.

type EnrichmentDomainWhois added in v0.2.0 

type EnrichmentDomainWhois struct {
	// The timestamp at which this record was created
	Created *time.Time `json:"created,omitempty"`

	// The domain for this whois record
	Domain *string `json:"domain,omitempty"`

	// The timestamp at which this record will expire
	Expires *time.Time `json:"expires,omitempty"`

	// The whois record for a given domain
	ParsedWhois *EnrichmentDomainWhoisDetails `json:"parsedWhois,omitempty"`

	// The hostname of this registrar's whois server
	Server *string `json:"server,omitempty"`

	// The timestamp at which this record was last updated
	Updated *time.Time `json:"updated,omitempty"`
}

EnrichmentDomainWhois - Whois information for a given domain and associated metadata

func (EnrichmentDomainWhois) MarshalJSON added in v0.2.0 

func (e EnrichmentDomainWhois) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhois.

func (*EnrichmentDomainWhois) UnmarshalJSON added in v0.2.0 

func (e *EnrichmentDomainWhois) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhois.

type EnrichmentDomainWhoisContact added in v0.2.0 

type EnrichmentDomainWhoisContact struct {
	// The city for this contact
	City *string `json:"city,omitempty"`

	// The country for this contact
	Country *string `json:"country,omitempty"`

	// The email address for this contact
	Email *string `json:"email,omitempty"`

	// The fax number for this contact
	Fax *string `json:"fax,omitempty"`

	// The name of this contact
	Name *string `json:"name,omitempty"`

	// The organization for this contact
	Org *string `json:"org,omitempty"`

	// The phone number for this contact
	Phone *string `json:"phone,omitempty"`

	// The postal code for this contact
	Postal *string `json:"postal,omitempty"`

	// The state for this contact
	State *string `json:"state,omitempty"`

	// A list describing the street address for this contact
	Street []*string `json:"street,omitempty"`
}

EnrichmentDomainWhoisContact - An individual contact associated with this domain

func (EnrichmentDomainWhoisContact) MarshalJSON added in v0.2.0 

func (e EnrichmentDomainWhoisContact) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisContact.

type EnrichmentDomainWhoisContacts added in v0.2.0 

type EnrichmentDomainWhoisContacts struct {
	// The admin contact for this whois record
	Admin *EnrichmentDomainWhoisContact `json:"admin,omitempty"`

	// The billing contact for this whois record
	Billing *EnrichmentDomainWhoisContact `json:"billing,omitempty"`

	// The registrant contact for this whois record
	Registrant *EnrichmentDomainWhoisContact `json:"registrant,omitempty"`

	// The technical contact for this whois record
	Tech *EnrichmentDomainWhoisContact `json:"tech,omitempty"`
}

EnrichmentDomainWhoisContacts - The set of contacts associated with this domain

type EnrichmentDomainWhoisDetails added in v0.2.0 

type EnrichmentDomainWhoisDetails struct {
	// The set of contacts associated with this domain
	Contacts *EnrichmentDomainWhoisContacts `json:"contacts,omitempty"`

	// A list of name servers associated with this domain
	NameServers []*string `json:"nameServers,omitempty"`

	// The registrar associated with this domain
	Registrar *EnrichmentDomainWhoisRegistrarDetails `json:"registrar,omitempty"`

	// The set of status flags for this whois record
	Statuses []*string `json:"statuses,omitempty"`
}

EnrichmentDomainWhoisDetails - The whois record for a given domain

func (EnrichmentDomainWhoisDetails) MarshalJSON added in v0.2.0 

func (e EnrichmentDomainWhoisDetails) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisDetails.

type EnrichmentDomainWhoisRegistrarDetails added in v0.2.0 

type EnrichmentDomainWhoisRegistrarDetails struct {
	// This registrar's abuse contact email
	AbuseContactEmail *string `json:"abuseContactEmail,omitempty"`

	// This registrar's abuse contact phone number
	AbuseContactPhone *string `json:"abuseContactPhone,omitempty"`

	// This registrar's Internet Assigned Numbers Authority id
	IanaID *string `json:"ianaId,omitempty"`

	// The name of this registrar
	Name *string `json:"name,omitempty"`

	// This registrar's URL
	URL *string `json:"url,omitempty"`

	// The hostname of this registrar's whois server
	WhoisServer *string `json:"whoisServer,omitempty"`
}

EnrichmentDomainWhoisRegistrarDetails - The registrar associated with this domain

type EnrichmentIPGeodata added in v0.2.0 

type EnrichmentIPGeodata struct {
	// The autonomous system number associated with this IP address
	Asn *string `json:"asn,omitempty"`

	// The name of the carrier for this IP address
	Carrier *string `json:"carrier,omitempty"`

	// The city this IP address is located in
	City *string `json:"city,omitempty"`

	// A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100
	CityCf *int32 `json:"cityCf,omitempty"`

	// The continent this IP address is located on
	Continent *string `json:"continent,omitempty"`

	// The county this IP address is located in
	Country *string `json:"country,omitempty"`

	// A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100
	CountryCf *int32 `json:"countryCf,omitempty"`

	// The dotted-decimal or colon-separated string representation of the IP address
	IPAddr *string `json:"ipAddr,omitempty"`

	// A description of the connection type of this IP address
	IPRoutingType *string `json:"ipRoutingType,omitempty"`

	// The latitude of this IP address
	Latitude *string `json:"latitude,omitempty"`

	// The longitude of this IP address
	Longitude *string `json:"longitude,omitempty"`

	// The name of the organization for this IP address
	Organization *string `json:"organization,omitempty"`

	// The type of the organization for this IP address
	OrganizationType *string `json:"organizationType,omitempty"`

	// The geographic region this IP address is located in
	Region *string `json:"region,omitempty"`

	// The state this IP address is located in
	State *string `json:"state,omitempty"`

	// A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100
	StateCf *int32 `json:"stateCf,omitempty"`

	// The abbreviated name for the state this IP address is located in
	StateCode *string `json:"stateCode,omitempty"`
}

EnrichmentIPGeodata - Geodata information for a given IP address

type EntitiesClient added in v0.2.0 

type EntitiesClient struct {
	// contains filtered or unexported fields
}

EntitiesClient contains the methods for the Entities group. Don't use this type directly, use NewEntitiesClient() instead.

func NewEntitiesClient added in v0.2.0 

func NewEntitiesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntitiesClient

NewEntitiesClient creates a new instance of EntitiesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*EntitiesClient) Expand added in v0.2.0 

func (client *EntitiesClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityExpandParameters, options *EntitiesClientExpandOptions) (EntitiesClientExpandResponse, error)

Expand - Expands an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID parameters - The parameters required to execute an expand operation on the given entity. options - EntitiesClientExpandOptions contains the optional parameters for the EntitiesClient.Expand method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/expand/PostExpandEntity.json 

package main

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntitiesClient("<subscription-id>", cred, nil)
	res, err := client.Expand(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<entity-id>",
		armsecurityinsight.EntityExpandParameters{
			EndTime:     to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-05-26T00:00:00.000Z"); return t }()),
			ExpansionID: to.StringPtr("<expansion-id>"),
			StartTime:   to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-04-25T00:00:00.000Z"); return t }()),
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.EntitiesClientExpandResult)
}

Output:

func (*EntitiesClient) Get added in v0.2.0 

func (client *EntitiesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, options *EntitiesClientGetOptions) (EntitiesClientGetResponse, error)

Get - Gets an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID options - EntitiesClientGetOptions contains the optional parameters for the EntitiesClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetCloudApplicationEntityById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntitiesClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<entity-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.EntitiesClientGetResult)
}

Output:

func (*EntitiesClient) GetInsights added in v0.2.0 

func (client *EntitiesClient) GetInsights(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityGetInsightsParameters, options *EntitiesClientGetInsightsOptions) (EntitiesClientGetInsightsResponse, error)

GetInsights - Execute Insights for an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID parameters - The parameters required to execute insights on the given entity. options - EntitiesClientGetInsightsOptions contains the optional parameters for the EntitiesClient.GetInsights method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/insights/PostGetInsights.json 

package main

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntitiesClient("<subscription-id>", cred, nil)
	res, err := client.GetInsights(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<entity-id>",
		armsecurityinsight.EntityGetInsightsParameters{
			AddDefaultExtendedTimeRange: to.BoolPtr(false),
			EndTime:                     to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-01T00:00:00.000Z"); return t }()),
			InsightQueryIDs: []*string{
				to.StringPtr("cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4")},
			StartTime: to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T00:00:00.000Z"); return t }()),
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.EntitiesClientGetInsightsResult)
}

Output:

func (*EntitiesClient) List added in v0.2.0 

func (client *EntitiesClient) List(resourceGroupName string, workspaceName string, options *EntitiesClientListOptions) *EntitiesClientListPager

List - Gets all entities. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - EntitiesClientListOptions contains the optional parameters for the EntitiesClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetEntities.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntitiesClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

func (*EntitiesClient) Queries added in v0.2.0 

func (client *EntitiesClient) Queries(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, kind EntityItemQueryKind, options *EntitiesClientQueriesOptions) (EntitiesClientQueriesResponse, error)

Queries - Get Insights and Activities for an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID kind - The Kind parameter for queries options - EntitiesClientQueriesOptions contains the optional parameters for the EntitiesClient.Queries method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/GetQueries.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntitiesClient("<subscription-id>", cred, nil)
	res, err := client.Queries(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<entity-id>",
		armsecurityinsight.EntityItemQueryKind("Insight"),
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.EntitiesClientQueriesResult)
}

Output:

type EntitiesClientExpandOptions added in v0.2.0 

type EntitiesClientExpandOptions struct {
}

EntitiesClientExpandOptions contains the optional parameters for the EntitiesClient.Expand method.

type EntitiesClientExpandResponse added in v0.2.0 

type EntitiesClientExpandResponse struct {
	EntitiesClientExpandResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntitiesClientExpandResponse contains the response from method EntitiesClient.Expand.

type EntitiesClientExpandResult added in v0.2.0 

type EntitiesClientExpandResult struct {
	EntityExpandResponse
}

EntitiesClientExpandResult contains the result from method EntitiesClient.Expand.

type EntitiesClientGetInsightsOptions added in v0.2.0 

type EntitiesClientGetInsightsOptions struct {
}

EntitiesClientGetInsightsOptions contains the optional parameters for the EntitiesClient.GetInsights method.

type EntitiesClientGetInsightsResponse added in v0.2.0 

type EntitiesClientGetInsightsResponse struct {
	EntitiesClientGetInsightsResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntitiesClientGetInsightsResponse contains the response from method EntitiesClient.GetInsights.

type EntitiesClientGetInsightsResult added in v0.2.0 

type EntitiesClientGetInsightsResult struct {
	EntityGetInsightsResponse
}

EntitiesClientGetInsightsResult contains the result from method EntitiesClient.GetInsights.

type EntitiesClientGetOptions added in v0.2.0 

type EntitiesClientGetOptions struct {
}

EntitiesClientGetOptions contains the optional parameters for the EntitiesClient.Get method.

type EntitiesClientGetResponse added in v0.2.0 

type EntitiesClientGetResponse struct {
	EntitiesClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntitiesClientGetResponse contains the response from method EntitiesClient.Get.

type EntitiesClientGetResult added in v0.2.0 

type EntitiesClientGetResult struct {
	EntityClassification
}

EntitiesClientGetResult contains the result from method EntitiesClient.Get.

func (*EntitiesClientGetResult) UnmarshalJSON added in v0.2.0 

func (e *EntitiesClientGetResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntitiesClientGetResult.

type EntitiesClientListOptions added in v0.2.0 

type EntitiesClientListOptions struct {
}

EntitiesClientListOptions contains the optional parameters for the EntitiesClient.List method.

type EntitiesClientListPager added in v0.2.0 

type EntitiesClientListPager struct {
	// contains filtered or unexported fields
}

EntitiesClientListPager provides operations for iterating over paged responses.

func (*EntitiesClientListPager) Err added in v0.2.0 

func (p *EntitiesClientListPager) Err() error

Err returns the last error encountered while paging.

func (*EntitiesClientListPager) NextPage added in v0.2.0 

func (p *EntitiesClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*EntitiesClientListPager) PageResponse added in v0.2.0 

func (p *EntitiesClientListPager) PageResponse() EntitiesClientListResponse

PageResponse returns the current EntitiesClientListResponse page.

type EntitiesClientListResponse added in v0.2.0 

type EntitiesClientListResponse struct {
	EntitiesClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntitiesClientListResponse contains the response from method EntitiesClient.List.

type EntitiesClientListResult added in v0.2.0 

type EntitiesClientListResult struct {
	EntityList
}

EntitiesClientListResult contains the result from method EntitiesClient.List.

type EntitiesClientQueriesOptions added in v0.2.0 

type EntitiesClientQueriesOptions struct {
}

EntitiesClientQueriesOptions contains the optional parameters for the EntitiesClient.Queries method.

type EntitiesClientQueriesResponse added in v0.2.0 

type EntitiesClientQueriesResponse struct {
	EntitiesClientQueriesResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntitiesClientQueriesResponse contains the response from method EntitiesClient.Queries.

type EntitiesClientQueriesResult added in v0.2.0 

type EntitiesClientQueriesResult struct {
	GetQueriesResponse
}

EntitiesClientQueriesResult contains the result from method EntitiesClient.Queries.

type EntitiesGetTimelineClient added in v0.2.0 

type EntitiesGetTimelineClient struct {
	// contains filtered or unexported fields
}

EntitiesGetTimelineClient contains the methods for the EntitiesGetTimeline group. Don't use this type directly, use NewEntitiesGetTimelineClient() instead.

func NewEntitiesGetTimelineClient added in v0.2.0 

func NewEntitiesGetTimelineClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntitiesGetTimelineClient

NewEntitiesGetTimelineClient creates a new instance of EntitiesGetTimelineClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*EntitiesGetTimelineClient) List added in v0.2.0 

func (client *EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityTimelineParameters, options *EntitiesGetTimelineClientListOptions) (EntitiesGetTimelineClientListResponse, error)

List - Timeline for an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID parameters - The parameters required to execute an timeline operation on the given entity. options - EntitiesGetTimelineClientListOptions contains the optional parameters for the EntitiesGetTimelineClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/timeline/PostTimelineEntity.json 

package main

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntitiesGetTimelineClient("<subscription-id>", cred, nil)
	res, err := client.List(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<entity-id>",
		armsecurityinsight.EntityTimelineParameters{
			EndTime:        to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-01T00:00:00.000Z"); return t }()),
			NumberOfBucket: to.Int32Ptr(4),
			StartTime:      to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T00:00:00.000Z"); return t }()),
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.EntitiesGetTimelineClientListResult)
}

Output:

type EntitiesGetTimelineClientListOptions added in v0.2.0 

type EntitiesGetTimelineClientListOptions struct {
}

EntitiesGetTimelineClientListOptions contains the optional parameters for the EntitiesGetTimelineClient.List method.

type EntitiesGetTimelineClientListResponse added in v0.2.0 

type EntitiesGetTimelineClientListResponse struct {
	EntitiesGetTimelineClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntitiesGetTimelineClientListResponse contains the response from method EntitiesGetTimelineClient.List.

type EntitiesGetTimelineClientListResult added in v0.2.0 

type EntitiesGetTimelineClientListResult struct {
	EntityTimelineResponse
}

EntitiesGetTimelineClientListResult contains the result from method EntitiesGetTimelineClient.List.

type EntitiesRelationsClient added in v0.2.0 

type EntitiesRelationsClient struct {
	// contains filtered or unexported fields
}

EntitiesRelationsClient contains the methods for the EntitiesRelations group. Don't use this type directly, use NewEntitiesRelationsClient() instead.

func NewEntitiesRelationsClient added in v0.2.0 

func NewEntitiesRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntitiesRelationsClient

NewEntitiesRelationsClient creates a new instance of EntitiesRelationsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*EntitiesRelationsClient) List added in v0.2.0 

func (client *EntitiesRelationsClient) List(resourceGroupName string, workspaceName string, entityID string, options *EntitiesRelationsClientListOptions) *EntitiesRelationsClientListPager

List - Gets all relations of an entity. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID options - EntitiesRelationsClientListOptions contains the optional parameters for the EntitiesRelationsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/relations/GetAllEntityRelations.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntitiesRelationsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		"<entity-id>",
		&armsecurityinsight.EntitiesRelationsClientListOptions{Filter: nil,
			Orderby:   nil,
			Top:       nil,
			SkipToken: nil,
		})
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type EntitiesRelationsClientListOptions added in v0.2.0 

type EntitiesRelationsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

EntitiesRelationsClientListOptions contains the optional parameters for the EntitiesRelationsClient.List method.

type EntitiesRelationsClientListPager added in v0.2.0 

type EntitiesRelationsClientListPager struct {
	// contains filtered or unexported fields
}

EntitiesRelationsClientListPager provides operations for iterating over paged responses.

func (*EntitiesRelationsClientListPager) Err added in v0.2.0 

func (p *EntitiesRelationsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*EntitiesRelationsClientListPager) NextPage added in v0.2.0 

func (p *EntitiesRelationsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*EntitiesRelationsClientListPager) PageResponse added in v0.2.0 

func (p *EntitiesRelationsClientListPager) PageResponse() EntitiesRelationsClientListResponse

PageResponse returns the current EntitiesRelationsClientListResponse page.

type EntitiesRelationsClientListResponse added in v0.2.0 

type EntitiesRelationsClientListResponse struct {
	EntitiesRelationsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntitiesRelationsClientListResponse contains the response from method EntitiesRelationsClient.List.

type EntitiesRelationsClientListResult added in v0.2.0 

type EntitiesRelationsClientListResult struct {
	RelationList
}

EntitiesRelationsClientListResult contains the result from method EntitiesRelationsClient.List.

type Entity added in v0.2.0 

type Entity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Entity - Specific entity.

func (*Entity) GetEntity added in v0.2.0 

func (e *Entity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type Entity.

type EntityAnalytics added in v0.2.0 

type EntityAnalytics struct {
	// REQUIRED; The kind of the setting
	Kind *SettingKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// EntityAnalytics properties
	Properties *EntityAnalyticsProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

EntityAnalytics - Settings with single toggle.

func (*EntityAnalytics) GetSettings added in v0.2.0 

func (e *EntityAnalytics) GetSettings() *Settings

GetSettings implements the SettingsClassification interface for type EntityAnalytics.

func (EntityAnalytics) MarshalJSON added in v0.2.0 

func (e EntityAnalytics) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityAnalytics.

func (*EntityAnalytics) UnmarshalJSON added in v0.2.0 

func (e *EntityAnalytics) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityAnalytics.

type EntityAnalyticsProperties added in v0.2.0 

type EntityAnalyticsProperties struct {
	// READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty" azure:"ro"`
}

EntityAnalyticsProperties - EntityAnalytics property bag.

type EntityClassification added in v0.2.0 

type EntityClassification interface {
	// GetEntity returns the Entity content of the underlying type.
	GetEntity() *Entity
}

EntityClassification provides polymorphic access to related types. Call the interface's GetEntity() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AccountEntity, *AzureResourceEntity, *CloudApplicationEntity, *DNSEntity, *Entity, *FileEntity, *FileHashEntity, *HostEntity, - *HuntingBookmark, *IPEntity, *IoTDeviceEntity, *MailClusterEntity, *MailMessageEntity, *MailboxEntity, *MalwareEntity, - *ProcessEntity, *RegistryKeyEntity, *RegistryValueEntity, *SecurityAlert, *SecurityGroupEntity, *SubmissionMailEntity, - *URLEntity

type EntityCommonProperties added in v0.2.0 

type EntityCommonProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`
}

EntityCommonProperties - Entity common property bag.

func (EntityCommonProperties) MarshalJSON added in v0.2.0 

func (e EntityCommonProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityCommonProperties.

type EntityEdges added in v0.2.0 

type EntityEdges struct {
	// A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty"`

	// The target entity Id.
	TargetEntityID *string `json:"targetEntityId,omitempty"`
}

EntityEdges - The edge that connects the entity to the other entity.

func (EntityEdges) MarshalJSON added in v0.2.0 

func (e EntityEdges) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityEdges.

type EntityExpandParameters added in v0.2.0 

type EntityExpandParameters struct {
	// The end date filter, so the only expansion results returned are before this date.
	EndTime *time.Time `json:"endTime,omitempty"`

	// The Id of the expansion to perform.
	ExpansionID *string `json:"expansionId,omitempty"`

	// The start date filter, so the only expansion results returned are after this date.
	StartTime *time.Time `json:"startTime,omitempty"`
}

EntityExpandParameters - The parameters required to execute an expand operation on the given entity.

func (EntityExpandParameters) MarshalJSON added in v0.2.0 

func (e EntityExpandParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityExpandParameters.

func (*EntityExpandParameters) UnmarshalJSON added in v0.2.0 

func (e *EntityExpandParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandParameters.

type EntityExpandResponse added in v0.2.0 

type EntityExpandResponse struct {
	// The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`

	// The expansion result values.
	Value *EntityExpandResponseValue `json:"value,omitempty"`
}

EntityExpandResponse - The entity expansion result operation response.

type EntityExpandResponseValue added in v0.2.0 

type EntityExpandResponseValue struct {
	// Array of edges that connects the entity to the list of entities.
	Edges []*EntityEdges `json:"edges,omitempty"`

	// Array of the expansion result entities.
	Entities []EntityClassification `json:"entities,omitempty"`
}

EntityExpandResponseValue - The expansion result values.

func (EntityExpandResponseValue) MarshalJSON added in v0.2.0 

func (e EntityExpandResponseValue) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityExpandResponseValue.

func (*EntityExpandResponseValue) UnmarshalJSON added in v0.2.0 

func (e *EntityExpandResponseValue) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandResponseValue.

type EntityGetInsightsParameters added in v0.2.0 

type EntityGetInsightsParameters struct {
	// REQUIRED; The end timeline date, so the results returned are before this date.
	EndTime *time.Time `json:"endTime,omitempty"`

	// REQUIRED; The start timeline date, so the results returned are after this date.
	StartTime *time.Time `json:"startTime,omitempty"`

	// Indicates if query time range should be extended with default time range of the query. Default value is false
	AddDefaultExtendedTimeRange *bool `json:"addDefaultExtendedTimeRange,omitempty"`

	// List of Insights Query Id. If empty, default value is all insights of this entity
	InsightQueryIDs []*string `json:"insightQueryIds,omitempty"`
}

EntityGetInsightsParameters - The parameters required to execute insights operation on the given entity.

func (EntityGetInsightsParameters) MarshalJSON added in v0.2.0 

func (e EntityGetInsightsParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityGetInsightsParameters.

func (*EntityGetInsightsParameters) UnmarshalJSON added in v0.2.0 

func (e *EntityGetInsightsParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityGetInsightsParameters.

type EntityGetInsightsResponse added in v0.2.0 

type EntityGetInsightsResponse struct {
	// The metadata from the get insights operation results.
	MetaData *GetInsightsResultsMetadata `json:"metaData,omitempty"`

	// The insights result values.
	Value []*EntityInsightItem `json:"value,omitempty"`
}

EntityGetInsightsResponse - The Get Insights result operation response.

func (EntityGetInsightsResponse) MarshalJSON added in v0.2.0 

func (e EntityGetInsightsResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityGetInsightsResponse.

type EntityInsightItem added in v0.2.0 

type EntityInsightItem struct {
	// Query results for table insights query.
	ChartQueryResults []*InsightsTableResult `json:"chartQueryResults,omitempty"`

	// The query id of the insight
	QueryID *string `json:"queryId,omitempty"`

	// The Time interval that the query actually executed on.
	QueryTimeInterval *EntityInsightItemQueryTimeInterval `json:"queryTimeInterval,omitempty"`

	// Query results for table insights query.
	TableQueryResults *InsightsTableResult `json:"tableQueryResults,omitempty"`
}

EntityInsightItem - Entity insight Item.

func (EntityInsightItem) MarshalJSON added in v0.2.0 

func (e EntityInsightItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityInsightItem.

type EntityInsightItemQueryTimeInterval added in v0.2.0 

type EntityInsightItemQueryTimeInterval struct {
	// Insight query end time
	EndTime *time.Time `json:"endTime,omitempty"`

	// Insight query start time
	StartTime *time.Time `json:"startTime,omitempty"`
}

EntityInsightItemQueryTimeInterval - The Time interval that the query actually executed on.

func (EntityInsightItemQueryTimeInterval) MarshalJSON added in v0.2.0 

func (e EntityInsightItemQueryTimeInterval) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityInsightItemQueryTimeInterval.

func (*EntityInsightItemQueryTimeInterval) UnmarshalJSON added in v0.2.0 

func (e *EntityInsightItemQueryTimeInterval) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityInsightItemQueryTimeInterval.

type EntityItemQueryKind added in v0.2.0 

type EntityItemQueryKind string
const (
	// EntityItemQueryKindInsight - insight
	EntityItemQueryKindInsight EntityItemQueryKind = "Insight"
)

func PossibleEntityItemQueryKindValues added in v0.2.0 

func PossibleEntityItemQueryKindValues() []EntityItemQueryKind

PossibleEntityItemQueryKindValues returns the possible values for the EntityItemQueryKind const type.

func (EntityItemQueryKind) ToPtr added in v0.2.0 

func (c EntityItemQueryKind) ToPtr() *EntityItemQueryKind

ToPtr returns a *EntityItemQueryKind pointing to the current value.

type EntityKind added in v0.2.0 

type EntityKind string

EntityKind - The kind of the entity 

const (
	// EntityKindAccount - Entity represents account in the system.
	EntityKindAccount EntityKind = "Account"
	// EntityKindAzureResource - Entity represents azure resource in the system.
	EntityKindAzureResource EntityKind = "AzureResource"
	// EntityKindBookmark - Entity represents bookmark in the system.
	EntityKindBookmark EntityKind = "Bookmark"
	// EntityKindCloudApplication - Entity represents cloud application in the system.
	EntityKindCloudApplication EntityKind = "CloudApplication"
	// EntityKindDNSResolution - Entity represents dns resolution in the system.
	EntityKindDNSResolution EntityKind = "DnsResolution"
	// EntityKindFile - Entity represents file in the system.
	EntityKindFile EntityKind = "File"
	// EntityKindFileHash - Entity represents file hash in the system.
	EntityKindFileHash EntityKind = "FileHash"
	// EntityKindHost - Entity represents host in the system.
	EntityKindHost EntityKind = "Host"
	// EntityKindIP - Entity represents ip in the system.
	EntityKindIP EntityKind = "Ip"
	// EntityKindIoTDevice - Entity represents IoT device in the system.
	EntityKindIoTDevice EntityKind = "IoTDevice"
	// EntityKindMailCluster - Entity represents mail cluster in the system.
	EntityKindMailCluster EntityKind = "MailCluster"
	// EntityKindMailMessage - Entity represents mail message in the system.
	EntityKindMailMessage EntityKind = "MailMessage"
	// EntityKindMailbox - Entity represents mailbox in the system.
	EntityKindMailbox EntityKind = "Mailbox"
	// EntityKindMalware - Entity represents malware in the system.
	EntityKindMalware EntityKind = "Malware"
	// EntityKindProcess - Entity represents process in the system.
	EntityKindProcess EntityKind = "Process"
	// EntityKindRegistryKey - Entity represents registry key in the system.
	EntityKindRegistryKey EntityKind = "RegistryKey"
	// EntityKindRegistryValue - Entity represents registry value in the system.
	EntityKindRegistryValue EntityKind = "RegistryValue"
	// EntityKindSecurityAlert - Entity represents security alert in the system.
	EntityKindSecurityAlert EntityKind = "SecurityAlert"
	// EntityKindSecurityGroup - Entity represents security group in the system.
	EntityKindSecurityGroup EntityKind = "SecurityGroup"
	// EntityKindSubmissionMail - Entity represents submission mail in the system.
	EntityKindSubmissionMail EntityKind = "SubmissionMail"
	// EntityKindURL - Entity represents url in the system.
	EntityKindURL EntityKind = "Url"
)

func PossibleEntityKindValues added in v0.2.0 

func PossibleEntityKindValues() []EntityKind

PossibleEntityKindValues returns the possible values for the EntityKind const type.

func (EntityKind) ToPtr added in v0.2.0 

func (c EntityKind) ToPtr() *EntityKind

ToPtr returns a *EntityKind pointing to the current value.

type EntityList added in v0.2.0 

type EntityList struct {
	// REQUIRED; Array of entities.
	Value []EntityClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of entities.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

EntityList - List of all the entities.

func (EntityList) MarshalJSON added in v0.2.0 

func (e EntityList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityList.

func (*EntityList) UnmarshalJSON added in v0.2.0 

func (e *EntityList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityList.

type EntityMapping added in v0.2.0 

type EntityMapping struct {
	// The V3 type of the mapped entity
	EntityType *EntityMappingType `json:"entityType,omitempty"`

	// array of field mappings for the given entity mapping
	FieldMappings []*FieldMapping `json:"fieldMappings,omitempty"`
}

EntityMapping - Single entity mapping for the alert rule

func (EntityMapping) MarshalJSON added in v0.2.0 

func (e EntityMapping) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityMapping.

type EntityMappingType added in v0.2.0 

type EntityMappingType string

EntityMappingType - The V3 type of the mapped entity 

const (
	// EntityMappingTypeAccount - User account entity type
	EntityMappingTypeAccount EntityMappingType = "Account"
	// EntityMappingTypeAzureResource - Azure resource entity type
	EntityMappingTypeAzureResource EntityMappingType = "AzureResource"
	// EntityMappingTypeCloudApplication - Cloud app entity type
	EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication"
	// EntityMappingTypeDNS - DNS entity type
	EntityMappingTypeDNS EntityMappingType = "DNS"
	// EntityMappingTypeFile - System file entity type
	EntityMappingTypeFile EntityMappingType = "File"
	// EntityMappingTypeFileHash - File-hash entity type
	EntityMappingTypeFileHash EntityMappingType = "FileHash"
	// EntityMappingTypeHost - Host entity type
	EntityMappingTypeHost EntityMappingType = "Host"
	// EntityMappingTypeIP - IP address entity type
	EntityMappingTypeIP EntityMappingType = "IP"
	// EntityMappingTypeMailCluster - Mail cluster entity type
	EntityMappingTypeMailCluster EntityMappingType = "MailCluster"
	// EntityMappingTypeMailMessage - Mail message entity type
	EntityMappingTypeMailMessage EntityMappingType = "MailMessage"
	// EntityMappingTypeMailbox - Mailbox entity type
	EntityMappingTypeMailbox EntityMappingType = "Mailbox"
	// EntityMappingTypeMalware - Malware entity type
	EntityMappingTypeMalware EntityMappingType = "Malware"
	// EntityMappingTypeProcess - Process entity type
	EntityMappingTypeProcess EntityMappingType = "Process"
	// EntityMappingTypeRegistryKey - Registry key entity type
	EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey"
	// EntityMappingTypeRegistryValue - Registry value entity type
	EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue"
	// EntityMappingTypeSecurityGroup - Security group entity type
	EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup"
	// EntityMappingTypeSubmissionMail - Submission mail entity type
	EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail"
	// EntityMappingTypeURL - URL entity type
	EntityMappingTypeURL EntityMappingType = "URL"
)

func PossibleEntityMappingTypeValues added in v0.2.0 

func PossibleEntityMappingTypeValues() []EntityMappingType

PossibleEntityMappingTypeValues returns the possible values for the EntityMappingType const type.

func (EntityMappingType) ToPtr added in v0.2.0 

func (c EntityMappingType) ToPtr() *EntityMappingType

ToPtr returns a *EntityMappingType pointing to the current value.

type EntityQueriesClient added in v0.2.0 

type EntityQueriesClient struct {
	// contains filtered or unexported fields
}

EntityQueriesClient contains the methods for the EntityQueries group. Don't use this type directly, use NewEntityQueriesClient() instead.

func NewEntityQueriesClient added in v0.2.0 

func NewEntityQueriesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntityQueriesClient

NewEntityQueriesClient creates a new instance of EntityQueriesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*EntityQueriesClient) CreateOrUpdate added in v0.2.0 

func (client *EntityQueriesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, entityQuery CustomEntityQueryClassification, options *EntityQueriesClientCreateOrUpdateOptions) (EntityQueriesClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the entity query. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityQueryID - entity query ID entityQuery - The entity query we want to create or update options - EntityQueriesClientCreateOrUpdateOptions contains the optional parameters for the EntityQueriesClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntityQueriesClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<entity-query-id>",
		&armsecurityinsight.ActivityCustomEntityQuery{
			Etag: to.StringPtr("<etag>"),
			Kind: armsecurityinsight.CustomEntityQueryKind("Activity").ToPtr(),
			Properties: &armsecurityinsight.ActivityEntityQueriesProperties{
				Description: to.StringPtr("<description>"),
				Content:     to.StringPtr("<content>"),
				Enabled:     to.BoolPtr(true),
				EntitiesFilter: map[string][]*string{
					"Host_OsFamily": {
						to.StringPtr("Windows")},
				},
				InputEntityType: armsecurityinsight.EntityType("Host").ToPtr(),
				QueryDefinitions: &armsecurityinsight.ActivityEntityQueriesPropertiesQueryDefinitions{
					Query: to.StringPtr("<query>"),
				},
				RequiredInputFieldsSets: [][]*string{
					{
						to.StringPtr("Host_HostName"),
						to.StringPtr("Host_NTDomain")},
					{
						to.StringPtr("Host_HostName"),
						to.StringPtr("Host_DnsDomain")},
					{
						to.StringPtr("Host_AzureID")},
					{
						to.StringPtr("Host_OMSAgentID")}},
				Title: to.StringPtr("<title>"),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.EntityQueriesClientCreateOrUpdateResult)
}

Output:

func (*EntityQueriesClient) Delete added in v0.2.0 

func (client *EntityQueriesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientDeleteOptions) (EntityQueriesClientDeleteResponse, error)

Delete - Delete the entity query. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityQueryID - entity query ID options - EntityQueriesClientDeleteOptions contains the optional parameters for the EntityQueriesClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/DeleteEntityQuery.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntityQueriesClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<entity-query-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*EntityQueriesClient) Get added in v0.2.0 

func (client *EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientGetOptions) (EntityQueriesClientGetResponse, error)

Get - Gets an entity query. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityQueryID - entity query ID options - EntityQueriesClientGetOptions contains the optional parameters for the EntityQueriesClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntityQueriesClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<entity-query-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.EntityQueriesClientGetResult)
}

Output:

func (*EntityQueriesClient) List added in v0.2.0 

func (client *EntityQueriesClient) List(resourceGroupName string, workspaceName string, options *EntityQueriesClientListOptions) *EntityQueriesClientListPager

List - Gets all entity queries. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - EntityQueriesClientListOptions contains the optional parameters for the EntityQueriesClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueries/GetEntityQueries.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntityQueriesClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		&armsecurityinsight.EntityQueriesClientListOptions{Kind: armsecurityinsight.Enum8("Expansion").ToPtr()})
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type EntityQueriesClientCreateOrUpdateOptions added in v0.2.0 

type EntityQueriesClientCreateOrUpdateOptions struct {
}

EntityQueriesClientCreateOrUpdateOptions contains the optional parameters for the EntityQueriesClient.CreateOrUpdate method.

type EntityQueriesClientCreateOrUpdateResponse added in v0.2.0 

type EntityQueriesClientCreateOrUpdateResponse struct {
	EntityQueriesClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntityQueriesClientCreateOrUpdateResponse contains the response from method EntityQueriesClient.CreateOrUpdate.

type EntityQueriesClientCreateOrUpdateResult added in v0.2.0 

type EntityQueriesClientCreateOrUpdateResult struct {
	EntityQueryClassification
}

EntityQueriesClientCreateOrUpdateResult contains the result from method EntityQueriesClient.CreateOrUpdate.

func (*EntityQueriesClientCreateOrUpdateResult) UnmarshalJSON added in v0.2.0 

func (e *EntityQueriesClientCreateOrUpdateResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueriesClientCreateOrUpdateResult.

type EntityQueriesClientDeleteOptions added in v0.2.0 

type EntityQueriesClientDeleteOptions struct {
}

EntityQueriesClientDeleteOptions contains the optional parameters for the EntityQueriesClient.Delete method.

type EntityQueriesClientDeleteResponse added in v0.2.0 

type EntityQueriesClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntityQueriesClientDeleteResponse contains the response from method EntityQueriesClient.Delete.

type EntityQueriesClientGetOptions added in v0.2.0 

type EntityQueriesClientGetOptions struct {
}

EntityQueriesClientGetOptions contains the optional parameters for the EntityQueriesClient.Get method.

type EntityQueriesClientGetResponse added in v0.2.0 

type EntityQueriesClientGetResponse struct {
	EntityQueriesClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntityQueriesClientGetResponse contains the response from method EntityQueriesClient.Get.

type EntityQueriesClientGetResult added in v0.2.0 

type EntityQueriesClientGetResult struct {
	EntityQueryClassification
}

EntityQueriesClientGetResult contains the result from method EntityQueriesClient.Get.

func (*EntityQueriesClientGetResult) UnmarshalJSON added in v0.2.0 

func (e *EntityQueriesClientGetResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueriesClientGetResult.

type EntityQueriesClientListOptions added in v0.2.0 

type EntityQueriesClientListOptions struct {
	// The entity query kind we want to fetch
	Kind *Enum8
}

EntityQueriesClientListOptions contains the optional parameters for the EntityQueriesClient.List method.

type EntityQueriesClientListPager added in v0.2.0 

type EntityQueriesClientListPager struct {
	// contains filtered or unexported fields
}

EntityQueriesClientListPager provides operations for iterating over paged responses.

func (*EntityQueriesClientListPager) Err added in v0.2.0 

func (p *EntityQueriesClientListPager) Err() error

Err returns the last error encountered while paging.

func (*EntityQueriesClientListPager) NextPage added in v0.2.0 

func (p *EntityQueriesClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*EntityQueriesClientListPager) PageResponse added in v0.2.0 

func (p *EntityQueriesClientListPager) PageResponse() EntityQueriesClientListResponse

PageResponse returns the current EntityQueriesClientListResponse page.

type EntityQueriesClientListResponse added in v0.2.0 

type EntityQueriesClientListResponse struct {
	EntityQueriesClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntityQueriesClientListResponse contains the response from method EntityQueriesClient.List.

type EntityQueriesClientListResult added in v0.2.0 

type EntityQueriesClientListResult struct {
	EntityQueryList
}

EntityQueriesClientListResult contains the result from method EntityQueriesClient.List.

type EntityQuery added in v0.2.0 

type EntityQuery struct {
	// REQUIRED; the entity query kind
	Kind *EntityQueryKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

EntityQuery - Specific entity query.

func (*EntityQuery) GetEntityQuery added in v0.2.0 

func (e *EntityQuery) GetEntityQuery() *EntityQuery

GetEntityQuery implements the EntityQueryClassification interface for type EntityQuery.

type EntityQueryClassification added in v0.2.0 

type EntityQueryClassification interface {
	// GetEntityQuery returns the EntityQuery content of the underlying type.
	GetEntityQuery() *EntityQuery
}

EntityQueryClassification provides polymorphic access to related types. Call the interface's GetEntityQuery() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityEntityQuery, *EntityQuery, *ExpansionEntityQuery

type EntityQueryItem added in v0.2.0 

type EntityQueryItem struct {
	// REQUIRED; The kind of the entity query
	Kind *EntityQueryKind `json:"kind,omitempty"`

	// Query Template ARM Name
	Name *string `json:"name,omitempty"`

	// ARM Type
	Type *string `json:"type,omitempty"`

	// READ-ONLY; Query Template ARM ID
	ID *string `json:"id,omitempty" azure:"ro"`
}

EntityQueryItem - An abstract Query item for entity

func (*EntityQueryItem) GetEntityQueryItem added in v0.2.0 

func (e *EntityQueryItem) GetEntityQueryItem() *EntityQueryItem

GetEntityQueryItem implements the EntityQueryItemClassification interface for type EntityQueryItem.

type EntityQueryItemClassification added in v0.2.0 

type EntityQueryItemClassification interface {
	// GetEntityQueryItem returns the EntityQueryItem content of the underlying type.
	GetEntityQueryItem() *EntityQueryItem
}

EntityQueryItemClassification provides polymorphic access to related types. Call the interface's GetEntityQueryItem() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *EntityQueryItem, *InsightQueryItem

type EntityQueryItemProperties added in v0.2.0 

type EntityQueryItemProperties struct {
	// Data types for template
	DataTypes []*EntityQueryItemPropertiesDataTypesItem `json:"dataTypes,omitempty"`

	// The query applied only to entities matching to all filters
	EntitiesFilter map[string]interface{} `json:"entitiesFilter,omitempty"`

	// The type of the entity
	InputEntityType *EntityType `json:"inputEntityType,omitempty"`

	// Data types for template
	RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"`
}

EntityQueryItemProperties - An properties abstract Query item for entity

func (EntityQueryItemProperties) MarshalJSON added in v0.2.0 

func (e EntityQueryItemProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityQueryItemProperties.

type EntityQueryItemPropertiesDataTypesItem added in v0.2.0 

type EntityQueryItemPropertiesDataTypesItem struct {
	// Data type name
	DataType *string `json:"dataType,omitempty"`
}

type EntityQueryKind added in v0.2.0 

type EntityQueryKind string

EntityQueryKind - The kind of the entity query 

const (
	EntityQueryKindActivity  EntityQueryKind = "Activity"
	EntityQueryKindExpansion EntityQueryKind = "Expansion"
	EntityQueryKindInsight   EntityQueryKind = "Insight"
)

func PossibleEntityQueryKindValues added in v0.2.0 

func PossibleEntityQueryKindValues() []EntityQueryKind

PossibleEntityQueryKindValues returns the possible values for the EntityQueryKind const type.

func (EntityQueryKind) ToPtr added in v0.2.0 

func (c EntityQueryKind) ToPtr() *EntityQueryKind

ToPtr returns a *EntityQueryKind pointing to the current value.

type EntityQueryList added in v0.2.0 

type EntityQueryList struct {
	// REQUIRED; Array of entity queries.
	Value []EntityQueryClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of entity queries.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

EntityQueryList - List of all the entity queries.

func (EntityQueryList) MarshalJSON added in v0.2.0 

func (e EntityQueryList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityQueryList.

func (*EntityQueryList) UnmarshalJSON added in v0.2.0 

func (e *EntityQueryList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryList.

type EntityQueryTemplate added in v0.2.0 

type EntityQueryTemplate struct {
	// REQUIRED; the entity query template kind
	Kind *EntityQueryTemplateKind `json:"kind,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

EntityQueryTemplate - Specific entity query template.

func (*EntityQueryTemplate) GetEntityQueryTemplate added in v0.2.0 

func (e *EntityQueryTemplate) GetEntityQueryTemplate() *EntityQueryTemplate

GetEntityQueryTemplate implements the EntityQueryTemplateClassification interface for type EntityQueryTemplate.

type EntityQueryTemplateClassification added in v0.2.0 

type EntityQueryTemplateClassification interface {
	// GetEntityQueryTemplate returns the EntityQueryTemplate content of the underlying type.
	GetEntityQueryTemplate() *EntityQueryTemplate
}

EntityQueryTemplateClassification provides polymorphic access to related types. Call the interface's GetEntityQueryTemplate() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityEntityQueryTemplate, *EntityQueryTemplate

type EntityQueryTemplateKind added in v0.2.0 

type EntityQueryTemplateKind string

EntityQueryTemplateKind - The kind of the entity query template. 

const (
	EntityQueryTemplateKindActivity EntityQueryTemplateKind = "Activity"
)

func PossibleEntityQueryTemplateKindValues added in v0.2.0 

func PossibleEntityQueryTemplateKindValues() []EntityQueryTemplateKind

PossibleEntityQueryTemplateKindValues returns the possible values for the EntityQueryTemplateKind const type.

func (EntityQueryTemplateKind) ToPtr added in v0.2.0 

func (c EntityQueryTemplateKind) ToPtr() *EntityQueryTemplateKind

ToPtr returns a *EntityQueryTemplateKind pointing to the current value.

type EntityQueryTemplateList added in v0.2.0 

type EntityQueryTemplateList struct {
	// REQUIRED; Array of entity query templates.
	Value []EntityQueryTemplateClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of entity query templates.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

EntityQueryTemplateList - List of all the entity query templates.

func (EntityQueryTemplateList) MarshalJSON added in v0.2.0 

func (e EntityQueryTemplateList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityQueryTemplateList.

func (*EntityQueryTemplateList) UnmarshalJSON added in v0.2.0 

func (e *EntityQueryTemplateList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplateList.

type EntityQueryTemplatesClient added in v0.2.0 

type EntityQueryTemplatesClient struct {
	// contains filtered or unexported fields
}

EntityQueryTemplatesClient contains the methods for the EntityQueryTemplates group. Don't use this type directly, use NewEntityQueryTemplatesClient() instead.

func NewEntityQueryTemplatesClient added in v0.2.0 

func NewEntityQueryTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntityQueryTemplatesClient

NewEntityQueryTemplatesClient creates a new instance of EntityQueryTemplatesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*EntityQueryTemplatesClient) Get added in v0.2.0 

func (client *EntityQueryTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryTemplateID string, options *EntityQueryTemplatesClientGetOptions) (EntityQueryTemplatesClientGetResponse, error)

Get - Gets an entity query. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityQueryTemplateID - entity query template ID options - EntityQueryTemplatesClientGetOptions contains the optional parameters for the EntityQueryTemplatesClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntityQueryTemplatesClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<entity-query-template-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.EntityQueryTemplatesClientGetResult)
}

Output:

func (*EntityQueryTemplatesClient) List added in v0.2.0 

func (client *EntityQueryTemplatesClient) List(resourceGroupName string, workspaceName string, options *EntityQueryTemplatesClientListOptions) *EntityQueryTemplatesClientListPager

List - Gets all entity query templates. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - EntityQueryTemplatesClientListOptions contains the optional parameters for the EntityQueryTemplatesClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntityQueryTemplatesClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		&armsecurityinsight.EntityQueryTemplatesClientListOptions{Kind: armsecurityinsight.Enum39("Activity").ToPtr()})
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type EntityQueryTemplatesClientGetOptions added in v0.2.0 

type EntityQueryTemplatesClientGetOptions struct {
}

EntityQueryTemplatesClientGetOptions contains the optional parameters for the EntityQueryTemplatesClient.Get method.

type EntityQueryTemplatesClientGetResponse added in v0.2.0 

type EntityQueryTemplatesClientGetResponse struct {
	EntityQueryTemplatesClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntityQueryTemplatesClientGetResponse contains the response from method EntityQueryTemplatesClient.Get.

type EntityQueryTemplatesClientGetResult added in v0.2.0 

type EntityQueryTemplatesClientGetResult struct {
	EntityQueryTemplateClassification
}

EntityQueryTemplatesClientGetResult contains the result from method EntityQueryTemplatesClient.Get.

func (*EntityQueryTemplatesClientGetResult) UnmarshalJSON added in v0.2.0 

func (e *EntityQueryTemplatesClientGetResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplatesClientGetResult.

type EntityQueryTemplatesClientListOptions added in v0.2.0 

type EntityQueryTemplatesClientListOptions struct {
	// The entity template query kind we want to fetch
	Kind *Enum39
}

EntityQueryTemplatesClientListOptions contains the optional parameters for the EntityQueryTemplatesClient.List method.

type EntityQueryTemplatesClientListPager added in v0.2.0 

type EntityQueryTemplatesClientListPager struct {
	// contains filtered or unexported fields
}

EntityQueryTemplatesClientListPager provides operations for iterating over paged responses.

func (*EntityQueryTemplatesClientListPager) Err added in v0.2.0 

func (p *EntityQueryTemplatesClientListPager) Err() error

Err returns the last error encountered while paging.

func (*EntityQueryTemplatesClientListPager) NextPage added in v0.2.0 

func (p *EntityQueryTemplatesClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*EntityQueryTemplatesClientListPager) PageResponse added in v0.2.0 

func (p *EntityQueryTemplatesClientListPager) PageResponse() EntityQueryTemplatesClientListResponse

PageResponse returns the current EntityQueryTemplatesClientListResponse page.

type EntityQueryTemplatesClientListResponse added in v0.2.0 

type EntityQueryTemplatesClientListResponse struct {
	EntityQueryTemplatesClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntityQueryTemplatesClientListResponse contains the response from method EntityQueryTemplatesClient.List.

type EntityQueryTemplatesClientListResult added in v0.2.0 

type EntityQueryTemplatesClientListResult struct {
	EntityQueryTemplateList
}

EntityQueryTemplatesClientListResult contains the result from method EntityQueryTemplatesClient.List.

type EntityRelationsClient added in v0.2.0 

type EntityRelationsClient struct {
	// contains filtered or unexported fields
}

EntityRelationsClient contains the methods for the EntityRelations group. Don't use this type directly, use NewEntityRelationsClient() instead.

func NewEntityRelationsClient added in v0.2.0 

func NewEntityRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *EntityRelationsClient

NewEntityRelationsClient creates a new instance of EntityRelationsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*EntityRelationsClient) GetRelation added in v0.2.0 

func (client *EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, relationName string, options *EntityRelationsClientGetRelationOptions) (EntityRelationsClientGetRelationResponse, error)

GetRelation - Gets an entity relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. entityID - entity ID relationName - Relation Name options - EntityRelationsClientGetRelationOptions contains the optional parameters for the EntityRelationsClient.GetRelation method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/entities/relations/GetEntityRelationByName.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewEntityRelationsClient("<subscription-id>", cred, nil)
	res, err := client.GetRelation(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<entity-id>",
		"<relation-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.EntityRelationsClientGetRelationResult)
}

Output:

type EntityRelationsClientGetRelationOptions added in v0.2.0 

type EntityRelationsClientGetRelationOptions struct {
}

EntityRelationsClientGetRelationOptions contains the optional parameters for the EntityRelationsClient.GetRelation method.

type EntityRelationsClientGetRelationResponse added in v0.2.0 

type EntityRelationsClientGetRelationResponse struct {
	EntityRelationsClientGetRelationResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

EntityRelationsClientGetRelationResponse contains the response from method EntityRelationsClient.GetRelation.

type EntityRelationsClientGetRelationResult added in v0.2.0 

type EntityRelationsClientGetRelationResult struct {
	Relation
}

EntityRelationsClientGetRelationResult contains the result from method EntityRelationsClient.GetRelation.

type EntityTimelineItem added in v0.2.0 

type EntityTimelineItem struct {
	// REQUIRED; The entity query kind type.
	Kind *EntityTimelineKind `json:"kind,omitempty"`
}

EntityTimelineItem - Entity timeline Item.

func (*EntityTimelineItem) GetEntityTimelineItem added in v0.2.0 

func (e *EntityTimelineItem) GetEntityTimelineItem() *EntityTimelineItem

GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type EntityTimelineItem.

type EntityTimelineItemClassification added in v0.2.0 

type EntityTimelineItemClassification interface {
	// GetEntityTimelineItem returns the EntityTimelineItem content of the underlying type.
	GetEntityTimelineItem() *EntityTimelineItem
}

EntityTimelineItemClassification provides polymorphic access to related types. Call the interface's GetEntityTimelineItem() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityTimelineItem, *BookmarkTimelineItem, *EntityTimelineItem, *SecurityAlertTimelineItem

type EntityTimelineKind added in v0.2.0 

type EntityTimelineKind string

EntityTimelineKind - The entity query kind 

const (
	// EntityTimelineKindActivity - activity
	EntityTimelineKindActivity EntityTimelineKind = "Activity"
	// EntityTimelineKindBookmark - bookmarks
	EntityTimelineKindBookmark EntityTimelineKind = "Bookmark"
	// EntityTimelineKindSecurityAlert - security alerts
	EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert"
)

func PossibleEntityTimelineKindValues added in v0.2.0 

func PossibleEntityTimelineKindValues() []EntityTimelineKind

PossibleEntityTimelineKindValues returns the possible values for the EntityTimelineKind const type.

func (EntityTimelineKind) ToPtr added in v0.2.0 

func (c EntityTimelineKind) ToPtr() *EntityTimelineKind

ToPtr returns a *EntityTimelineKind pointing to the current value.

type EntityTimelineParameters added in v0.2.0 

type EntityTimelineParameters struct {
	// REQUIRED; The end timeline date, so the results returned are before this date.
	EndTime *time.Time `json:"endTime,omitempty"`

	// REQUIRED; The start timeline date, so the results returned are after this date.
	StartTime *time.Time `json:"startTime,omitempty"`

	// Array of timeline Item kinds.
	Kinds []*EntityTimelineKind `json:"kinds,omitempty"`

	// The number of bucket for timeline queries aggregation.
	NumberOfBucket *int32 `json:"numberOfBucket,omitempty"`
}

EntityTimelineParameters - The parameters required to execute s timeline operation on the given entity.

func (EntityTimelineParameters) MarshalJSON added in v0.2.0 

func (e EntityTimelineParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityTimelineParameters.

func (*EntityTimelineParameters) UnmarshalJSON added in v0.2.0 

func (e *EntityTimelineParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineParameters.

type EntityTimelineResponse added in v0.2.0 

type EntityTimelineResponse struct {
	// The metadata from the timeline operation results.
	MetaData *TimelineResultsMetadata `json:"metaData,omitempty"`

	// The timeline result values.
	Value []EntityTimelineItemClassification `json:"value,omitempty"`
}

EntityTimelineResponse - The entity timeline result operation response.

func (EntityTimelineResponse) MarshalJSON added in v0.2.0 

func (e EntityTimelineResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityTimelineResponse.

func (*EntityTimelineResponse) UnmarshalJSON added in v0.2.0 

func (e *EntityTimelineResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineResponse.

type EntityType added in v0.2.0 

type EntityType string

EntityType - The type of the entity 

const (
	// EntityTypeAccount - Entity represents account in the system.
	EntityTypeAccount EntityType = "Account"
	// EntityTypeAzureResource - Entity represents azure resource in the system.
	EntityTypeAzureResource EntityType = "AzureResource"
	// EntityTypeCloudApplication - Entity represents cloud application in the system.
	EntityTypeCloudApplication EntityType = "CloudApplication"
	// EntityTypeDNS - Entity represents dns in the system.
	EntityTypeDNS EntityType = "DNS"
	// EntityTypeFile - Entity represents file in the system.
	EntityTypeFile EntityType = "File"
	// EntityTypeFileHash - Entity represents file hash in the system.
	EntityTypeFileHash EntityType = "FileHash"
	// EntityTypeHost - Entity represents host in the system.
	EntityTypeHost EntityType = "Host"
	// EntityTypeHuntingBookmark - Entity represents HuntingBookmark in the system.
	EntityTypeHuntingBookmark EntityType = "HuntingBookmark"
	// EntityTypeIP - Entity represents ip in the system.
	EntityTypeIP EntityType = "IP"
	// EntityTypeIoTDevice - Entity represents IoT device in the system.
	EntityTypeIoTDevice EntityType = "IoTDevice"
	// EntityTypeMailCluster - Entity represents mail cluster in the system.
	EntityTypeMailCluster EntityType = "MailCluster"
	// EntityTypeMailMessage - Entity represents mail message in the system.
	EntityTypeMailMessage EntityType = "MailMessage"
	// EntityTypeMailbox - Entity represents mailbox in the system.
	EntityTypeMailbox EntityType = "Mailbox"
	// EntityTypeMalware - Entity represents malware in the system.
	EntityTypeMalware EntityType = "Malware"
	// EntityTypeProcess - Entity represents process in the system.
	EntityTypeProcess EntityType = "Process"
	// EntityTypeRegistryKey - Entity represents registry key in the system.
	EntityTypeRegistryKey EntityType = "RegistryKey"
	// EntityTypeRegistryValue - Entity represents registry value in the system.
	EntityTypeRegistryValue EntityType = "RegistryValue"
	// EntityTypeSecurityAlert - Entity represents security alert in the system.
	EntityTypeSecurityAlert EntityType = "SecurityAlert"
	// EntityTypeSecurityGroup - Entity represents security group in the system.
	EntityTypeSecurityGroup EntityType = "SecurityGroup"
	// EntityTypeSubmissionMail - Entity represents submission mail in the system.
	EntityTypeSubmissionMail EntityType = "SubmissionMail"
	// EntityTypeURL - Entity represents url in the system.
	EntityTypeURL EntityType = "URL"
)

func PossibleEntityTypeValues added in v0.2.0 

func PossibleEntityTypeValues() []EntityType

PossibleEntityTypeValues returns the possible values for the EntityType const type.

func (EntityType) ToPtr added in v0.2.0 

func (c EntityType) ToPtr() *EntityType

ToPtr returns a *EntityType pointing to the current value.

type Enum39 added in v0.2.0 

type Enum39 string
const (
	Enum39Activity Enum39 = "Activity"
)

func PossibleEnum39Values added in v0.2.0 

func PossibleEnum39Values() []Enum39

PossibleEnum39Values returns the possible values for the Enum39 const type.

func (Enum39) ToPtr added in v0.2.0 

func (c Enum39) ToPtr() *Enum39

ToPtr returns a *Enum39 pointing to the current value.

type Enum8 added in v0.2.0 

type Enum8 string
const (
	Enum8Activity  Enum8 = "Activity"
	Enum8Expansion Enum8 = "Expansion"
)

func PossibleEnum8Values added in v0.2.0 

func PossibleEnum8Values() []Enum8

PossibleEnum8Values returns the possible values for the Enum8 const type.

func (Enum8) ToPtr added in v0.2.0 

func (c Enum8) ToPtr() *Enum8

ToPtr returns a *Enum8 pointing to the current value.

type ErrorAdditionalInfo 

type ErrorAdditionalInfo struct {
	// READ-ONLY; The additional info.
	Info map[string]interface{} `json:"info,omitempty" azure:"ro"`

	// READ-ONLY; The additional info type.
	Type *string `json:"type,omitempty" azure:"ro"`
}

ErrorAdditionalInfo - The resource management error additional info.

type ErrorDetail added in v0.2.0 

type ErrorDetail struct {
	// READ-ONLY; The error additional info.
	AdditionalInfo []*ErrorAdditionalInfo `json:"additionalInfo,omitempty" azure:"ro"`

	// READ-ONLY; The error code.
	Code *string `json:"code,omitempty" azure:"ro"`

	// READ-ONLY; The error details.
	Details []*ErrorDetail `json:"details,omitempty" azure:"ro"`

	// READ-ONLY; The error message.
	Message *string `json:"message,omitempty" azure:"ro"`

	// READ-ONLY; The error target.
	Target *string `json:"target,omitempty" azure:"ro"`
}

ErrorDetail - The error detail.

func (ErrorDetail) MarshalJSON added in v0.2.0 

func (e ErrorDetail) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ErrorDetail.

type ErrorResponse 

type ErrorResponse struct {
	// The error object.
	Error *ErrorDetail `json:"error,omitempty"`
}

ErrorResponse - Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

type EventGroupingAggregationKind added in v0.2.0 

type EventGroupingAggregationKind string

EventGroupingAggregationKind - The event grouping aggregation kinds 

const (
	EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult"
	EventGroupingAggregationKindSingleAlert    EventGroupingAggregationKind = "SingleAlert"
)

func PossibleEventGroupingAggregationKindValues added in v0.2.0 

func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind

PossibleEventGroupingAggregationKindValues returns the possible values for the EventGroupingAggregationKind const type.

func (EventGroupingAggregationKind) ToPtr added in v0.2.0 

func (c EventGroupingAggregationKind) ToPtr() *EventGroupingAggregationKind

ToPtr returns a *EventGroupingAggregationKind pointing to the current value.

type EventGroupingSettings added in v0.2.0 

type EventGroupingSettings struct {
	// The event grouping aggregation kinds
	AggregationKind *EventGroupingAggregationKind `json:"aggregationKind,omitempty"`
}

EventGroupingSettings - Event grouping settings property bag.

type ExpansionEntityQueriesProperties added in v0.2.0 

type ExpansionEntityQueriesProperties struct {
	// List of the data sources that are required to run the query
	DataSources []*string `json:"dataSources,omitempty"`

	// The query display name
	DisplayName *string `json:"displayName,omitempty"`

	// The type of the query's source entity
	InputEntityType *EntityType `json:"inputEntityType,omitempty"`

	// List of the fields of the source entity that are required to run the query
	InputFields []*string `json:"inputFields,omitempty"`

	// List of the desired output types to be constructed from the result
	OutputEntityTypes []*EntityType `json:"outputEntityTypes,omitempty"`

	// The template query string to be parsed and formatted
	QueryTemplate *string `json:"queryTemplate,omitempty"`
}

ExpansionEntityQueriesProperties - Describes expansion entity query properties

func (ExpansionEntityQueriesProperties) MarshalJSON added in v0.2.0 

func (e ExpansionEntityQueriesProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ExpansionEntityQueriesProperties.

type ExpansionEntityQuery added in v0.2.0 

type ExpansionEntityQuery struct {
	// REQUIRED; the entity query kind
	Kind *EntityQueryKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Expansion entity query properties
	Properties *ExpansionEntityQueriesProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ExpansionEntityQuery - Represents Expansion entity query.

func (*ExpansionEntityQuery) GetEntityQuery added in v0.2.0 

func (e *ExpansionEntityQuery) GetEntityQuery() *EntityQuery

GetEntityQuery implements the EntityQueryClassification interface for type ExpansionEntityQuery.

func (ExpansionEntityQuery) MarshalJSON added in v0.2.0 

func (e ExpansionEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ExpansionEntityQuery.

func (*ExpansionEntityQuery) UnmarshalJSON added in v0.2.0 

func (e *ExpansionEntityQuery) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionEntityQuery.

type ExpansionResultAggregation added in v0.2.0 

type ExpansionResultAggregation struct {
	// REQUIRED; Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.
	Count *int32 `json:"count,omitempty"`

	// REQUIRED; The kind of the aggregated entity.
	EntityKind *EntityKind `json:"entityKind,omitempty"`

	// The common type of the aggregation. (for e.g. entity field name)
	AggregationType *string `json:"aggregationType,omitempty"`

	// The display name of the aggregation by type.
	DisplayName *string `json:"displayName,omitempty"`
}

ExpansionResultAggregation - Information of a specific aggregation in the expansion result.

type ExpansionResultsMetadata added in v0.2.0 

type ExpansionResultsMetadata struct {
	// Information of the aggregated nodes in the expansion result.
	Aggregations []*ExpansionResultAggregation `json:"aggregations,omitempty"`
}

ExpansionResultsMetadata - Expansion result metadata.

func (ExpansionResultsMetadata) MarshalJSON added in v0.2.0 

func (e ExpansionResultsMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ExpansionResultsMetadata.

type EyesOn added in v0.2.0 

type EyesOn struct {
	// REQUIRED; The kind of the setting
	Kind *SettingKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// EyesOn properties
	Properties *EyesOnSettingsProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

EyesOn - Settings with single toggle.

func (*EyesOn) GetSettings added in v0.2.0 

func (e *EyesOn) GetSettings() *Settings

GetSettings implements the SettingsClassification interface for type EyesOn.

func (EyesOn) MarshalJSON added in v0.2.0 

func (e EyesOn) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EyesOn.

func (*EyesOn) UnmarshalJSON added in v0.2.0 

func (e *EyesOn) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EyesOn.

type EyesOnSettingsProperties added in v0.2.0 

type EyesOnSettingsProperties struct {
	// READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty" azure:"ro"`
}

EyesOnSettingsProperties - EyesOn property bag.

type FieldMapping added in v0.2.0 

type FieldMapping struct {
	// the column name to be mapped to the identifier
	ColumnName *string `json:"columnName,omitempty"`

	// the V3 identifier of the entity
	Identifier *string `json:"identifier,omitempty"`
}

FieldMapping - A single field mapping of the mapped entity

type FileEntity added in v0.2.0 

type FileEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// File entity properties
	Properties *FileEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

FileEntity - Represents a file entity.

func (*FileEntity) GetEntity added in v0.2.0 

func (f *FileEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type FileEntity.

func (FileEntity) MarshalJSON added in v0.2.0 

func (f FileEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileEntity.

func (*FileEntity) UnmarshalJSON added in v0.2.0 

func (f *FileEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileEntity.

type FileEntityProperties added in v0.2.0 

type FileEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The full path to the file.
	Directory *string `json:"directory,omitempty" azure:"ro"`

	// READ-ONLY; The file hash entity identifiers associated with this file
	FileHashEntityIDs []*string `json:"fileHashEntityIds,omitempty" azure:"ro"`

	// READ-ONLY; The file name without path (some alerts might not include path).
	FileName *string `json:"fileName,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The Host entity id which the file belongs to
	HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"`
}

FileEntityProperties - File entity property bag.

func (FileEntityProperties) MarshalJSON added in v0.2.0 

func (f FileEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileEntityProperties.

type FileHashAlgorithm added in v0.2.0 

type FileHashAlgorithm string

FileHashAlgorithm - The hash algorithm type. 

const (
	// FileHashAlgorithmMD5 - MD5 hash type
	FileHashAlgorithmMD5 FileHashAlgorithm = "MD5"
	// FileHashAlgorithmSHA1 - SHA1 hash type
	FileHashAlgorithmSHA1 FileHashAlgorithm = "SHA1"
	// FileHashAlgorithmSHA256 - SHA256 hash type
	FileHashAlgorithmSHA256 FileHashAlgorithm = "SHA256"
	// FileHashAlgorithmSHA256AC - SHA256 Authenticode hash type
	FileHashAlgorithmSHA256AC FileHashAlgorithm = "SHA256AC"
	// FileHashAlgorithmUnknown - Unknown hash algorithm
	FileHashAlgorithmUnknown FileHashAlgorithm = "Unknown"
)

func PossibleFileHashAlgorithmValues added in v0.2.0 

func PossibleFileHashAlgorithmValues() []FileHashAlgorithm

PossibleFileHashAlgorithmValues returns the possible values for the FileHashAlgorithm const type.

func (FileHashAlgorithm) ToPtr added in v0.2.0 

func (c FileHashAlgorithm) ToPtr() *FileHashAlgorithm

ToPtr returns a *FileHashAlgorithm pointing to the current value.

type FileHashEntity added in v0.2.0 

type FileHashEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// FileHash entity properties
	Properties *FileHashEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

FileHashEntity - Represents a file hash entity.

func (*FileHashEntity) GetEntity added in v0.2.0 

func (f *FileHashEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type FileHashEntity.

func (FileHashEntity) MarshalJSON added in v0.2.0 

func (f FileHashEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileHashEntity.

func (*FileHashEntity) UnmarshalJSON added in v0.2.0 

func (f *FileHashEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntity.

type FileHashEntityProperties added in v0.2.0 

type FileHashEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The hash algorithm type.
	Algorithm *FileHashAlgorithm `json:"algorithm,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The file hash value.
	HashValue *string `json:"hashValue,omitempty" azure:"ro"`
}

FileHashEntityProperties - FileHash entity property bag.

func (FileHashEntityProperties) MarshalJSON added in v0.2.0 

func (f FileHashEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileHashEntityProperties.

type FusionAlertRule 

type FusionAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Fusion alert rule properties
	Properties *FusionAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

FusionAlertRule - Represents Fusion alert rule.

func (*FusionAlertRule) GetAlertRule added in v0.2.0 

func (f *FusionAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type FusionAlertRule.

func (FusionAlertRule) MarshalJSON 

func (f FusionAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRule.

func (*FusionAlertRule) UnmarshalJSON 

func (f *FusionAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRule.

type FusionAlertRuleProperties 

type FusionAlertRuleProperties struct {
	// REQUIRED; The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty" azure:"ro"`

	// READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`

	// READ-ONLY; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"`

	// READ-ONLY; The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"`
}

FusionAlertRuleProperties - Fusion alert rule base property bag.

func (FusionAlertRuleProperties) MarshalJSON 

func (f FusionAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleProperties.

func (*FusionAlertRuleProperties) UnmarshalJSON 

func (f *FusionAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleProperties.

type FusionAlertRuleTemplate 

type FusionAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Fusion alert rule template properties
	Properties *FusionAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

FusionAlertRuleTemplate - Represents Fusion alert rule template.

func (*FusionAlertRuleTemplate) GetAlertRuleTemplate added in v0.2.0 

func (f *FusionAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) MarshalJSON 

func (f FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplate.

func (*FusionAlertRuleTemplate) UnmarshalJSON 

func (f *FusionAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplate.

type FusionAlertRuleTemplateProperties 

type FusionAlertRuleTemplateProperties struct {
	// REQUIRED; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// The tactics of the alert rule template
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

FusionAlertRuleTemplateProperties - Fusion alert rule template properties

func (FusionAlertRuleTemplateProperties) MarshalJSON 

func (f FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplateProperties.

func (*FusionAlertRuleTemplateProperties) UnmarshalJSON 

func (f *FusionAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplateProperties.

type GeoLocation added in v0.2.0 

type GeoLocation struct {
	// READ-ONLY; Autonomous System Number
	Asn *int32 `json:"asn,omitempty" azure:"ro"`

	// READ-ONLY; City name
	City *string `json:"city,omitempty" azure:"ro"`

	// READ-ONLY; The country code according to ISO 3166 format
	CountryCode *string `json:"countryCode,omitempty" azure:"ro"`

	// READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name
	CountryName *string `json:"countryName,omitempty" azure:"ro"`

	// READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with
	// positive numbers representing East and negative numbers representing West. Latitude and
	// longitude are derived from the city or postal code.
	Latitude *float64 `json:"latitude,omitempty" azure:"ro"`

	// READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with
	// positive numbers representing North and negative numbers representing South. Latitude and
	// longitude are derived from the city or postal code.
	Longitude *float64 `json:"longitude,omitempty" azure:"ro"`

	// READ-ONLY; State name
	State *string `json:"state,omitempty" azure:"ro"`
}

GeoLocation - The geo-location context attached to the ip entity

type GetInsightsError added in v0.2.0 

type GetInsightsError struct {
	// REQUIRED; the error message
	ErrorMessage *string `json:"errorMessage,omitempty"`

	// REQUIRED; the query kind
	Kind *GetInsightsErrorKind `json:"kind,omitempty"`

	// the query id
	QueryID *string `json:"queryId,omitempty"`
}

GetInsightsError - GetInsights Query Errors.

type GetInsightsErrorKind added in v0.2.0 

type GetInsightsErrorKind string

GetInsightsErrorKind - the query kind 

const (
	GetInsightsErrorKindInsight GetInsightsErrorKind = "Insight"
)

func PossibleGetInsightsErrorKindValues added in v0.2.0 

func PossibleGetInsightsErrorKindValues() []GetInsightsErrorKind

PossibleGetInsightsErrorKindValues returns the possible values for the GetInsightsErrorKind const type.

func (GetInsightsErrorKind) ToPtr added in v0.2.0 

func (c GetInsightsErrorKind) ToPtr() *GetInsightsErrorKind

ToPtr returns a *GetInsightsErrorKind pointing to the current value.

type GetInsightsResultsMetadata added in v0.2.0 

type GetInsightsResultsMetadata struct {
	// REQUIRED; the total items found for the insights request
	TotalCount *int32 `json:"totalCount,omitempty"`

	// information about the failed queries
	Errors []*GetInsightsError `json:"errors,omitempty"`
}

GetInsightsResultsMetadata - Get Insights result metadata.

func (GetInsightsResultsMetadata) MarshalJSON added in v0.2.0 

func (g GetInsightsResultsMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GetInsightsResultsMetadata.

type GetQueriesResponse added in v0.2.0 

type GetQueriesResponse struct {
	// The query result values.
	Value []EntityQueryItemClassification `json:"value,omitempty"`
}

GetQueriesResponse - Retrieve queries for entity result operation response.

func (GetQueriesResponse) MarshalJSON added in v0.2.0 

func (g GetQueriesResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GetQueriesResponse.

func (*GetQueriesResponse) UnmarshalJSON added in v0.2.0 

func (g *GetQueriesResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type GetQueriesResponse.

type GraphQueries added in v0.2.0 

type GraphQueries struct {
	// The base query for the graph
	BaseQuery *string `json:"baseQuery,omitempty"`

	// The legend for the graph
	Legend *string `json:"legend,omitempty"`

	// the metric that the query is checking
	MetricName *string `json:"metricName,omitempty"`
}

GraphQueries - The graph query to show the current data status

type GroupingConfiguration added in v0.2.0 

type GroupingConfiguration struct {
	// REQUIRED; Grouping enabled
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
	LookbackDuration *string `json:"lookbackDuration,omitempty"`

	// REQUIRED; Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails
	// must be provided and not empty.
	MatchingMethod *MatchingMethod `json:"matchingMethod,omitempty"`

	// REQUIRED; Re-open closed matching incidents
	ReopenClosedIncident *bool `json:"reopenClosedIncident,omitempty"`

	// A list of alert details to group by (when matchingMethod is Selected)
	GroupByAlertDetails []*AlertDetail `json:"groupByAlertDetails,omitempty"`

	// A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule
	// may be used.
	GroupByCustomDetails []*string `json:"groupByCustomDetails,omitempty"`

	// A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may
	// be used.
	GroupByEntities []*EntityMappingType `json:"groupByEntities,omitempty"`
}

GroupingConfiguration - Grouping configuration property bag.

func (GroupingConfiguration) MarshalJSON added in v0.2.0 

func (g GroupingConfiguration) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GroupingConfiguration.

type HostEntity added in v0.2.0 

type HostEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Host entity properties
	Properties *HostEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

HostEntity - Represents a host entity.

func (*HostEntity) GetEntity added in v0.2.0 

func (h *HostEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type HostEntity.

func (HostEntity) MarshalJSON added in v0.2.0 

func (h HostEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HostEntity.

func (*HostEntity) UnmarshalJSON added in v0.2.0 

func (h *HostEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HostEntity.

type HostEntityProperties added in v0.2.0 

type HostEntityProperties struct {
	// The operating system type.
	OSFamily *OSFamily `json:"osFamily,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The azure resource id of the VM.
	AzureID *string `json:"azureID,omitempty" azure:"ro"`

	// READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain
	DNSDomain *string `json:"dnsDomain,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The hostname without the domain suffix.
	HostName *string `json:"hostName,omitempty" azure:"ro"`

	// READ-ONLY; Determines whether this host belongs to a domain.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty" azure:"ro"`

	// READ-ONLY; The host name (pre-windows2000).
	NetBiosName *string `json:"netBiosName,omitempty" azure:"ro"`

	// READ-ONLY; The NT domain that this host belongs to.
	NtDomain *string `json:"ntDomain,omitempty" azure:"ro"`

	// READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more
	// fine grained than OSFamily or future values not supported by OSFamily enumeration
	OSVersion *string `json:"osVersion,omitempty" azure:"ro"`

	// READ-ONLY; The OMS agent id, if the host has OMS agent installed.
	OmsAgentID *string `json:"omsAgentID,omitempty" azure:"ro"`
}

HostEntityProperties - Host entity property bag.

func (HostEntityProperties) MarshalJSON added in v0.2.0 

func (h HostEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HostEntityProperties.

type HuntingBookmark added in v0.2.0 

type HuntingBookmark struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// HuntingBookmark entity properties
	Properties *HuntingBookmarkProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

HuntingBookmark - Represents a Hunting bookmark entity.

func (*HuntingBookmark) GetEntity added in v0.2.0 

func (h *HuntingBookmark) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type HuntingBookmark.

func (HuntingBookmark) MarshalJSON added in v0.2.0 

func (h HuntingBookmark) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HuntingBookmark.

func (*HuntingBookmark) UnmarshalJSON added in v0.2.0 

func (h *HuntingBookmark) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmark.

type HuntingBookmarkProperties added in v0.2.0 

type HuntingBookmarkProperties struct {
	// REQUIRED; The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The query of the bookmark.
	Query *string `json:"query,omitempty"`

	// The time the bookmark was created
	Created *time.Time `json:"created,omitempty"`

	// Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`

	// The time of the event
	EventTime *time.Time `json:"eventTime,omitempty"`

	// Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`

	// List of labels relevant to this bookmark
	Labels []*string `json:"labels,omitempty"`

	// The notes of the bookmark
	Notes *string `json:"notes,omitempty"`

	// The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`

	// The last time the bookmark was updated
	Updated *time.Time `json:"updated,omitempty"`

	// Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`
}

HuntingBookmarkProperties - Describes bookmark properties

func (HuntingBookmarkProperties) MarshalJSON added in v0.2.0 

func (h HuntingBookmarkProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HuntingBookmarkProperties.

func (*HuntingBookmarkProperties) UnmarshalJSON added in v0.2.0 

func (h *HuntingBookmarkProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmarkProperties.

type IPEntity added in v0.2.0 

type IPEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Ip entity properties
	Properties *IPEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

IPEntity - Represents an ip entity.

func (*IPEntity) GetEntity added in v0.2.0 

func (i *IPEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type IPEntity.

func (IPEntity) MarshalJSON added in v0.2.0 

func (i IPEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IPEntity.

func (*IPEntity) UnmarshalJSON added in v0.2.0 

func (i *IPEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IPEntity.

type IPEntityProperties added in v0.2.0 

type IPEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
	Address *string `json:"address,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The geo-location context attached to the ip entity
	Location *GeoLocation `json:"location,omitempty" azure:"ro"`

	// READ-ONLY; A list of TI contexts attached to the ip entity.
	ThreatIntelligence []*ThreatIntelligence `json:"threatIntelligence,omitempty" azure:"ro"`
}

IPEntityProperties - Ip entity property bag.

func (IPEntityProperties) MarshalJSON added in v0.2.0 

func (i IPEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IPEntityProperties.

type IPGeodataClient added in v0.2.0 

type IPGeodataClient struct {
	// contains filtered or unexported fields
}

IPGeodataClient contains the methods for the IPGeodata group. Don't use this type directly, use NewIPGeodataClient() instead.

func NewIPGeodataClient added in v0.2.0 

func NewIPGeodataClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *IPGeodataClient

NewIPGeodataClient creates a new instance of IPGeodataClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*IPGeodataClient) Get added in v0.2.0 

func (client *IPGeodataClient) Get(ctx context.Context, resourceGroupName string, ipAddress string, options *IPGeodataClientGetOptions) (IPGeodataClientGetResponse, error)

Get - Get geodata for a single IP address If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. ipAddress - IP address (v4 or v6) to be enriched options - IPGeodataClientGetOptions contains the optional parameters for the IPGeodataClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/enrichment/GetGeodataByIp.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIPGeodataClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<ip-address>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IPGeodataClientGetResult)
}

Output:

type IPGeodataClientGetOptions added in v0.2.0 

type IPGeodataClientGetOptions struct {
}

IPGeodataClientGetOptions contains the optional parameters for the IPGeodataClient.Get method.

type IPGeodataClientGetResponse added in v0.2.0 

type IPGeodataClientGetResponse struct {
	IPGeodataClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IPGeodataClientGetResponse contains the response from method IPGeodataClient.Get.

type IPGeodataClientGetResult added in v0.2.0 

type IPGeodataClientGetResult struct {
	EnrichmentIPGeodata
}

IPGeodataClientGetResult contains the result from method IPGeodataClient.Get.

type Incident 

type Incident struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Incident properties
	Properties *IncidentProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Incident - Represents an incident in Azure Security Insights.

type IncidentAdditionalData 

type IncidentAdditionalData struct {
	// READ-ONLY; List of product names of alerts in the incident
	AlertProductNames []*string `json:"alertProductNames,omitempty" azure:"ro"`

	// READ-ONLY; The number of alerts in the incident
	AlertsCount *int32 `json:"alertsCount,omitempty" azure:"ro"`

	// READ-ONLY; The number of bookmarks in the incident
	BookmarksCount *int32 `json:"bookmarksCount,omitempty" azure:"ro"`

	// READ-ONLY; The number of comments in the incident
	CommentsCount *int32 `json:"commentsCount,omitempty" azure:"ro"`

	// READ-ONLY; The tactics associated with incident
	Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"`
}

IncidentAdditionalData - Incident additional data property bag.

func (IncidentAdditionalData) MarshalJSON 

func (i IncidentAdditionalData) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentAdditionalData.

type IncidentAlertList added in v0.2.0 

type IncidentAlertList struct {
	// REQUIRED; Array of incident alerts.
	Value []*SecurityAlert `json:"value,omitempty"`
}

IncidentAlertList - List of incident alerts.

func (IncidentAlertList) MarshalJSON added in v0.2.0 

func (i IncidentAlertList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentAlertList.

type IncidentBookmarkList added in v0.2.0 

type IncidentBookmarkList struct {
	// REQUIRED; Array of incident bookmarks.
	Value []*HuntingBookmark `json:"value,omitempty"`
}

IncidentBookmarkList - List of incident bookmarks.

func (IncidentBookmarkList) MarshalJSON added in v0.2.0 

func (i IncidentBookmarkList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentBookmarkList.

type IncidentClassification 

type IncidentClassification string

IncidentClassification - The reason the incident was closed 

const (
	// IncidentClassificationBenignPositive - Incident was benign positive
	IncidentClassificationBenignPositive IncidentClassification = "BenignPositive"
	// IncidentClassificationFalsePositive - Incident was false positive
	IncidentClassificationFalsePositive IncidentClassification = "FalsePositive"
	// IncidentClassificationTruePositive - Incident was true positive
	IncidentClassificationTruePositive IncidentClassification = "TruePositive"
	// IncidentClassificationUndetermined - Incident classification was undetermined
	IncidentClassificationUndetermined IncidentClassification = "Undetermined"
)

func PossibleIncidentClassificationValues 

func PossibleIncidentClassificationValues() []IncidentClassification

PossibleIncidentClassificationValues returns the possible values for the IncidentClassification const type.

func (IncidentClassification) ToPtr 

func (c IncidentClassification) ToPtr() *IncidentClassification

ToPtr returns a *IncidentClassification pointing to the current value.

type IncidentClassificationReason 

type IncidentClassificationReason string

IncidentClassificationReason - The classification reason the incident was closed with 

const (
	// IncidentClassificationReasonInaccurateData - Classification reason was inaccurate data
	IncidentClassificationReasonInaccurateData IncidentClassificationReason = "InaccurateData"
	// IncidentClassificationReasonIncorrectAlertLogic - Classification reason was incorrect alert logic
	IncidentClassificationReasonIncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic"
	// IncidentClassificationReasonSuspiciousActivity - Classification reason was suspicious activity
	IncidentClassificationReasonSuspiciousActivity IncidentClassificationReason = "SuspiciousActivity"
	// IncidentClassificationReasonSuspiciousButExpected - Classification reason was suspicious but expected
	IncidentClassificationReasonSuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected"
)

func PossibleIncidentClassificationReasonValues 

func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason

PossibleIncidentClassificationReasonValues returns the possible values for the IncidentClassificationReason const type.

func (IncidentClassificationReason) ToPtr 

func (c IncidentClassificationReason) ToPtr() *IncidentClassificationReason

ToPtr returns a *IncidentClassificationReason pointing to the current value.

type IncidentComment 

type IncidentComment struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Incident comment properties
	Properties *IncidentCommentProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

IncidentComment - Represents an incident comment

type IncidentCommentList 

type IncidentCommentList struct {
	// REQUIRED; Array of comments.
	Value []*IncidentComment `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of comments.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

IncidentCommentList - List of incident comments.

func (IncidentCommentList) MarshalJSON 

func (i IncidentCommentList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentCommentList.

type IncidentCommentProperties 

type IncidentCommentProperties struct {
	// REQUIRED; The comment message
	Message *string `json:"message,omitempty"`

	// READ-ONLY; Describes the client that created the comment
	Author *ClientInfo `json:"author,omitempty" azure:"ro"`

	// READ-ONLY; The time the comment was created
	CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; The time the comment was updated
	LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"`
}

IncidentCommentProperties - Incident comment property bag.

func (IncidentCommentProperties) MarshalJSON 

func (i IncidentCommentProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentCommentProperties.

func (*IncidentCommentProperties) UnmarshalJSON 

func (i *IncidentCommentProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentProperties.

type IncidentCommentsClient 

type IncidentCommentsClient struct {
	// contains filtered or unexported fields
}

IncidentCommentsClient contains the methods for the IncidentComments group. Don't use this type directly, use NewIncidentCommentsClient() instead.

func NewIncidentCommentsClient 

func NewIncidentCommentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *IncidentCommentsClient

NewIncidentCommentsClient creates a new instance of IncidentCommentsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*IncidentCommentsClient) CreateOrUpdate added in v0.2.0 

func (client *IncidentCommentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment, options *IncidentCommentsClientCreateOrUpdateOptions) (IncidentCommentsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the incident comment. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID incidentCommentID - Incident comment ID incidentComment - The incident comment options - IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/CreateIncidentComment.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentCommentsClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		"<incident-comment-id>",
		armsecurityinsight.IncidentComment{
			Properties: &armsecurityinsight.IncidentCommentProperties{
				Message: to.StringPtr("<message>"),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IncidentCommentsClientCreateOrUpdateResult)
}

Output:

func (*IncidentCommentsClient) Delete added in v0.2.0 

func (client *IncidentCommentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, options *IncidentCommentsClientDeleteOptions) (IncidentCommentsClientDeleteResponse, error)

Delete - Delete the incident comment. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID incidentCommentID - Incident comment ID options - IncidentCommentsClientDeleteOptions contains the optional parameters for the IncidentCommentsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/DeleteIncidentComment.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentCommentsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		"<incident-comment-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*IncidentCommentsClient) Get 

func (client *IncidentCommentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, options *IncidentCommentsClientGetOptions) (IncidentCommentsClientGetResponse, error)

Get - Gets an incident comment. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID incidentCommentID - Incident comment ID options - IncidentCommentsClientGetOptions contains the optional parameters for the IncidentCommentsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/GetIncidentCommentById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentCommentsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		"<incident-comment-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IncidentCommentsClientGetResult)
}

Output:

func (*IncidentCommentsClient) List added in v0.2.0 

func (client *IncidentCommentsClient) List(resourceGroupName string, workspaceName string, incidentID string, options *IncidentCommentsClientListOptions) *IncidentCommentsClientListPager

List - Gets all incident comments. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentCommentsClientListOptions contains the optional parameters for the IncidentCommentsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/comments/GetAllIncidentComments.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentCommentsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		&armsecurityinsight.IncidentCommentsClientListOptions{Filter: nil,
			Orderby:   nil,
			Top:       nil,
			SkipToken: nil,
		})
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type IncidentCommentsClientCreateOrUpdateOptions added in v0.2.0 

type IncidentCommentsClientCreateOrUpdateOptions struct {
}

IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate method.

type IncidentCommentsClientCreateOrUpdateResponse added in v0.2.0 

type IncidentCommentsClientCreateOrUpdateResponse struct {
	IncidentCommentsClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentCommentsClientCreateOrUpdateResponse contains the response from method IncidentCommentsClient.CreateOrUpdate.

type IncidentCommentsClientCreateOrUpdateResult added in v0.2.0 

type IncidentCommentsClientCreateOrUpdateResult struct {
	IncidentComment
}

IncidentCommentsClientCreateOrUpdateResult contains the result from method IncidentCommentsClient.CreateOrUpdate.

type IncidentCommentsClientDeleteOptions added in v0.2.0 

type IncidentCommentsClientDeleteOptions struct {
}

IncidentCommentsClientDeleteOptions contains the optional parameters for the IncidentCommentsClient.Delete method.

type IncidentCommentsClientDeleteResponse added in v0.2.0 

type IncidentCommentsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentCommentsClientDeleteResponse contains the response from method IncidentCommentsClient.Delete.

type IncidentCommentsClientGetOptions added in v0.2.0 

type IncidentCommentsClientGetOptions struct {
}

IncidentCommentsClientGetOptions contains the optional parameters for the IncidentCommentsClient.Get method.

type IncidentCommentsClientGetResponse added in v0.2.0 

type IncidentCommentsClientGetResponse struct {
	IncidentCommentsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentCommentsClientGetResponse contains the response from method IncidentCommentsClient.Get.

type IncidentCommentsClientGetResult added in v0.2.0 

type IncidentCommentsClientGetResult struct {
	IncidentComment
}

IncidentCommentsClientGetResult contains the result from method IncidentCommentsClient.Get.

type IncidentCommentsClientListOptions added in v0.2.0 

type IncidentCommentsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

IncidentCommentsClientListOptions contains the optional parameters for the IncidentCommentsClient.List method.

type IncidentCommentsClientListPager added in v0.2.0 

type IncidentCommentsClientListPager struct {
	// contains filtered or unexported fields
}

IncidentCommentsClientListPager provides operations for iterating over paged responses.

func (*IncidentCommentsClientListPager) Err added in v0.2.0 

func (p *IncidentCommentsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*IncidentCommentsClientListPager) NextPage added in v0.2.0 

func (p *IncidentCommentsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*IncidentCommentsClientListPager) PageResponse added in v0.2.0 

func (p *IncidentCommentsClientListPager) PageResponse() IncidentCommentsClientListResponse

PageResponse returns the current IncidentCommentsClientListResponse page.

type IncidentCommentsClientListResponse added in v0.2.0 

type IncidentCommentsClientListResponse struct {
	IncidentCommentsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentCommentsClientListResponse contains the response from method IncidentCommentsClient.List.

type IncidentCommentsClientListResult added in v0.2.0 

type IncidentCommentsClientListResult struct {
	IncidentCommentList
}

IncidentCommentsClientListResult contains the result from method IncidentCommentsClient.List.

type IncidentConfiguration added in v0.2.0 

type IncidentConfiguration struct {
	// REQUIRED; Create incidents from alerts triggered by this analytics rule
	CreateIncident *bool `json:"createIncident,omitempty"`

	// Set how the alerts that are triggered by this analytics rule, are grouped into incidents
	GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"`
}

IncidentConfiguration - Incident Configuration property bag.

type IncidentEntitiesResponse added in v0.2.0 

type IncidentEntitiesResponse struct {
	// Array of the incident related entities.
	Entities []EntityClassification `json:"entities,omitempty"`

	// The metadata from the incident related entities results.
	MetaData []*IncidentEntitiesResultsMetadata `json:"metaData,omitempty"`
}

IncidentEntitiesResponse - The incident related entities response.

func (IncidentEntitiesResponse) MarshalJSON added in v0.2.0 

func (i IncidentEntitiesResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentEntitiesResponse.

func (*IncidentEntitiesResponse) UnmarshalJSON added in v0.2.0 

func (i *IncidentEntitiesResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResponse.

type IncidentEntitiesResultsMetadata added in v0.2.0 

type IncidentEntitiesResultsMetadata struct {
	// REQUIRED; Total number of aggregations of the given kind in the incident related entities result.
	Count *int32 `json:"count,omitempty"`

	// REQUIRED; The kind of the aggregated entity.
	EntityKind *EntityKind `json:"entityKind,omitempty"`
}

IncidentEntitiesResultsMetadata - Information of a specific aggregation in the incident related entities result.

type IncidentInfo 

type IncidentInfo struct {
	// Incident Id
	IncidentID *string `json:"incidentId,omitempty"`

	// Relation Name
	RelationName *string `json:"relationName,omitempty"`

	// The severity of the incident
	Severity *IncidentSeverity `json:"severity,omitempty"`

	// The title of the incident
	Title *string `json:"title,omitempty"`
}

IncidentInfo - Describes related incident information for the bookmark

type IncidentLabel 

type IncidentLabel struct {
	// REQUIRED; The name of the label
	LabelName *string `json:"labelName,omitempty"`

	// READ-ONLY; The type of the label
	LabelType *IncidentLabelType `json:"labelType,omitempty" azure:"ro"`
}

IncidentLabel - Represents an incident label

type IncidentLabelType 

type IncidentLabelType string

IncidentLabelType - The type of the label 

const (
	// IncidentLabelTypeSystem - Label automatically created by the system
	IncidentLabelTypeSystem IncidentLabelType = "System"
	// IncidentLabelTypeUser - Label manually created by a user
	IncidentLabelTypeUser IncidentLabelType = "User"
)

func PossibleIncidentLabelTypeValues 

func PossibleIncidentLabelTypeValues() []IncidentLabelType

PossibleIncidentLabelTypeValues returns the possible values for the IncidentLabelType const type.

func (IncidentLabelType) ToPtr 

func (c IncidentLabelType) ToPtr() *IncidentLabelType

ToPtr returns a *IncidentLabelType pointing to the current value.

type IncidentList 

type IncidentList struct {
	// REQUIRED; Array of incidents.
	Value []*Incident `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of incidents.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

IncidentList - List all the incidents.

func (IncidentList) MarshalJSON 

func (i IncidentList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentList.

type IncidentOwnerInfo 

type IncidentOwnerInfo struct {
	// The name of the user the incident is assigned to.
	AssignedTo *string `json:"assignedTo,omitempty"`

	// The email of the user the incident is assigned to.
	Email *string `json:"email,omitempty"`

	// The object id of the user the incident is assigned to.
	ObjectID *string `json:"objectId,omitempty"`

	// The user principal name of the user the incident is assigned to.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`

	// READ-ONLY; The type of the owner the incident is assigned to.
	OwnerType *OwnerType `json:"ownerType,omitempty" azure:"ro"`
}

IncidentOwnerInfo - Information on the user an incident is assigned to

type IncidentProperties 

type IncidentProperties struct {
	// REQUIRED; The severity of the incident
	Severity *IncidentSeverity `json:"severity,omitempty"`

	// REQUIRED; The status of the incident
	Status *IncidentStatus `json:"status,omitempty"`

	// REQUIRED; The title of the incident
	Title *string `json:"title,omitempty"`

	// The reason the incident was closed
	Classification *IncidentClassification `json:"classification,omitempty"`

	// Describes the reason the incident was closed
	ClassificationComment *string `json:"classificationComment,omitempty"`

	// The classification reason the incident was closed with
	ClassificationReason *IncidentClassificationReason `json:"classificationReason,omitempty"`

	// The description of the incident
	Description *string `json:"description,omitempty"`

	// The time of the first activity in the incident
	FirstActivityTimeUTC *time.Time `json:"firstActivityTimeUtc,omitempty"`

	// List of labels relevant to this incident
	Labels []*IncidentLabel `json:"labels,omitempty"`

	// The time of the last activity in the incident
	LastActivityTimeUTC *time.Time `json:"lastActivityTimeUtc,omitempty"`

	// Describes a user that the incident is assigned to
	Owner *IncidentOwnerInfo `json:"owner,omitempty"`

	// The incident ID assigned by the incident provider
	ProviderIncidentID *string `json:"providerIncidentId,omitempty"`

	// The name of the source provider that generated the incident
	ProviderName *string `json:"providerName,omitempty"`

	// Describes a team for the incident
	TeamInformation *TeamInformation `json:"teamInformation,omitempty"`

	// READ-ONLY; Additional data on the incident
	AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The time the incident was created
	CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; A sequential number
	IncidentNumber *int32 `json:"incidentNumber,omitempty" azure:"ro"`

	// READ-ONLY; The deep-link url to the incident in Azure portal
	IncidentURL *string `json:"incidentUrl,omitempty" azure:"ro"`

	// READ-ONLY; The last time the incident was updated
	LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; List of resource ids of Analytic rules related to the incident
	RelatedAnalyticRuleIDs []*string `json:"relatedAnalyticRuleIds,omitempty" azure:"ro"`
}

IncidentProperties - Describes incident properties

func (IncidentProperties) MarshalJSON 

func (i IncidentProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentProperties.

func (*IncidentProperties) UnmarshalJSON 

func (i *IncidentProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentProperties.

type IncidentRelationsClient added in v0.2.0 

type IncidentRelationsClient struct {
	// contains filtered or unexported fields
}

IncidentRelationsClient contains the methods for the IncidentRelations group. Don't use this type directly, use NewIncidentRelationsClient() instead.

func NewIncidentRelationsClient added in v0.2.0 

func NewIncidentRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *IncidentRelationsClient

NewIncidentRelationsClient creates a new instance of IncidentRelationsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*IncidentRelationsClient) CreateOrUpdate added in v0.2.0 

func (client *IncidentRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, relation Relation, options *IncidentRelationsClientCreateOrUpdateOptions) (IncidentRelationsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the incident relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID relationName - Relation Name relation - The relation model options - IncidentRelationsClientCreateOrUpdateOptions contains the optional parameters for the IncidentRelationsClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentRelationsClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		"<relation-name>",
		armsecurityinsight.Relation{
			Properties: &armsecurityinsight.RelationProperties{
				RelatedResourceID: to.StringPtr("<related-resource-id>"),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IncidentRelationsClientCreateOrUpdateResult)
}

Output:

func (*IncidentRelationsClient) Delete added in v0.2.0 

func (client *IncidentRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, options *IncidentRelationsClientDeleteOptions) (IncidentRelationsClientDeleteResponse, error)

Delete - Delete the incident relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID relationName - Relation Name options - IncidentRelationsClientDeleteOptions contains the optional parameters for the IncidentRelationsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentRelationsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		"<relation-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*IncidentRelationsClient) Get added in v0.2.0 

func (client *IncidentRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, options *IncidentRelationsClientGetOptions) (IncidentRelationsClientGetResponse, error)

Get - Gets an incident relation. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID relationName - Relation Name options - IncidentRelationsClientGetOptions contains the optional parameters for the IncidentRelationsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentRelationsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		"<relation-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IncidentRelationsClientGetResult)
}

Output:

func (*IncidentRelationsClient) List added in v0.2.0 

func (client *IncidentRelationsClient) List(resourceGroupName string, workspaceName string, incidentID string, options *IncidentRelationsClientListOptions) *IncidentRelationsClientListPager

List - Gets all incident relations. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentRelationsClientListOptions contains the optional parameters for the IncidentRelationsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentRelationsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		&armsecurityinsight.IncidentRelationsClientListOptions{Filter: nil,
			Orderby:   nil,
			Top:       nil,
			SkipToken: nil,
		})
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type IncidentRelationsClientCreateOrUpdateOptions added in v0.2.0 

type IncidentRelationsClientCreateOrUpdateOptions struct {
}

IncidentRelationsClientCreateOrUpdateOptions contains the optional parameters for the IncidentRelationsClient.CreateOrUpdate method.

type IncidentRelationsClientCreateOrUpdateResponse added in v0.2.0 

type IncidentRelationsClientCreateOrUpdateResponse struct {
	IncidentRelationsClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentRelationsClientCreateOrUpdateResponse contains the response from method IncidentRelationsClient.CreateOrUpdate.

type IncidentRelationsClientCreateOrUpdateResult added in v0.2.0 

type IncidentRelationsClientCreateOrUpdateResult struct {
	Relation
}

IncidentRelationsClientCreateOrUpdateResult contains the result from method IncidentRelationsClient.CreateOrUpdate.

type IncidentRelationsClientDeleteOptions added in v0.2.0 

type IncidentRelationsClientDeleteOptions struct {
}

IncidentRelationsClientDeleteOptions contains the optional parameters for the IncidentRelationsClient.Delete method.

type IncidentRelationsClientDeleteResponse added in v0.2.0 

type IncidentRelationsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentRelationsClientDeleteResponse contains the response from method IncidentRelationsClient.Delete.

type IncidentRelationsClientGetOptions added in v0.2.0 

type IncidentRelationsClientGetOptions struct {
}

IncidentRelationsClientGetOptions contains the optional parameters for the IncidentRelationsClient.Get method.

type IncidentRelationsClientGetResponse added in v0.2.0 

type IncidentRelationsClientGetResponse struct {
	IncidentRelationsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentRelationsClientGetResponse contains the response from method IncidentRelationsClient.Get.

type IncidentRelationsClientGetResult added in v0.2.0 

type IncidentRelationsClientGetResult struct {
	Relation
}

IncidentRelationsClientGetResult contains the result from method IncidentRelationsClient.Get.

type IncidentRelationsClientListOptions added in v0.2.0 

type IncidentRelationsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

IncidentRelationsClientListOptions contains the optional parameters for the IncidentRelationsClient.List method.

type IncidentRelationsClientListPager added in v0.2.0 

type IncidentRelationsClientListPager struct {
	// contains filtered or unexported fields
}

IncidentRelationsClientListPager provides operations for iterating over paged responses.

func (*IncidentRelationsClientListPager) Err added in v0.2.0 

func (p *IncidentRelationsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*IncidentRelationsClientListPager) NextPage added in v0.2.0 

func (p *IncidentRelationsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*IncidentRelationsClientListPager) PageResponse added in v0.2.0 

func (p *IncidentRelationsClientListPager) PageResponse() IncidentRelationsClientListResponse

PageResponse returns the current IncidentRelationsClientListResponse page.

type IncidentRelationsClientListResponse added in v0.2.0 

type IncidentRelationsClientListResponse struct {
	IncidentRelationsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentRelationsClientListResponse contains the response from method IncidentRelationsClient.List.

type IncidentRelationsClientListResult added in v0.2.0 

type IncidentRelationsClientListResult struct {
	RelationList
}

IncidentRelationsClientListResult contains the result from method IncidentRelationsClient.List.

type IncidentSeverity 

type IncidentSeverity string

IncidentSeverity - The severity of the incident 

const (
	// IncidentSeverityHigh - High severity
	IncidentSeverityHigh IncidentSeverity = "High"
	// IncidentSeverityInformational - Informational severity
	IncidentSeverityInformational IncidentSeverity = "Informational"
	// IncidentSeverityLow - Low severity
	IncidentSeverityLow IncidentSeverity = "Low"
	// IncidentSeverityMedium - Medium severity
	IncidentSeverityMedium IncidentSeverity = "Medium"
)

func PossibleIncidentSeverityValues 

func PossibleIncidentSeverityValues() []IncidentSeverity

PossibleIncidentSeverityValues returns the possible values for the IncidentSeverity const type.

func (IncidentSeverity) ToPtr 

func (c IncidentSeverity) ToPtr() *IncidentSeverity

ToPtr returns a *IncidentSeverity pointing to the current value.

type IncidentStatus 

type IncidentStatus string

IncidentStatus - The status of the incident 

const (
	// IncidentStatusActive - An active incident which is being handled
	IncidentStatusActive IncidentStatus = "Active"
	// IncidentStatusClosed - A non-active incident
	IncidentStatusClosed IncidentStatus = "Closed"
	// IncidentStatusNew - An active incident which isn't being handled currently
	IncidentStatusNew IncidentStatus = "New"
)

func PossibleIncidentStatusValues 

func PossibleIncidentStatusValues() []IncidentStatus

PossibleIncidentStatusValues returns the possible values for the IncidentStatus const type.

func (IncidentStatus) ToPtr 

func (c IncidentStatus) ToPtr() *IncidentStatus

ToPtr returns a *IncidentStatus pointing to the current value.

type IncidentsClient 

type IncidentsClient struct {
	// contains filtered or unexported fields
}

IncidentsClient contains the methods for the Incidents group. Don't use this type directly, use NewIncidentsClient() instead.

func NewIncidentsClient 

func NewIncidentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *IncidentsClient

NewIncidentsClient creates a new instance of IncidentsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*IncidentsClient) CreateOrUpdate 

func (client *IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident Incident, options *IncidentsClientCreateOrUpdateOptions) (IncidentsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the incident. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID incident - The incident options - IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/CreateIncident.json 

package main

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		armsecurityinsight.Incident{
			Etag: to.StringPtr("<etag>"),
			Properties: &armsecurityinsight.IncidentProperties{
				Description:           to.StringPtr("<description>"),
				Classification:        armsecurityinsight.IncidentClassification("FalsePositive").ToPtr(),
				ClassificationComment: to.StringPtr("<classification-comment>"),
				ClassificationReason:  armsecurityinsight.IncidentClassificationReason("IncorrectAlertLogic").ToPtr(),
				FirstActivityTimeUTC:  to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30Z"); return t }()),
				LastActivityTimeUTC:   to.TimePtr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30Z"); return t }()),
				Owner: &armsecurityinsight.IncidentOwnerInfo{
					ObjectID: to.StringPtr("<object-id>"),
				},
				Severity: armsecurityinsight.IncidentSeverity("High").ToPtr(),
				Status:   armsecurityinsight.IncidentStatus("Closed").ToPtr(),
				Title:    to.StringPtr("<title>"),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IncidentsClientCreateOrUpdateResult)
}

Output:

func (*IncidentsClient) CreateTeam added in v0.2.0 

func (client *IncidentsClient) CreateTeam(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, teamProperties TeamProperties, options *IncidentsClientCreateTeamOptions) (IncidentsClientCreateTeamResponse, error)

CreateTeam - Creates a Microsoft team to investigate the incident by sharing information and insights between participants. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID teamProperties - Team properties options - IncidentsClientCreateTeamOptions contains the optional parameters for the IncidentsClient.CreateTeam method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/CreateTeam.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil)
	res, err := client.CreateTeam(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		armsecurityinsight.TeamProperties{
			TeamDescription: to.StringPtr("<team-description>"),
			TeamName:        to.StringPtr("<team-name>"),
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IncidentsClientCreateTeamResult)
}

Output:

func (*IncidentsClient) Delete 

func (client *IncidentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientDeleteOptions) (IncidentsClientDeleteResponse, error)

Delete - Delete the incident. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentsClientDeleteOptions contains the optional parameters for the IncidentsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/DeleteIncident.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*IncidentsClient) Get 

func (client *IncidentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientGetOptions) (IncidentsClientGetResponse, error)

Get - Gets an incident. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentsClientGetOptions contains the optional parameters for the IncidentsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetIncidentById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IncidentsClientGetResult)
}

Output:

func (*IncidentsClient) List 

func (client *IncidentsClient) List(resourceGroupName string, workspaceName string, options *IncidentsClientListOptions) *IncidentsClientListPager

List - Gets all incidents. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - IncidentsClientListOptions contains the optional parameters for the IncidentsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetIncidents.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		&armsecurityinsight.IncidentsClientListOptions{Filter: nil,
			Orderby:   to.StringPtr("<orderby>"),
			Top:       to.Int32Ptr(1),
			SkipToken: nil,
		})
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

func (*IncidentsClient) ListAlerts added in v0.2.0 

func (client *IncidentsClient) ListAlerts(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListAlertsOptions) (IncidentsClientListAlertsResponse, error)

ListAlerts - Gets all incident alerts. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentsClientListAlertsOptions contains the optional parameters for the IncidentsClient.ListAlerts method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetAllIncidentAlerts.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil)
	res, err := client.ListAlerts(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IncidentsClientListAlertsResult)
}

Output:

func (*IncidentsClient) ListBookmarks added in v0.2.0 

func (client *IncidentsClient) ListBookmarks(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListBookmarksOptions) (IncidentsClientListBookmarksResponse, error)

ListBookmarks - Gets all incident bookmarks. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentsClientListBookmarksOptions contains the optional parameters for the IncidentsClient.ListBookmarks method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/GetAllIncidentBookmarks.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil)
	res, err := client.ListBookmarks(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IncidentsClientListBookmarksResult)
}

Output:

func (*IncidentsClient) ListEntities added in v0.2.0 

func (client *IncidentsClient) ListEntities(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListEntitiesOptions) (IncidentsClientListEntitiesResponse, error)

ListEntities - Gets all incident related entities. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. incidentID - Incident ID options - IncidentsClientListEntitiesOptions contains the optional parameters for the IncidentsClient.ListEntities method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/incidents/entities/GetAllIncidentEntities.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewIncidentsClient("<subscription-id>", cred, nil)
	res, err := client.ListEntities(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<incident-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.IncidentsClientListEntitiesResult)
}

Output:

type IncidentsClientCreateOrUpdateOptions added in v0.2.0 

type IncidentsClientCreateOrUpdateOptions struct {
}

IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method.

type IncidentsClientCreateOrUpdateResponse added in v0.2.0 

type IncidentsClientCreateOrUpdateResponse struct {
	IncidentsClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentsClientCreateOrUpdateResponse contains the response from method IncidentsClient.CreateOrUpdate.

type IncidentsClientCreateOrUpdateResult added in v0.2.0 

type IncidentsClientCreateOrUpdateResult struct {
	Incident
}

IncidentsClientCreateOrUpdateResult contains the result from method IncidentsClient.CreateOrUpdate.

type IncidentsClientCreateTeamOptions added in v0.2.0 

type IncidentsClientCreateTeamOptions struct {
}

IncidentsClientCreateTeamOptions contains the optional parameters for the IncidentsClient.CreateTeam method.

type IncidentsClientCreateTeamResponse added in v0.2.0 

type IncidentsClientCreateTeamResponse struct {
	IncidentsClientCreateTeamResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentsClientCreateTeamResponse contains the response from method IncidentsClient.CreateTeam.

type IncidentsClientCreateTeamResult added in v0.2.0 

type IncidentsClientCreateTeamResult struct {
	TeamInformation
}

IncidentsClientCreateTeamResult contains the result from method IncidentsClient.CreateTeam.

type IncidentsClientDeleteOptions added in v0.2.0 

type IncidentsClientDeleteOptions struct {
}

IncidentsClientDeleteOptions contains the optional parameters for the IncidentsClient.Delete method.

type IncidentsClientDeleteResponse added in v0.2.0 

type IncidentsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentsClientDeleteResponse contains the response from method IncidentsClient.Delete.

type IncidentsClientGetOptions added in v0.2.0 

type IncidentsClientGetOptions struct {
}

IncidentsClientGetOptions contains the optional parameters for the IncidentsClient.Get method.

type IncidentsClientGetResponse added in v0.2.0 

type IncidentsClientGetResponse struct {
	IncidentsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentsClientGetResponse contains the response from method IncidentsClient.Get.

type IncidentsClientGetResult added in v0.2.0 

type IncidentsClientGetResult struct {
	Incident
}

IncidentsClientGetResult contains the result from method IncidentsClient.Get.

type IncidentsClientListAlertsOptions added in v0.2.0 

type IncidentsClientListAlertsOptions struct {
}

IncidentsClientListAlertsOptions contains the optional parameters for the IncidentsClient.ListAlerts method.

type IncidentsClientListAlertsResponse added in v0.2.0 

type IncidentsClientListAlertsResponse struct {
	IncidentsClientListAlertsResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentsClientListAlertsResponse contains the response from method IncidentsClient.ListAlerts.

type IncidentsClientListAlertsResult added in v0.2.0 

type IncidentsClientListAlertsResult struct {
	IncidentAlertList
}

IncidentsClientListAlertsResult contains the result from method IncidentsClient.ListAlerts.

type IncidentsClientListBookmarksOptions added in v0.2.0 

type IncidentsClientListBookmarksOptions struct {
}

IncidentsClientListBookmarksOptions contains the optional parameters for the IncidentsClient.ListBookmarks method.

type IncidentsClientListBookmarksResponse added in v0.2.0 

type IncidentsClientListBookmarksResponse struct {
	IncidentsClientListBookmarksResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentsClientListBookmarksResponse contains the response from method IncidentsClient.ListBookmarks.

type IncidentsClientListBookmarksResult added in v0.2.0 

type IncidentsClientListBookmarksResult struct {
	IncidentBookmarkList
}

IncidentsClientListBookmarksResult contains the result from method IncidentsClient.ListBookmarks.

type IncidentsClientListEntitiesOptions added in v0.2.0 

type IncidentsClientListEntitiesOptions struct {
}

IncidentsClientListEntitiesOptions contains the optional parameters for the IncidentsClient.ListEntities method.

type IncidentsClientListEntitiesResponse added in v0.2.0 

type IncidentsClientListEntitiesResponse struct {
	IncidentsClientListEntitiesResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentsClientListEntitiesResponse contains the response from method IncidentsClient.ListEntities.

type IncidentsClientListEntitiesResult added in v0.2.0 

type IncidentsClientListEntitiesResult struct {
	IncidentEntitiesResponse
}

IncidentsClientListEntitiesResult contains the result from method IncidentsClient.ListEntities.

type IncidentsClientListOptions added in v0.2.0 

type IncidentsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

IncidentsClientListOptions contains the optional parameters for the IncidentsClient.List method.

type IncidentsClientListPager added in v0.2.0 

type IncidentsClientListPager struct {
	// contains filtered or unexported fields
}

IncidentsClientListPager provides operations for iterating over paged responses.

func (*IncidentsClientListPager) Err added in v0.2.0 

func (p *IncidentsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*IncidentsClientListPager) NextPage added in v0.2.0 

func (p *IncidentsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*IncidentsClientListPager) PageResponse added in v0.2.0 

func (p *IncidentsClientListPager) PageResponse() IncidentsClientListResponse

PageResponse returns the current IncidentsClientListResponse page.

type IncidentsClientListResponse added in v0.2.0 

type IncidentsClientListResponse struct {
	IncidentsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

IncidentsClientListResponse contains the response from method IncidentsClient.List.

type IncidentsClientListResult added in v0.2.0 

type IncidentsClientListResult struct {
	IncidentList
}

IncidentsClientListResult contains the result from method IncidentsClient.List.

type InsightQueryItem added in v0.2.0 

type InsightQueryItem struct {
	// REQUIRED; The kind of the entity query
	Kind *EntityQueryKind `json:"kind,omitempty"`

	// Query Template ARM Name
	Name *string `json:"name,omitempty"`

	// Properties bag for InsightQueryItem
	Properties *InsightQueryItemProperties `json:"properties,omitempty"`

	// ARM Type
	Type *string `json:"type,omitempty"`

	// READ-ONLY; Query Template ARM ID
	ID *string `json:"id,omitempty" azure:"ro"`
}

InsightQueryItem - Represents Insight Query.

func (*InsightQueryItem) GetEntityQueryItem added in v0.2.0 

func (i *InsightQueryItem) GetEntityQueryItem() *EntityQueryItem

GetEntityQueryItem implements the EntityQueryItemClassification interface for type InsightQueryItem.

func (InsightQueryItem) MarshalJSON added in v0.2.0 

func (i InsightQueryItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItem.

func (*InsightQueryItem) UnmarshalJSON added in v0.2.0 

func (i *InsightQueryItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItem.

type InsightQueryItemProperties added in v0.2.0 

type InsightQueryItemProperties struct {
	// The activity query definitions.
	AdditionalQuery *InsightQueryItemPropertiesAdditionalQuery `json:"additionalQuery,omitempty"`

	// The base query of the insight.
	BaseQuery *string `json:"baseQuery,omitempty"`

	// The insight chart query.
	ChartQuery map[string]interface{} `json:"chartQuery,omitempty"`

	// Data types for template
	DataTypes []*EntityQueryItemPropertiesDataTypesItem `json:"dataTypes,omitempty"`

	// The insight chart query.
	DefaultTimeRange *InsightQueryItemPropertiesDefaultTimeRange `json:"defaultTimeRange,omitempty"`

	// The insight description.
	Description *string `json:"description,omitempty"`

	// The insight display name.
	DisplayName *string `json:"displayName,omitempty"`

	// The query applied only to entities matching to all filters
	EntitiesFilter map[string]interface{} `json:"entitiesFilter,omitempty"`

	// The type of the entity
	InputEntityType *EntityType `json:"inputEntityType,omitempty"`

	// The insight chart query.
	ReferenceTimeRange *InsightQueryItemPropertiesReferenceTimeRange `json:"referenceTimeRange,omitempty"`

	// Data types for template
	RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"`

	// The insight table query.
	TableQuery *InsightQueryItemPropertiesTableQuery `json:"tableQuery,omitempty"`
}

InsightQueryItemProperties - Represents Insight Query.

func (InsightQueryItemProperties) MarshalJSON added in v0.2.0 

func (i InsightQueryItemProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemProperties.

type InsightQueryItemPropertiesAdditionalQuery added in v0.2.0 

type InsightQueryItemPropertiesAdditionalQuery struct {
	// The insight query.
	Query *string `json:"query,omitempty"`

	// The insight text.
	Text *string `json:"text,omitempty"`
}

InsightQueryItemPropertiesAdditionalQuery - The activity query definitions.

type InsightQueryItemPropertiesDefaultTimeRange added in v0.2.0 

type InsightQueryItemPropertiesDefaultTimeRange struct {
	// The padding for the end time of the query.
	AfterRange *string `json:"afterRange,omitempty"`

	// The padding for the start time of the query.
	BeforeRange *string `json:"beforeRange,omitempty"`
}

InsightQueryItemPropertiesDefaultTimeRange - The insight chart query.

type InsightQueryItemPropertiesReferenceTimeRange added in v0.2.0 

type InsightQueryItemPropertiesReferenceTimeRange struct {
	// Additional query time for looking back.
	BeforeRange *string `json:"beforeRange,omitempty"`
}

InsightQueryItemPropertiesReferenceTimeRange - The insight chart query.

type InsightQueryItemPropertiesTableQuery added in v0.2.0 

type InsightQueryItemPropertiesTableQuery struct {
	// List of insight column definitions.
	ColumnsDefinitions []*InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem `json:"columnsDefinitions,omitempty"`

	// List of insight queries definitions.
	QueriesDefinitions []*InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem `json:"queriesDefinitions,omitempty"`
}

InsightQueryItemPropertiesTableQuery - The insight table query.

func (InsightQueryItemPropertiesTableQuery) MarshalJSON added in v0.2.0 

func (i InsightQueryItemPropertiesTableQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQuery.

type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem added in v0.2.0 

type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem struct {
	// Insight column header.
	Header *string `json:"header,omitempty"`

	// Insights Column type.
	OutputType *OutputType `json:"outputType,omitempty"`

	// Is query supports deep-link.
	SupportDeepLink *bool `json:"supportDeepLink,omitempty"`
}

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem added in v0.2.0 

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem struct {
	// Insight column header.
	Filter *string `json:"filter,omitempty"`

	// Insight column header.
	LinkColumnsDefinitions []*InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem `json:"linkColumnsDefinitions,omitempty"`

	// Insight column header.
	Project *string `json:"project,omitempty"`

	// Insight column header.
	Summarize *string `json:"summarize,omitempty"`
}

func (InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem) MarshalJSON added in v0.2.0 

func (i InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem.

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem added in v0.2.0 

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem struct {
	// Insight Link Definition Projected Name.
	ProjectedName *string `json:"projectedName,omitempty"`

	// Insight Link Definition Query.
	Query *string `json:"Query,omitempty"`
}

type InsightsTableResult added in v0.2.0 

type InsightsTableResult struct {
	// Columns Metadata of the table
	Columns []*InsightsTableResultColumnsItem `json:"columns,omitempty"`

	// Rows data of the table
	Rows [][]*string `json:"rows,omitempty"`
}

InsightsTableResult - Query results for table insights query.

func (InsightsTableResult) MarshalJSON added in v0.2.0 

func (i InsightsTableResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightsTableResult.

type InsightsTableResultColumnsItem added in v0.2.0 

type InsightsTableResultColumnsItem struct {
	// the name of the colum
	Name *string `json:"name,omitempty"`

	// the type of the colum
	Type *string `json:"type,omitempty"`
}

type InstructionSteps added in v0.2.0 

type InstructionSteps struct {
	// Instruction step description
	Description *string `json:"description,omitempty"`

	// Instruction step details
	Instructions []*InstructionStepsInstructionsItem `json:"instructions,omitempty"`

	// Instruction step title
	Title *string `json:"title,omitempty"`
}

InstructionSteps - Instruction steps to enable the connector

func (InstructionSteps) MarshalJSON added in v0.2.0 

func (i InstructionSteps) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InstructionSteps.

type InstructionStepsInstructionsItem added in v0.2.0 

type InstructionStepsInstructionsItem struct {
	// REQUIRED; The kind of the setting
	Type *SettingType `json:"type,omitempty"`

	// The parameters for the setting
	Parameters map[string]interface{} `json:"parameters,omitempty"`
}

type IoTDeviceEntity added in v0.2.0 

type IoTDeviceEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// IoTDevice entity properties
	Properties *IoTDeviceEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

IoTDeviceEntity - Represents an IoT device entity.

func (*IoTDeviceEntity) GetEntity added in v0.2.0 

func (i *IoTDeviceEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type IoTDeviceEntity.

func (IoTDeviceEntity) MarshalJSON added in v0.2.0 

func (i IoTDeviceEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntity.

func (*IoTDeviceEntity) UnmarshalJSON added in v0.2.0 

func (i *IoTDeviceEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntity.

type IoTDeviceEntityProperties added in v0.2.0 

type IoTDeviceEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The ID of the IoT Device in the IoT Hub
	DeviceID *string `json:"deviceId,omitempty" azure:"ro"`

	// READ-ONLY; The friendly name of the device
	DeviceName *string `json:"deviceName,omitempty" azure:"ro"`

	// READ-ONLY; The type of the device
	DeviceType *string `json:"deviceType,omitempty" azure:"ro"`

	// READ-ONLY; The ID of the edge device
	EdgeID *string `json:"edgeId,omitempty" azure:"ro"`

	// READ-ONLY; The firmware version of the device
	FirmwareVersion *string `json:"firmwareVersion,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The Host entity id of this device
	HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The IP entity if of this device
	IPAddressEntityID *string `json:"ipAddressEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The AzureResource entity id of the IoT Hub
	IotHubEntityID *string `json:"iotHubEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The ID of the security agent running on the device
	IotSecurityAgentID *string `json:"iotSecurityAgentId,omitempty" azure:"ro"`

	// READ-ONLY; The MAC address of the device
	MacAddress *string `json:"macAddress,omitempty" azure:"ro"`

	// READ-ONLY; The model of the device
	Model *string `json:"model,omitempty" azure:"ro"`

	// READ-ONLY; The operating system of the device
	OperatingSystem *string `json:"operatingSystem,omitempty" azure:"ro"`

	// READ-ONLY; A list of protocols of the IoTDevice entity.
	Protocols []*string `json:"protocols,omitempty" azure:"ro"`

	// READ-ONLY; The serial number of the device
	SerialNumber *string `json:"serialNumber,omitempty" azure:"ro"`

	// READ-ONLY; The source of the device
	Source *string `json:"source,omitempty" azure:"ro"`

	// READ-ONLY; A list of TI contexts attached to the IoTDevice entity.
	ThreatIntelligence []*ThreatIntelligence `json:"threatIntelligence,omitempty" azure:"ro"`

	// READ-ONLY; The vendor of the device
	Vendor *string `json:"vendor,omitempty" azure:"ro"`
}

IoTDeviceEntityProperties - IoTDevice entity property bag.

func (IoTDeviceEntityProperties) MarshalJSON added in v0.2.0 

func (i IoTDeviceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntityProperties.

type KillChainIntent added in v0.2.0 

type KillChainIntent string

KillChainIntent - Holds the alert intent stage(s) mapping for this alert. 

const (
	// KillChainIntentCollection - Collection consists of techniques used to identify and gather information, such as sensitive
	// files, from a target network prior to exfiltration. This category also covers locations on a system or network where the
	// adversary may look for information to exfiltrate.
	KillChainIntentCollection KillChainIntent = "Collection"
	// KillChainIntentCommandAndControl - The command and control tactic represents how adversaries communicate with systems under
	// their control within a target network.
	KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl"
	// KillChainIntentCredentialAccess - Credential access represents techniques resulting in access to or control over system,
	// domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain
	// legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator
	// access) to use within the network. With sufficient access within a network, an adversary can create accounts for later
	// use within the environment.
	KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess"
	// KillChainIntentDefenseEvasion - Defense evasion consists of techniques an adversary may use to evade detection or avoid
	// other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added
	// benefit of subverting a particular defense or mitigation.
	KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion"
	// KillChainIntentDiscovery - Discovery consists of techniques that allow the adversary to gain knowledge about the system
	// and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control
	// of and what benefits operating from that system give to their current objective or overall goals during the intrusion.
	// The operating system provides many native tools that aid in this post-compromise information-gathering phase.
	KillChainIntentDiscovery KillChainIntent = "Discovery"
	// KillChainIntentExecution - The execution tactic represents techniques that result in execution of adversary-controlled
	// code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote
	// systems on a network.
	KillChainIntentExecution KillChainIntent = "Execution"
	// KillChainIntentExfiltration - Exfiltration refers to techniques and attributes that result or aid in the adversary removing
	// files and information from a target network. This category also covers locations on a system or network where the adversary
	// may look for information to exfiltrate.
	KillChainIntentExfiltration KillChainIntent = "Exfiltration"
	// KillChainIntentExploitation - Exploitation is the stage where an attacker manage to get foothold on the attacked resource.
	// This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries
	// will often be able to control the resource after this stage.
	KillChainIntentExploitation KillChainIntent = "Exploitation"
	// KillChainIntentImpact - The impact intent primary objective is to directly reduce the availability or integrity of a system,
	// service, or network; including manipulation of data to impact a business or operational process. This would often refer
	// to techniques such as ransom-ware, defacement, data manipulation and others.
	KillChainIntentImpact KillChainIntent = "Impact"
	// KillChainIntentLateralMovement - Lateral movement consists of techniques that enable an adversary to access and control
	// remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral
	// movement techniques could allow an adversary to gather information from a system without needing additional tools, such
	// as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools,
	// pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause
	// an effect.
	KillChainIntentLateralMovement KillChainIntent = "LateralMovement"
	// KillChainIntentPersistence - Persistence is any access, action, or configuration change to a system that gives an adversary
	// a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such
	// as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate
	// backdoor for them to regain access.
	KillChainIntentPersistence KillChainIntent = "Persistence"
	// KillChainIntentPrivilegeEscalation - Privilege escalation is the result of actions that allow an adversary to obtain a
	// higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work
	// and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems
	// or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation
	// of privilege.
	KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
	// KillChainIntentProbing - Probing could be an attempt to access a certain resource regardless of a malicious intent or a
	// failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected
	// as an attempt originating from outside the network in attempt to scan the target system and find a way in.
	KillChainIntentProbing KillChainIntent = "Probing"
	// KillChainIntentUnknown - The default value.
	KillChainIntentUnknown KillChainIntent = "Unknown"
)

func PossibleKillChainIntentValues added in v0.2.0 

func PossibleKillChainIntentValues() []KillChainIntent

PossibleKillChainIntentValues returns the possible values for the KillChainIntent const type.

func (KillChainIntent) ToPtr added in v0.2.0 

func (c KillChainIntent) ToPtr() *KillChainIntent

ToPtr returns a *KillChainIntent pointing to the current value.

type Kind added in v0.2.0 

type Kind string

Kind - The kind of content the metadata is for. 

const (
	KindAnalyticsRule         Kind = "AnalyticsRule"
	KindAnalyticsRuleTemplate Kind = "AnalyticsRuleTemplate"
	KindDataConnector         Kind = "DataConnector"
	KindDataType              Kind = "DataType"
	KindHuntingQuery          Kind = "HuntingQuery"
	KindInvestigationQuery    Kind = "InvestigationQuery"
	KindParser                Kind = "Parser"
	KindPlaybook              Kind = "Playbook"
	KindPlaybookTemplate      Kind = "PlaybookTemplate"
	KindSolution              Kind = "Solution"
	KindWatchlist             Kind = "Watchlist"
	KindWatchlistTemplate     Kind = "WatchlistTemplate"
	KindWorkbook              Kind = "Workbook"
	KindWorkbookTemplate      Kind = "WorkbookTemplate"
)

func PossibleKindValues added in v0.2.0 

func PossibleKindValues() []Kind

PossibleKindValues returns the possible values for the Kind const type.

func (Kind) ToPtr added in v0.2.0 

func (c Kind) ToPtr() *Kind

ToPtr returns a *Kind pointing to the current value.

type LastDataReceivedDataType added in v0.2.0 

type LastDataReceivedDataType struct {
	// Query for indicate last data received
	LastDataReceivedQuery *string `json:"lastDataReceivedQuery,omitempty"`

	// Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder
	Name *string `json:"name,omitempty"`
}

LastDataReceivedDataType - Data type for last data received

type MCASCheckRequirements added in v0.2.0 

type MCASCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// MCAS (Microsoft Cloud App Security) requirements check properties.
	Properties *MCASCheckRequirementsProperties `json:"properties,omitempty"`
}

MCASCheckRequirements - Represents MCAS (Microsoft Cloud App Security) requirements check request.

func (*MCASCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (m *MCASCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MCASCheckRequirements.

func (MCASCheckRequirements) MarshalJSON added in v0.2.0 

func (m MCASCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MCASCheckRequirements.

func (*MCASCheckRequirements) UnmarshalJSON added in v0.2.0 

func (m *MCASCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MCASCheckRequirements.

type MCASCheckRequirementsProperties added in v0.2.0 

type MCASCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties.

type MCASDataConnector 

type MCASDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// MCAS (Microsoft Cloud App Security) data connector properties.
	Properties *MCASDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MCASDataConnector - Represents MCAS (Microsoft Cloud App Security) data connector.

func (*MCASDataConnector) GetDataConnector added in v0.2.0 

func (m *MCASDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type MCASDataConnector.

func (MCASDataConnector) MarshalJSON 

func (m MCASDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MCASDataConnector.

func (*MCASDataConnector) UnmarshalJSON 

func (m *MCASDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnector.

type MCASDataConnectorDataTypes 

type MCASDataConnectorDataTypes struct {
	// REQUIRED; Alerts data type connection.
	Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"`

	// Discovery log data type connection.
	DiscoveryLogs *DataConnectorDataTypeCommon `json:"discoveryLogs,omitempty"`
}

MCASDataConnectorDataTypes - The available data types for MCAS (Microsoft Cloud App Security) data connector.

type MCASDataConnectorProperties 

type MCASDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties.

type MDATPCheckRequirements added in v0.2.0 

type MDATPCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.
	Properties *MDATPCheckRequirementsProperties `json:"properties,omitempty"`
}

MDATPCheckRequirements - Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.

func (*MDATPCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (m *MDATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MDATPCheckRequirements.

func (MDATPCheckRequirements) MarshalJSON added in v0.2.0 

func (m MDATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MDATPCheckRequirements.

func (*MDATPCheckRequirements) UnmarshalJSON added in v0.2.0 

func (m *MDATPCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MDATPCheckRequirements.

type MDATPCheckRequirementsProperties added in v0.2.0 

type MDATPCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.

type MDATPDataConnector 

type MDATPDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
	Properties *MDATPDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MDATPDataConnector - Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

func (*MDATPDataConnector) GetDataConnector added in v0.2.0 

func (m *MDATPDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type MDATPDataConnector.

func (MDATPDataConnector) MarshalJSON 

func (m MDATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MDATPDataConnector.

func (*MDATPDataConnector) UnmarshalJSON 

func (m *MDATPDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnector.

type MDATPDataConnectorProperties 

type MDATPDataConnectorProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.

type MLBehaviorAnalyticsAlertRule added in v0.2.0 

type MLBehaviorAnalyticsAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// MLBehaviorAnalytics alert rule properties
	Properties *MLBehaviorAnalyticsAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MLBehaviorAnalyticsAlertRule - Represents MLBehaviorAnalytics alert rule.

func (*MLBehaviorAnalyticsAlertRule) GetAlertRule added in v0.2.0 

func (m *MLBehaviorAnalyticsAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type MLBehaviorAnalyticsAlertRule.

func (MLBehaviorAnalyticsAlertRule) MarshalJSON added in v0.2.0 

func (m MLBehaviorAnalyticsAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRule.

func (*MLBehaviorAnalyticsAlertRule) UnmarshalJSON added in v0.2.0 

func (m *MLBehaviorAnalyticsAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRule.

type MLBehaviorAnalyticsAlertRuleProperties added in v0.2.0 

type MLBehaviorAnalyticsAlertRuleProperties struct {
	// REQUIRED; The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty" azure:"ro"`

	// READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`

	// READ-ONLY; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"`

	// READ-ONLY; The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"`
}

MLBehaviorAnalyticsAlertRuleProperties - MLBehaviorAnalytics alert rule base property bag.

func (MLBehaviorAnalyticsAlertRuleProperties) MarshalJSON added in v0.2.0 

func (m MLBehaviorAnalyticsAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleProperties.

func (*MLBehaviorAnalyticsAlertRuleProperties) UnmarshalJSON added in v0.2.0 

func (m *MLBehaviorAnalyticsAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleProperties.

type MLBehaviorAnalyticsAlertRuleTemplate added in v0.2.0 

type MLBehaviorAnalyticsAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// MLBehaviorAnalytics alert rule template properties.
	Properties *MLBehaviorAnalyticsAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MLBehaviorAnalyticsAlertRuleTemplate - Represents MLBehaviorAnalytics alert rule template.

func (*MLBehaviorAnalyticsAlertRuleTemplate) GetAlertRuleTemplate added in v0.2.0 

func (m *MLBehaviorAnalyticsAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MLBehaviorAnalyticsAlertRuleTemplate.

func (MLBehaviorAnalyticsAlertRuleTemplate) MarshalJSON added in v0.2.0 

func (m MLBehaviorAnalyticsAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleTemplate.

func (*MLBehaviorAnalyticsAlertRuleTemplate) UnmarshalJSON added in v0.2.0 

func (m *MLBehaviorAnalyticsAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleTemplate.

type MLBehaviorAnalyticsAlertRuleTemplateProperties added in v0.2.0 

type MLBehaviorAnalyticsAlertRuleTemplateProperties struct {
	// REQUIRED; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// The tactics of the alert rule template.
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

MLBehaviorAnalyticsAlertRuleTemplateProperties - MLBehaviorAnalytics alert rule template properties.

func (MLBehaviorAnalyticsAlertRuleTemplateProperties) MarshalJSON added in v0.2.0 

func (m MLBehaviorAnalyticsAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleTemplateProperties.

func (*MLBehaviorAnalyticsAlertRuleTemplateProperties) UnmarshalJSON added in v0.2.0 

func (m *MLBehaviorAnalyticsAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleTemplateProperties.

type MSTICheckRequirements added in v0.2.0 

type MSTICheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Microsoft Threat Intelligence requirements check properties.
	Properties *MSTICheckRequirementsProperties `json:"properties,omitempty"`
}

MSTICheckRequirements - Represents Microsoft Threat Intelligence requirements check request.

func (*MSTICheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (m *MSTICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MSTICheckRequirements.

func (MSTICheckRequirements) MarshalJSON added in v0.2.0 

func (m MSTICheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MSTICheckRequirements.

func (*MSTICheckRequirements) UnmarshalJSON added in v0.2.0 

func (m *MSTICheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MSTICheckRequirements.

type MSTICheckRequirementsProperties added in v0.2.0 

type MSTICheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MSTICheckRequirementsProperties - Microsoft Threat Intelligence requirements check properties.

type MSTIDataConnector added in v0.2.0 

type MSTIDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Microsoft Threat Intelligence data connector properties.
	Properties *MSTIDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MSTIDataConnector - Represents Microsoft Threat Intelligence data connector.

func (*MSTIDataConnector) GetDataConnector added in v0.2.0 

func (m *MSTIDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type MSTIDataConnector.

func (MSTIDataConnector) MarshalJSON added in v0.2.0 

func (m MSTIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MSTIDataConnector.

func (*MSTIDataConnector) UnmarshalJSON added in v0.2.0 

func (m *MSTIDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnector.

type MSTIDataConnectorDataTypes added in v0.2.0 

type MSTIDataConnectorDataTypes struct {
	// REQUIRED; Data type for Microsoft Threat Intelligence Platforms data connector.
	BingSafetyPhishingURL *MSTIDataConnectorDataTypesBingSafetyPhishingURL `json:"bingSafetyPhishingURL,omitempty"`

	// REQUIRED; Data type for Microsoft Threat Intelligence Platforms data connector.
	MicrosoftEmergingThreatFeed *MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed `json:"microsoftEmergingThreatFeed,omitempty"`
}

MSTIDataConnectorDataTypes - The available data types for Microsoft Threat Intelligence Platforms data connector.

type MSTIDataConnectorDataTypesBingSafetyPhishingURL added in v0.2.0 

type MSTIDataConnectorDataTypesBingSafetyPhishingURL struct {
	// REQUIRED; lookback period
	LookbackPeriod *string `json:"lookbackPeriod,omitempty"`

	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

MSTIDataConnectorDataTypesBingSafetyPhishingURL - Data type for Microsoft Threat Intelligence Platforms data connector.

type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed added in v0.2.0 

type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed struct {
	// REQUIRED; lookback period
	LookbackPeriod *string `json:"lookbackPeriod,omitempty"`

	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed - Data type for Microsoft Threat Intelligence Platforms data connector.

type MSTIDataConnectorProperties added in v0.2.0 

type MSTIDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *MSTIDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MSTIDataConnectorProperties - Microsoft Threat Intelligence data connector properties.

type MTPCheckRequirementsProperties added in v0.2.0 

type MTPCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MTPCheckRequirementsProperties - MTP (Microsoft Threat Protection) requirements check properties.

type MTPDataConnector added in v0.2.0 

type MTPDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// MTP (Microsoft Threat Protection) data connector properties.
	Properties *MTPDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MTPDataConnector - Represents MTP (Microsoft Threat Protection) data connector.

func (*MTPDataConnector) GetDataConnector added in v0.2.0 

func (m *MTPDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type MTPDataConnector.

func (MTPDataConnector) MarshalJSON added in v0.2.0 

func (m MTPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MTPDataConnector.

func (*MTPDataConnector) UnmarshalJSON added in v0.2.0 

func (m *MTPDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnector.

type MTPDataConnectorDataTypes added in v0.2.0 

type MTPDataConnectorDataTypes struct {
	// REQUIRED; Data type for Microsoft Threat Protection Platforms data connector.
	Incidents *MTPDataConnectorDataTypesIncidents `json:"incidents,omitempty"`
}

MTPDataConnectorDataTypes - The available data types for Microsoft Threat Protection Platforms data connector.

type MTPDataConnectorDataTypesIncidents added in v0.2.0 

type MTPDataConnectorDataTypesIncidents struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

MTPDataConnectorDataTypesIncidents - Data type for Microsoft Threat Protection Platforms data connector.

type MTPDataConnectorProperties added in v0.2.0 

type MTPDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *MTPDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MTPDataConnectorProperties - MTP (Microsoft Threat Protection) data connector properties.

type MailClusterEntity added in v0.2.0 

type MailClusterEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Mail cluster entity properties
	Properties *MailClusterEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MailClusterEntity - Represents a mail cluster entity.

func (*MailClusterEntity) GetEntity added in v0.2.0 

func (m *MailClusterEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MailClusterEntity.

func (MailClusterEntity) MarshalJSON added in v0.2.0 

func (m MailClusterEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailClusterEntity.

func (*MailClusterEntity) UnmarshalJSON added in v0.2.0 

func (m *MailClusterEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntity.

type MailClusterEntityProperties added in v0.2.0 

type MailClusterEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The cluster group
	ClusterGroup *string `json:"clusterGroup,omitempty" azure:"ro"`

	// READ-ONLY; The cluster query end time
	ClusterQueryEndTime *time.Time `json:"clusterQueryEndTime,omitempty" azure:"ro"`

	// READ-ONLY; The cluster query start time
	ClusterQueryStartTime *time.Time `json:"clusterQueryStartTime,omitempty" azure:"ro"`

	// READ-ONLY; The id of the cluster source
	ClusterSourceIdentifier *string `json:"clusterSourceIdentifier,omitempty" azure:"ro"`

	// READ-ONLY; The type of the cluster source
	ClusterSourceType *string `json:"clusterSourceType,omitempty" azure:"ro"`

	// READ-ONLY; Count of mail messages by DeliveryStatus string representation
	CountByDeliveryStatus map[string]interface{} `json:"countByDeliveryStatus,omitempty" azure:"ro"`

	// READ-ONLY; Count of mail messages by ProtectionStatus string representation
	CountByProtectionStatus map[string]interface{} `json:"countByProtectionStatus,omitempty" azure:"ro"`

	// READ-ONLY; Count of mail messages by ThreatType string representation
	CountByThreatType map[string]interface{} `json:"countByThreatType,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; Is this a volume anomaly mail cluster
	IsVolumeAnomaly *bool `json:"isVolumeAnomaly,omitempty" azure:"ro"`

	// READ-ONLY; The number of mail messages that are part of the mail cluster
	MailCount *int32 `json:"mailCount,omitempty" azure:"ro"`

	// READ-ONLY; The mail message IDs that are part of the mail cluster
	NetworkMessageIDs []*string `json:"networkMessageIds,omitempty" azure:"ro"`

	// READ-ONLY; The query that was used to identify the messages of the mail cluster
	Query *string `json:"query,omitempty" azure:"ro"`

	// READ-ONLY; The query time
	QueryTime *time.Time `json:"queryTime,omitempty" azure:"ro"`

	// READ-ONLY; The source of the mail cluster (default is 'O365 ATP')
	Source *string `json:"source,omitempty" azure:"ro"`

	// READ-ONLY; The threats of mail messages that are part of the mail cluster
	Threats []*string `json:"threats,omitempty" azure:"ro"`
}

MailClusterEntityProperties - Mail cluster entity property bag.

func (MailClusterEntityProperties) MarshalJSON added in v0.2.0 

func (m MailClusterEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailClusterEntityProperties.

func (*MailClusterEntityProperties) UnmarshalJSON added in v0.2.0 

func (m *MailClusterEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntityProperties.

type MailMessageEntity added in v0.2.0 

type MailMessageEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Mail message entity properties
	Properties *MailMessageEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MailMessageEntity - Represents a mail message entity.

func (*MailMessageEntity) GetEntity added in v0.2.0 

func (m *MailMessageEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MailMessageEntity.

func (MailMessageEntity) MarshalJSON added in v0.2.0 

func (m MailMessageEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailMessageEntity.

func (*MailMessageEntity) UnmarshalJSON added in v0.2.0 

func (m *MailMessageEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntity.

type MailMessageEntityProperties added in v0.2.0 

type MailMessageEntityProperties struct {
	// The directionality of this mail message
	AntispamDirection *AntispamMailDirection `json:"antispamDirection,omitempty"`

	// The bodyFingerprintBin1
	BodyFingerprintBin1 *int32 `json:"bodyFingerprintBin1,omitempty"`

	// The bodyFingerprintBin2
	BodyFingerprintBin2 *int32 `json:"bodyFingerprintBin2,omitempty"`

	// The bodyFingerprintBin3
	BodyFingerprintBin3 *int32 `json:"bodyFingerprintBin3,omitempty"`

	// The bodyFingerprintBin4
	BodyFingerprintBin4 *int32 `json:"bodyFingerprintBin4,omitempty"`

	// The bodyFingerprintBin5
	BodyFingerprintBin5 *int32 `json:"bodyFingerprintBin5,omitempty"`

	// The delivery action of this mail message like Delivered, Blocked, Replaced etc
	DeliveryAction *DeliveryAction `json:"deliveryAction,omitempty"`

	// The delivery location of this mail message like Inbox, JunkFolder etc
	DeliveryLocation *DeliveryLocation `json:"deliveryLocation,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The File entity ids of this mail message's attachments
	FileEntityIDs []*string `json:"fileEntityIds,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The internet message id of this mail message
	InternetMessageID *string `json:"internetMessageId,omitempty" azure:"ro"`

	// READ-ONLY; The language of this mail message
	Language *string `json:"language,omitempty" azure:"ro"`

	// READ-ONLY; The network message id of this mail message
	NetworkMessageID *string `json:"networkMessageId,omitempty" azure:"ro"`

	// READ-ONLY; The p1 sender's email address
	P1Sender *string `json:"p1Sender,omitempty" azure:"ro"`

	// READ-ONLY; The p1 sender's display name
	P1SenderDisplayName *string `json:"p1SenderDisplayName,omitempty" azure:"ro"`

	// READ-ONLY; The p1 sender's domain
	P1SenderDomain *string `json:"p1SenderDomain,omitempty" azure:"ro"`

	// READ-ONLY; The p2 sender's email address
	P2Sender *string `json:"p2Sender,omitempty" azure:"ro"`

	// READ-ONLY; The p2 sender's display name
	P2SenderDisplayName *string `json:"p2SenderDisplayName,omitempty" azure:"ro"`

	// READ-ONLY; The p2 sender's domain
	P2SenderDomain *string `json:"p2SenderDomain,omitempty" azure:"ro"`

	// READ-ONLY; The receive date of this message
	ReceiveDate *time.Time `json:"receiveDate,omitempty" azure:"ro"`

	// READ-ONLY; The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and
	// each copy has one recipient
	Recipient *string `json:"recipient,omitempty" azure:"ro"`

	// READ-ONLY; The sender's IP address
	SenderIP *string `json:"senderIP,omitempty" azure:"ro"`

	// READ-ONLY; The subject of this mail message
	Subject *string `json:"subject,omitempty" azure:"ro"`

	// READ-ONLY; The threat detection methods
	ThreatDetectionMethods []*string `json:"threatDetectionMethods,omitempty" azure:"ro"`

	// READ-ONLY; The threats of this mail message
	Threats []*string `json:"threats,omitempty" azure:"ro"`

	// READ-ONLY; The Urls contained in this mail message
	Urls []*string `json:"urls,omitempty" azure:"ro"`
}

MailMessageEntityProperties - Mail message entity property bag.

func (MailMessageEntityProperties) MarshalJSON added in v0.2.0 

func (m MailMessageEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailMessageEntityProperties.

func (*MailMessageEntityProperties) UnmarshalJSON added in v0.2.0 

func (m *MailMessageEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntityProperties.

type MailboxEntity added in v0.2.0 

type MailboxEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Mailbox entity properties
	Properties *MailboxEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MailboxEntity - Represents a mailbox entity.

func (*MailboxEntity) GetEntity added in v0.2.0 

func (m *MailboxEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MailboxEntity.

func (MailboxEntity) MarshalJSON added in v0.2.0 

func (m MailboxEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailboxEntity.

func (*MailboxEntity) UnmarshalJSON added in v0.2.0 

func (m *MailboxEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntity.

type MailboxEntityProperties added in v0.2.0 

type MailboxEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The mailbox's display name
	DisplayName *string `json:"displayName,omitempty" azure:"ro"`

	// READ-ONLY; The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox
	// object on office side
	ExternalDirectoryObjectID *string `json:"externalDirectoryObjectId,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The mailbox's primary address
	MailboxPrimaryAddress *string `json:"mailboxPrimaryAddress,omitempty" azure:"ro"`

	// READ-ONLY; The mailbox's UPN
	Upn *string `json:"upn,omitempty" azure:"ro"`
}

MailboxEntityProperties - Mailbox entity property bag.

func (MailboxEntityProperties) MarshalJSON added in v0.2.0 

func (m MailboxEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailboxEntityProperties.

type MalwareEntity added in v0.2.0 

type MalwareEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// File entity properties
	Properties *MalwareEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MalwareEntity - Represents a malware entity.

func (*MalwareEntity) GetEntity added in v0.2.0 

func (m *MalwareEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MalwareEntity.

func (MalwareEntity) MarshalJSON added in v0.2.0 

func (m MalwareEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MalwareEntity.

func (*MalwareEntity) UnmarshalJSON added in v0.2.0 

func (m *MalwareEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntity.

type MalwareEntityProperties added in v0.2.0 

type MalwareEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The malware category by the vendor, e.g. Trojan
	Category *string `json:"category,omitempty" azure:"ro"`

	// READ-ONLY; List of linked file entity identifiers on which the malware was found
	FileEntityIDs []*string `json:"fileEntityIds,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn
	MalwareName *string `json:"malwareName,omitempty" azure:"ro"`

	// READ-ONLY; List of linked process entity identifiers on which the malware was found.
	ProcessEntityIDs []*string `json:"processEntityIds,omitempty" azure:"ro"`
}

MalwareEntityProperties - Malware entity property bag.

func (MalwareEntityProperties) MarshalJSON added in v0.2.0 

func (m MalwareEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MalwareEntityProperties.

type MatchingMethod added in v0.2.0 

type MatchingMethod string

MatchingMethod - Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. 

const (
	// MatchingMethodAllEntities - Grouping alerts into a single incident if all the entities match
	MatchingMethodAllEntities MatchingMethod = "AllEntities"
	// MatchingMethodAnyAlert - Grouping any alerts triggered by this rule into a single incident
	MatchingMethodAnyAlert MatchingMethod = "AnyAlert"
	// MatchingMethodSelected - Grouping alerts into a single incident if the selected entities, custom details and alert details
	// match
	MatchingMethodSelected MatchingMethod = "Selected"
)

func PossibleMatchingMethodValues added in v0.2.0 

func PossibleMatchingMethodValues() []MatchingMethod

PossibleMatchingMethodValues returns the possible values for the MatchingMethod const type.

func (MatchingMethod) ToPtr added in v0.2.0 

func (c MatchingMethod) ToPtr() *MatchingMethod

ToPtr returns a *MatchingMethod pointing to the current value.

type MetadataAuthor added in v0.2.0 

type MetadataAuthor struct {
	// Email of author contact
	Email *string `json:"email,omitempty"`

	// Link for author/vendor page
	Link *string `json:"link,omitempty"`

	// Name of the author. Company or person.
	Name *string `json:"name,omitempty"`
}

MetadataAuthor - Publisher or creator of the content item.

type MetadataCategories added in v0.2.0 

type MetadataCategories struct {
	// domain for the solution content item
	Domains []*string `json:"domains,omitempty"`

	// Industry verticals for the solution content item
	Verticals []*string `json:"verticals,omitempty"`
}

MetadataCategories - ies for the solution content item

func (MetadataCategories) MarshalJSON added in v0.2.0 

func (m MetadataCategories) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataCategories.

type MetadataClient added in v0.2.0 

type MetadataClient struct {
	// contains filtered or unexported fields
}

MetadataClient contains the methods for the Metadata group. Don't use this type directly, use NewMetadataClient() instead.

func NewMetadataClient added in v0.2.0 

func NewMetadataClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *MetadataClient

NewMetadataClient creates a new instance of MetadataClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*MetadataClient) Create added in v0.2.0 

func (client *MetadataClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadata MetadataModel, options *MetadataClientCreateOptions) (MetadataClientCreateResponse, error)

Create - Create a Metadata. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. metadataName - The Metadata name. metadata - Metadata resource. options - MetadataClientCreateOptions contains the optional parameters for the MetadataClient.Create method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/PutMetadata.json 

package main

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewMetadataClient("<subscription-id>", cred, nil)
	res, err := client.Create(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<metadata-name>",
		armsecurityinsight.MetadataModel{
			Properties: &armsecurityinsight.MetadataProperties{
				Author: &armsecurityinsight.MetadataAuthor{
					Name:  to.StringPtr("<name>"),
					Email: to.StringPtr("<email>"),
				},
				Categories: &armsecurityinsight.MetadataCategories{
					Domains: []*string{
						to.StringPtr("Application"),
						to.StringPtr("Security – Insider Threat")},
					Verticals: []*string{
						to.StringPtr("Healthcare")},
				},
				ContentID: to.StringPtr("<content-id>"),
				Dependencies: &armsecurityinsight.MetadataDependencies{
					Criteria: []*armsecurityinsight.MetadataDependencies{
						{
							Criteria: []*armsecurityinsight.MetadataDependencies{
								{
									Name:      to.StringPtr("<name>"),
									ContentID: to.StringPtr("<content-id>"),
									Kind:      armsecurityinsight.Kind("DataConnector").ToPtr(),
								},
								{
									ContentID: to.StringPtr("<content-id>"),
									Kind:      armsecurityinsight.Kind("DataConnector").ToPtr(),
								},
								{
									ContentID: to.StringPtr("<content-id>"),
									Kind:      armsecurityinsight.Kind("DataConnector").ToPtr(),
									Version:   to.StringPtr("<version>"),
								}},
							Operator: armsecurityinsight.Operator("OR").ToPtr(),
						},
						{
							ContentID: to.StringPtr("<content-id>"),
							Kind:      armsecurityinsight.Kind("Playbook").ToPtr(),
							Version:   to.StringPtr("<version>"),
						},
						{
							ContentID: to.StringPtr("<content-id>"),
							Kind:      armsecurityinsight.Kind("Parser").ToPtr(),
						}},
					Operator: armsecurityinsight.Operator("AND").ToPtr(),
				},
				FirstPublishDate: to.TimePtr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t }()),
				Kind:             armsecurityinsight.Kind("AnalyticsRule").ToPtr(),
				LastPublishDate:  to.TimePtr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t }()),
				ParentID:         to.StringPtr("<parent-id>"),
				Providers: []*string{
					to.StringPtr("Amazon"),
					to.StringPtr("Microsoft")},
				Source: &armsecurityinsight.MetadataSource{
					Name:     to.StringPtr("<name>"),
					Kind:     armsecurityinsight.SourceKind("Solution").ToPtr(),
					SourceID: to.StringPtr("<source-id>"),
				},
				Support: &armsecurityinsight.MetadataSupport{
					Name:  to.StringPtr("<name>"),
					Email: to.StringPtr("<email>"),
					Link:  to.StringPtr("<link>"),
					Tier:  armsecurityinsight.SupportTier("Partner").ToPtr(),
				},
				Version: to.StringPtr("<version>"),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.MetadataClientCreateResult)
}

Output:

func (*MetadataClient) Delete added in v0.2.0 

func (client *MetadataClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, options *MetadataClientDeleteOptions) (MetadataClientDeleteResponse, error)

Delete - Delete a Metadata. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. metadataName - The Metadata name. options - MetadataClientDeleteOptions contains the optional parameters for the MetadataClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/DeleteMetadata.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewMetadataClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<metadata-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*MetadataClient) Get added in v0.2.0 

func (client *MetadataClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, options *MetadataClientGetOptions) (MetadataClientGetResponse, error)

Get - Get a Metadata. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. metadataName - The Metadata name. options - MetadataClientGetOptions contains the optional parameters for the MetadataClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/GetMetadata.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewMetadataClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<metadata-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.MetadataClientGetResult)
}

Output:

func (*MetadataClient) List added in v0.2.0 

func (client *MetadataClient) List(resourceGroupName string, workspaceName string, options *MetadataClientListOptions) *MetadataClientListPager

List - List of all metadata If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - MetadataClientListOptions contains the optional parameters for the MetadataClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/GetAllMetadataOData.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewMetadataClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		&armsecurityinsight.MetadataClientListOptions{Filter: nil,
			Orderby: nil,
			Top:     nil,
			Skip:    nil,
		})
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

func (*MetadataClient) Update added in v0.2.0 

func (client *MetadataClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadataPatch MetadataPatch, options *MetadataClientUpdateOptions) (MetadataClientUpdateResponse, error)

Update - Update an existing Metadata. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. metadataName - The Metadata name. metadataPatch - Partial metadata request. options - MetadataClientUpdateOptions contains the optional parameters for the MetadataClient.Update method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/metadata/PatchMetadata.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewMetadataClient("<subscription-id>", cred, nil)
	res, err := client.Update(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<metadata-name>",
		armsecurityinsight.MetadataPatch{
			Properties: &armsecurityinsight.MetadataPropertiesPatch{
				Author: &armsecurityinsight.MetadataAuthor{
					Name:  to.StringPtr("<name>"),
					Email: to.StringPtr("<email>"),
				},
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.MetadataClientUpdateResult)
}

Output:

type MetadataClientCreateOptions added in v0.2.0 

type MetadataClientCreateOptions struct {
}

MetadataClientCreateOptions contains the optional parameters for the MetadataClient.Create method.

type MetadataClientCreateResponse added in v0.2.0 

type MetadataClientCreateResponse struct {
	MetadataClientCreateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

MetadataClientCreateResponse contains the response from method MetadataClient.Create.

type MetadataClientCreateResult added in v0.2.0 

type MetadataClientCreateResult struct {
	MetadataModel
}

MetadataClientCreateResult contains the result from method MetadataClient.Create.

type MetadataClientDeleteOptions added in v0.2.0 

type MetadataClientDeleteOptions struct {
}

MetadataClientDeleteOptions contains the optional parameters for the MetadataClient.Delete method.

type MetadataClientDeleteResponse added in v0.2.0 

type MetadataClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

MetadataClientDeleteResponse contains the response from method MetadataClient.Delete.

type MetadataClientGetOptions added in v0.2.0 

type MetadataClientGetOptions struct {
}

MetadataClientGetOptions contains the optional parameters for the MetadataClient.Get method.

type MetadataClientGetResponse added in v0.2.0 

type MetadataClientGetResponse struct {
	MetadataClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

MetadataClientGetResponse contains the response from method MetadataClient.Get.

type MetadataClientGetResult added in v0.2.0 

type MetadataClientGetResult struct {
	MetadataModel
}

MetadataClientGetResult contains the result from method MetadataClient.Get.

type MetadataClientListOptions added in v0.2.0 

type MetadataClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.
	Skip *int32
	// Returns only the first n results. Optional.
	Top *int32
}

MetadataClientListOptions contains the optional parameters for the MetadataClient.List method.

type MetadataClientListPager added in v0.2.0 

type MetadataClientListPager struct {
	// contains filtered or unexported fields
}

MetadataClientListPager provides operations for iterating over paged responses.

func (*MetadataClientListPager) Err added in v0.2.0 

func (p *MetadataClientListPager) Err() error

Err returns the last error encountered while paging.

func (*MetadataClientListPager) NextPage added in v0.2.0 

func (p *MetadataClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*MetadataClientListPager) PageResponse added in v0.2.0 

func (p *MetadataClientListPager) PageResponse() MetadataClientListResponse

PageResponse returns the current MetadataClientListResponse page.

type MetadataClientListResponse added in v0.2.0 

type MetadataClientListResponse struct {
	MetadataClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

MetadataClientListResponse contains the response from method MetadataClient.List.

type MetadataClientListResult added in v0.2.0 

type MetadataClientListResult struct {
	MetadataList
}

MetadataClientListResult contains the result from method MetadataClient.List.

type MetadataClientUpdateOptions added in v0.2.0 

type MetadataClientUpdateOptions struct {
}

MetadataClientUpdateOptions contains the optional parameters for the MetadataClient.Update method.

type MetadataClientUpdateResponse added in v0.2.0 

type MetadataClientUpdateResponse struct {
	MetadataClientUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

MetadataClientUpdateResponse contains the response from method MetadataClient.Update.

type MetadataClientUpdateResult added in v0.2.0 

type MetadataClientUpdateResult struct {
	MetadataModel
}

MetadataClientUpdateResult contains the result from method MetadataClient.Update.

type MetadataDependencies added in v0.2.0 

type MetadataDependencies struct {
	// Id of the content item we depend on
	ContentID *string `json:"contentId,omitempty"`

	// This is the list of dependencies we must fulfill, according to the AND/OR operator
	Criteria []*MetadataDependencies `json:"criteria,omitempty"`

	// Type of the content item we depend on
	Kind *Kind `json:"kind,omitempty"`

	// Name of the content item
	Name *string `json:"name,omitempty"`

	// Operator used for list of dependencies in criteria array.
	Operator *Operator `json:"operator,omitempty"`

	// Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency.
	// If version does not match our defined numeric format then an exact match is
	// required.
	Version *string `json:"version,omitempty"`
}

MetadataDependencies - Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.

func (MetadataDependencies) MarshalJSON added in v0.2.0 

func (m MetadataDependencies) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataDependencies.

type MetadataList added in v0.2.0 

type MetadataList struct {
	// REQUIRED; Array of metadata.
	Value []*MetadataModel `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next page of metadata.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

MetadataList - List of all the metadata.

func (MetadataList) MarshalJSON added in v0.2.0 

func (m MetadataList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataList.

type MetadataModel added in v0.2.0 

type MetadataModel struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Metadata properties
	Properties *MetadataProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MetadataModel - Metadata resource definition.

type MetadataPatch added in v0.2.0 

type MetadataPatch struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Metadata patch request body
	Properties *MetadataPropertiesPatch `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MetadataPatch - Metadata patch request body.

func (MetadataPatch) MarshalJSON added in v0.2.0 

func (m MetadataPatch) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataPatch.

type MetadataProperties added in v0.2.0 

type MetadataProperties struct {
	// REQUIRED; The kind of content the metadata is for.
	Kind *Kind `json:"kind,omitempty"`

	// REQUIRED; Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope
	// (subscription and resource group)
	ParentID *string `json:"parentId,omitempty"`

	// The creator of the content item.
	Author *MetadataAuthor `json:"author,omitempty"`

	// Categories for the solution content item
	Categories *MetadataCategories `json:"categories,omitempty"`

	// Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for
	// out of the box content and solutions. Dynamic for user-created. This is the
	// resource name
	ContentID *string `json:"contentId,omitempty"`

	// Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies
	// using a recursive/nested structure. For a single dependency an id/kind/version
	// can be supplied or operator/criteria for complex formats.
	Dependencies *MetadataDependencies `json:"dependencies,omitempty"`

	// first publish date solution content item
	FirstPublishDate *time.Time `json:"firstPublishDate,omitempty"`

	// last publish date for the solution content item
	LastPublishDate *time.Time `json:"lastPublishDate,omitempty"`

	// Providers for the solution content item
	Providers []*string `json:"providers,omitempty"`

	// Source of the content. This is where/how it was created.
	Source *MetadataSource `json:"source,omitempty"`

	// Support information for the metadata - type, name, contact information
	Support *MetadataSupport `json:"support,omitempty"`

	// Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template
	// best practices. Can also be any string, but then we cannot guarantee any version
	// checks
	Version *string `json:"version,omitempty"`
}

MetadataProperties - Metadata property bag.

func (MetadataProperties) MarshalJSON added in v0.2.0 

func (m MetadataProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataProperties.

func (*MetadataProperties) UnmarshalJSON added in v0.2.0 

func (m *MetadataProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataProperties.

type MetadataPropertiesPatch added in v0.2.0 

type MetadataPropertiesPatch struct {
	// The creator of the content item.
	Author *MetadataAuthor `json:"author,omitempty"`

	// Categories for the solution content item
	Categories *MetadataCategories `json:"categories,omitempty"`

	// Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for
	// out of the box content and solutions. Dynamic for user-created. This is the
	// resource name
	ContentID *string `json:"contentId,omitempty"`

	// Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies
	// using a recursive/nested structure. For a single dependency an id/kind/version
	// can be supplied or operator/criteria for complex formats.
	Dependencies *MetadataDependencies `json:"dependencies,omitempty"`

	// first publish date solution content item
	FirstPublishDate *time.Time `json:"firstPublishDate,omitempty"`

	// The kind of content the metadata is for.
	Kind *Kind `json:"kind,omitempty"`

	// last publish date for the solution content item
	LastPublishDate *time.Time `json:"lastPublishDate,omitempty"`

	// Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription
	// and resource group)
	ParentID *string `json:"parentId,omitempty"`

	// Providers for the solution content item
	Providers []*string `json:"providers,omitempty"`

	// Source of the content. This is where/how it was created.
	Source *MetadataSource `json:"source,omitempty"`

	// Support information for the metadata - type, name, contact information
	Support *MetadataSupport `json:"support,omitempty"`

	// Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template
	// best practices. Can also be any string, but then we cannot guarantee any version
	// checks
	Version *string `json:"version,omitempty"`
}

MetadataPropertiesPatch - Metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required

func (MetadataPropertiesPatch) MarshalJSON added in v0.2.0 

func (m MetadataPropertiesPatch) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataPropertiesPatch.

func (*MetadataPropertiesPatch) UnmarshalJSON added in v0.2.0 

func (m *MetadataPropertiesPatch) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataPropertiesPatch.

type MetadataSource added in v0.2.0 

type MetadataSource struct {
	// REQUIRED; Source type of the content
	Kind *SourceKind `json:"kind,omitempty"`

	// Name of the content source. The repo name, solution name, LA workspace name etc.
	Name *string `json:"name,omitempty"`

	// ID of the content source. The solution ID, workspace ID, etc
	SourceID *string `json:"sourceId,omitempty"`
}

MetadataSource - The original source of the content item, where it comes from.

type MetadataSupport added in v0.2.0 

type MetadataSupport struct {
	// REQUIRED; Type of support for content item
	Tier *SupportTier `json:"tier,omitempty"`

	// Email of support contact
	Email *string `json:"email,omitempty"`

	// Link for support help, like to support page to open a ticket etc.
	Link *string `json:"link,omitempty"`

	// Name of the support contact. Company or person.
	Name *string `json:"name,omitempty"`
}

MetadataSupport - Support information for the content item.

type MicrosoftSecurityIncidentCreationAlertRule 

type MicrosoftSecurityIncidentCreationAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// MicrosoftSecurityIncidentCreation rule properties
	Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MicrosoftSecurityIncidentCreationAlertRule - Represents MicrosoftSecurityIncidentCreation rule.

func (*MicrosoftSecurityIncidentCreationAlertRule) GetAlertRule added in v0.2.0 

func (m *MicrosoftSecurityIncidentCreationAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRule.

func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRule.

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties 

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct {
	// REQUIRED; The alerts' productName on which the cases will be generated
	ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"`

	// the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"`

	// the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"`

	// the alerts' severities on which the cases will be generated
	SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleCommonProperties - MicrosoftSecurityIncidentCreation rule common property bag.

func (MicrosoftSecurityIncidentCreationAlertRuleCommonProperties) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRuleCommonProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties.

type MicrosoftSecurityIncidentCreationAlertRuleProperties 

type MicrosoftSecurityIncidentCreationAlertRuleProperties struct {
	// REQUIRED; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; The alerts' productName on which the cases will be generated
	ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"`

	// The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// The description of the alert rule.
	Description *string `json:"description,omitempty"`

	// the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"`

	// the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"`

	// the alerts' severities on which the cases will be generated
	SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"`

	// READ-ONLY; The last time that this alert has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`
}

MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule property bag.

func (MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties.

func (*MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties.

type MicrosoftSecurityIncidentCreationAlertRuleTemplate 

type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// MicrosoftSecurityIncidentCreation rule template properties
	Properties *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplate - Represents MicrosoftSecurityIncidentCreation rule template.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) GetAlertRuleTemplate added in v0.2.0 

func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties 

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct {
	// REQUIRED; The alerts' productName on which the cases will be generated
	ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"`

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"`

	// the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// the alerts' severities on which the cases will be generated
	SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties

func (MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.

type MicrosoftSecurityProductName 

type MicrosoftSecurityProductName string

MicrosoftSecurityProductName - The alerts' productName on which the cases will be generated 

const (
	MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection    MicrosoftSecurityProductName = "Azure Active Directory Identity Protection"
	MicrosoftSecurityProductNameAzureAdvancedThreatProtection             MicrosoftSecurityProductName = "Azure Advanced Threat Protection"
	MicrosoftSecurityProductNameAzureSecurityCenter                       MicrosoftSecurityProductName = "Azure Security Center"
	MicrosoftSecurityProductNameAzureSecurityCenterForIoT                 MicrosoftSecurityProductName = "Azure Security Center for IoT"
	MicrosoftSecurityProductNameMicrosoftCloudAppSecurity                 MicrosoftSecurityProductName = "Microsoft Cloud App Security"
	MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection"
	MicrosoftSecurityProductNameOffice365AdvancedThreatProtection         MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection"
)

func PossibleMicrosoftSecurityProductNameValues 

func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName

PossibleMicrosoftSecurityProductNameValues returns the possible values for the MicrosoftSecurityProductName const type.

func (MicrosoftSecurityProductName) ToPtr 

func (c MicrosoftSecurityProductName) ToPtr() *MicrosoftSecurityProductName

ToPtr returns a *MicrosoftSecurityProductName pointing to the current value.

type MtpCheckRequirements added in v0.2.0 

type MtpCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// MTP (Microsoft Threat Protection) requirements check properties.
	Properties *MTPCheckRequirementsProperties `json:"properties,omitempty"`
}

MtpCheckRequirements - Represents MTP (Microsoft Threat Protection) requirements check request.

func (*MtpCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (m *MtpCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MtpCheckRequirements.

func (MtpCheckRequirements) MarshalJSON added in v0.2.0 

func (m MtpCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MtpCheckRequirements.

func (*MtpCheckRequirements) UnmarshalJSON added in v0.2.0 

func (m *MtpCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MtpCheckRequirements.

type NrtAlertRule added in v0.2.0 

type NrtAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// NRT alert rule properties
	Properties *NrtAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

NrtAlertRule - Represents NRT alert rule.

func (*NrtAlertRule) GetAlertRule added in v0.2.0 

func (n *NrtAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type NrtAlertRule.

func (NrtAlertRule) MarshalJSON added in v0.2.0 

func (n NrtAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NrtAlertRule.

func (*NrtAlertRule) UnmarshalJSON added in v0.2.0 

func (n *NrtAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRule.

type NrtAlertRuleProperties added in v0.2.0 

type NrtAlertRuleProperties struct {
	// REQUIRED; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`

	// REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`

	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`

	// The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails,omitempty"`

	// The description of the alert rule.
	Description *string `json:"description,omitempty"`

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping `json:"entityMappings,omitempty"`

	// The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`

	// The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0
	TemplateVersion *string `json:"templateVersion,omitempty"`

	// READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`
}

NrtAlertRuleProperties - Nrt alert rule base property bag.

func (NrtAlertRuleProperties) MarshalJSON added in v0.2.0 

func (n NrtAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleProperties.

func (*NrtAlertRuleProperties) UnmarshalJSON added in v0.2.0 

func (n *NrtAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleProperties.

type NrtAlertRuleTemplate added in v0.2.0 

type NrtAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// NRT alert rule template properties
	Properties *NrtAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

NrtAlertRuleTemplate - Represents NRT alert rule template.

func (*NrtAlertRuleTemplate) GetAlertRuleTemplate added in v0.2.0 

func (n *NrtAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type NrtAlertRuleTemplate.

func (NrtAlertRuleTemplate) MarshalJSON added in v0.2.0 

func (n NrtAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleTemplate.

func (*NrtAlertRuleTemplate) UnmarshalJSON added in v0.2.0 

func (n *NrtAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleTemplate.

type NrtAlertRuleTemplateProperties added in v0.2.0 

type NrtAlertRuleTemplateProperties struct {
	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping `json:"entityMappings,omitempty"`

	// The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The version of this template - in format , where all are numbers. For example .
	Version *string `json:"version,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

NrtAlertRuleTemplateProperties - NRT alert rule template properties

func (NrtAlertRuleTemplateProperties) MarshalJSON added in v0.2.0 

func (n NrtAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleTemplateProperties.

func (*NrtAlertRuleTemplateProperties) UnmarshalJSON added in v0.2.0 

func (n *NrtAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleTemplateProperties.

type OSFamily added in v0.2.0 

type OSFamily string

OSFamily - The operating system type. 

const (
	// OSFamilyLinux - Host with Linux operating system.
	OSFamilyLinux OSFamily = "Linux"
	// OSFamilyWindows - Host with Windows operating system.
	OSFamilyWindows OSFamily = "Windows"
	// OSFamilyAndroid - Host with Android operating system.
	OSFamilyAndroid OSFamily = "Android"
	// OSFamilyIOS - Host with IOS operating system.
	OSFamilyIOS OSFamily = "IOS"
	// OSFamilyUnknown - Host with Unknown operating system.
	OSFamilyUnknown OSFamily = "Unknown"
)

func PossibleOSFamilyValues added in v0.2.0 

func PossibleOSFamilyValues() []OSFamily

PossibleOSFamilyValues returns the possible values for the OSFamily const type.

func (OSFamily) ToPtr added in v0.2.0 

func (c OSFamily) ToPtr() *OSFamily

ToPtr returns a *OSFamily pointing to the current value.

type OfficeATPCheckRequirements added in v0.2.0 

type OfficeATPCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.
	Properties *OfficeATPCheckRequirementsProperties `json:"properties,omitempty"`
}

OfficeATPCheckRequirements - Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.

func (*OfficeATPCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (o *OfficeATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) MarshalJSON added in v0.2.0 

func (o OfficeATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeATPCheckRequirements.

func (*OfficeATPCheckRequirements) UnmarshalJSON added in v0.2.0 

func (o *OfficeATPCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPCheckRequirements.

type OfficeATPCheckRequirementsProperties added in v0.2.0 

type OfficeATPCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.

type OfficeATPDataConnector added in v0.2.0 

type OfficeATPDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// OfficeATP (Office 365 Advanced Threat Protection) data connector properties.
	Properties *OfficeATPDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

OfficeATPDataConnector - Represents OfficeATP (Office 365 Advanced Threat Protection) data connector.

func (*OfficeATPDataConnector) GetDataConnector added in v0.2.0 

func (o *OfficeATPDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type OfficeATPDataConnector.

func (OfficeATPDataConnector) MarshalJSON added in v0.2.0 

func (o OfficeATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeATPDataConnector.

func (*OfficeATPDataConnector) UnmarshalJSON added in v0.2.0 

func (o *OfficeATPDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPDataConnector.

type OfficeATPDataConnectorProperties added in v0.2.0 

type OfficeATPDataConnectorProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties.

type OfficeConsent 

type OfficeConsent struct {
	// Office consent properties
	Properties *OfficeConsentProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

OfficeConsent - Consent for Office365 tenant that already made.

type OfficeConsentList 

type OfficeConsentList struct {
	// REQUIRED; Array of the consents.
	Value []*OfficeConsent `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of office consents.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

OfficeConsentList - List of all the office365 consents.

func (OfficeConsentList) MarshalJSON 

func (o OfficeConsentList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeConsentList.

type OfficeConsentProperties 

type OfficeConsentProperties struct {
	// Help to easily cascade among the data layers.
	ConsentID *string `json:"consentId,omitempty"`

	// The tenantId of the Office365 with the consent.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeConsentProperties - Consent property bag.

type OfficeConsentsClient added in v0.2.0 

type OfficeConsentsClient struct {
	// contains filtered or unexported fields
}

OfficeConsentsClient contains the methods for the OfficeConsents group. Don't use this type directly, use NewOfficeConsentsClient() instead.

func NewOfficeConsentsClient added in v0.2.0 

func NewOfficeConsentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *OfficeConsentsClient

NewOfficeConsentsClient creates a new instance of OfficeConsentsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*OfficeConsentsClient) Delete added in v0.2.0 

func (client *OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientDeleteOptions) (OfficeConsentsClientDeleteResponse, error)

Delete - Delete the office365 consent. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. consentID - consent ID options - OfficeConsentsClientDeleteOptions contains the optional parameters for the OfficeConsentsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewOfficeConsentsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<consent-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*OfficeConsentsClient) Get added in v0.2.0 

func (client *OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientGetOptions) (OfficeConsentsClientGetResponse, error)

Get - Gets an office365 consent. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. consentID - consent ID options - OfficeConsentsClientGetOptions contains the optional parameters for the OfficeConsentsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewOfficeConsentsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<consent-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.OfficeConsentsClientGetResult)
}

Output:

func (*OfficeConsentsClient) List added in v0.2.0 

func (client *OfficeConsentsClient) List(resourceGroupName string, workspaceName string, options *OfficeConsentsClientListOptions) *OfficeConsentsClientListPager

List - Gets all office365 consents. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - OfficeConsentsClientListOptions contains the optional parameters for the OfficeConsentsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/officeConsents/GetOfficeConsents.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewOfficeConsentsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type OfficeConsentsClientDeleteOptions added in v0.2.0 

type OfficeConsentsClientDeleteOptions struct {
}

OfficeConsentsClientDeleteOptions contains the optional parameters for the OfficeConsentsClient.Delete method.

type OfficeConsentsClientDeleteResponse added in v0.2.0 

type OfficeConsentsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

OfficeConsentsClientDeleteResponse contains the response from method OfficeConsentsClient.Delete.

type OfficeConsentsClientGetOptions added in v0.2.0 

type OfficeConsentsClientGetOptions struct {
}

OfficeConsentsClientGetOptions contains the optional parameters for the OfficeConsentsClient.Get method.

type OfficeConsentsClientGetResponse added in v0.2.0 

type OfficeConsentsClientGetResponse struct {
	OfficeConsentsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

OfficeConsentsClientGetResponse contains the response from method OfficeConsentsClient.Get.

type OfficeConsentsClientGetResult added in v0.2.0 

type OfficeConsentsClientGetResult struct {
	OfficeConsent
}

OfficeConsentsClientGetResult contains the result from method OfficeConsentsClient.Get.

type OfficeConsentsClientListOptions added in v0.2.0 

type OfficeConsentsClientListOptions struct {
}

OfficeConsentsClientListOptions contains the optional parameters for the OfficeConsentsClient.List method.

type OfficeConsentsClientListPager added in v0.2.0 

type OfficeConsentsClientListPager struct {
	// contains filtered or unexported fields
}

OfficeConsentsClientListPager provides operations for iterating over paged responses.

func (*OfficeConsentsClientListPager) Err added in v0.2.0 

func (p *OfficeConsentsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*OfficeConsentsClientListPager) NextPage added in v0.2.0 

func (p *OfficeConsentsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*OfficeConsentsClientListPager) PageResponse added in v0.2.0 

func (p *OfficeConsentsClientListPager) PageResponse() OfficeConsentsClientListResponse

PageResponse returns the current OfficeConsentsClientListResponse page.

type OfficeConsentsClientListResponse added in v0.2.0 

type OfficeConsentsClientListResponse struct {
	OfficeConsentsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

OfficeConsentsClientListResponse contains the response from method OfficeConsentsClient.List.

type OfficeConsentsClientListResult added in v0.2.0 

type OfficeConsentsClientListResult struct {
	OfficeConsentList
}

OfficeConsentsClientListResult contains the result from method OfficeConsentsClient.List.

type OfficeDataConnector 

type OfficeDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Office data connector properties.
	Properties *OfficeDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

OfficeDataConnector - Represents office data connector.

func (*OfficeDataConnector) GetDataConnector added in v0.2.0 

func (o *OfficeDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type OfficeDataConnector.

func (OfficeDataConnector) MarshalJSON 

func (o OfficeDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnector.

func (*OfficeDataConnector) UnmarshalJSON 

func (o *OfficeDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnector.

type OfficeDataConnectorDataTypes 

type OfficeDataConnectorDataTypes struct {
	// REQUIRED; Exchange data type connection.
	Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"`

	// REQUIRED; SharePoint data type connection.
	SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"`

	// REQUIRED; Teams data type connection.
	Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"`
}

OfficeDataConnectorDataTypes - The available data types for office data connector.

type OfficeDataConnectorDataTypesExchange 

type OfficeDataConnectorDataTypesExchange struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesExchange - Exchange data type connection.

type OfficeDataConnectorDataTypesSharePoint 

type OfficeDataConnectorDataTypesSharePoint struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesSharePoint - SharePoint data type connection.

type OfficeDataConnectorDataTypesTeams 

type OfficeDataConnectorDataTypesTeams struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesTeams - Teams data type connection.

type OfficeDataConnectorProperties 

type OfficeDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeDataConnectorProperties - Office data connector properties.

type OfficeIRMCheckRequirements added in v0.2.0 

type OfficeIRMCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// OfficeIRM (Microsoft Insider Risk Management) requirements check properties.
	Properties *OfficeIRMCheckRequirementsProperties `json:"properties,omitempty"`
}

OfficeIRMCheckRequirements - Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request.

func (*OfficeIRMCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (o *OfficeIRMCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) MarshalJSON added in v0.2.0 

func (o OfficeIRMCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeIRMCheckRequirements.

func (*OfficeIRMCheckRequirements) UnmarshalJSON added in v0.2.0 

func (o *OfficeIRMCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMCheckRequirements.

type OfficeIRMCheckRequirementsProperties added in v0.2.0 

type OfficeIRMCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeIRMCheckRequirementsProperties - OfficeIRM (Microsoft Insider Risk Management) requirements check properties.

type OfficeIRMDataConnector added in v0.2.0 

type OfficeIRMDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// OfficeIRM (Microsoft Insider Risk Management) data connector properties.
	Properties *OfficeIRMDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

OfficeIRMDataConnector - Represents OfficeIRM (Microsoft Insider Risk Management) data connector.

func (*OfficeIRMDataConnector) GetDataConnector added in v0.2.0 

func (o *OfficeIRMDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type OfficeIRMDataConnector.

func (OfficeIRMDataConnector) MarshalJSON added in v0.2.0 

func (o OfficeIRMDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeIRMDataConnector.

func (*OfficeIRMDataConnector) UnmarshalJSON added in v0.2.0 

func (o *OfficeIRMDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMDataConnector.

type OfficeIRMDataConnectorProperties added in v0.2.0 

type OfficeIRMDataConnectorProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

OfficeIRMDataConnectorProperties - OfficeIRM (Microsoft Insider Risk Management) data connector properties.

type Operation 

type Operation struct {
	// Properties of the operation
	Display *OperationDisplay `json:"display,omitempty"`

	// Indicates whether the operation is a data action
	IsDataAction *bool `json:"isDataAction,omitempty"`

	// Name of the operation
	Name *string `json:"name,omitempty"`

	// The origin of the operation
	Origin *string `json:"origin,omitempty"`
}

Operation provided by provider

type OperationDisplay 

type OperationDisplay struct {
	// Description of the operation
	Description *string `json:"description,omitempty"`

	// Operation name
	Operation *string `json:"operation,omitempty"`

	// Provider name
	Provider *string `json:"provider,omitempty"`

	// Resource name
	Resource *string `json:"resource,omitempty"`
}

OperationDisplay - Properties of the operation

type OperationsClient 

type OperationsClient struct {
	// contains filtered or unexported fields
}

OperationsClient contains the methods for the Operations group. Don't use this type directly, use NewOperationsClient() instead.

func NewOperationsClient 

func NewOperationsClient(credential azcore.TokenCredential, options *arm.ClientOptions) *OperationsClient

NewOperationsClient creates a new instance of OperationsClient with the specified values. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*OperationsClient) List 

func (client *OperationsClient) List(options *OperationsClientListOptions) *OperationsClientListPager

List - Lists all operations available Azure Security Insights Resource Provider. If the operation fails it returns an *azcore.ResponseError type. options - OperationsClientListOptions contains the optional parameters for the OperationsClient.List method.

type OperationsClientListOptions added in v0.2.0 

type OperationsClientListOptions struct {
}

OperationsClientListOptions contains the optional parameters for the OperationsClient.List method.

type OperationsClientListPager added in v0.2.0 

type OperationsClientListPager struct {
	// contains filtered or unexported fields
}

OperationsClientListPager provides operations for iterating over paged responses.

func (*OperationsClientListPager) Err added in v0.2.0 

func (p *OperationsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*OperationsClientListPager) NextPage added in v0.2.0 

func (p *OperationsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*OperationsClientListPager) PageResponse added in v0.2.0 

func (p *OperationsClientListPager) PageResponse() OperationsClientListResponse

PageResponse returns the current OperationsClientListResponse page.

type OperationsClientListResponse added in v0.2.0 

type OperationsClientListResponse struct {
	OperationsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

OperationsClientListResponse contains the response from method OperationsClient.List.

type OperationsClientListResult added in v0.2.0 

type OperationsClientListResult struct {
	OperationsList
}

OperationsClientListResult contains the result from method OperationsClient.List.

type OperationsList 

type OperationsList struct {
	// REQUIRED; Array of operations
	Value []*Operation `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of operations.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

OperationsList - Lists the operations available in the SecurityInsights RP.

func (OperationsList) MarshalJSON 

func (o OperationsList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OperationsList.

type Operator added in v0.2.0 

type Operator string

Operator - Operator used for list of dependencies in criteria array. 

const (
	OperatorAND Operator = "AND"
	OperatorOR  Operator = "OR"
)

func PossibleOperatorValues added in v0.2.0 

func PossibleOperatorValues() []Operator

PossibleOperatorValues returns the possible values for the Operator const type.

func (Operator) ToPtr added in v0.2.0 

func (c Operator) ToPtr() *Operator

ToPtr returns a *Operator pointing to the current value.

type OutputType added in v0.2.0 

type OutputType string

OutputType - Insights Column type. 

const (
	OutputTypeDate   OutputType = "Date"
	OutputTypeEntity OutputType = "Entity"
	OutputTypeNumber OutputType = "Number"
	OutputTypeString OutputType = "String"
)

func PossibleOutputTypeValues added in v0.2.0 

func PossibleOutputTypeValues() []OutputType

PossibleOutputTypeValues returns the possible values for the OutputType const type.

func (OutputType) ToPtr added in v0.2.0 

func (c OutputType) ToPtr() *OutputType

ToPtr returns a *OutputType pointing to the current value.

type OwnerType added in v0.2.0 

type OwnerType string

OwnerType - The type of the owner the incident is assigned to. 

const (
	// OwnerTypeGroup - The incident owner type is an AAD group
	OwnerTypeGroup OwnerType = "Group"
	// OwnerTypeUnknown - The incident owner type is unknown
	OwnerTypeUnknown OwnerType = "Unknown"
	// OwnerTypeUser - The incident owner type is an AAD user
	OwnerTypeUser OwnerType = "User"
)

func PossibleOwnerTypeValues added in v0.2.0 

func PossibleOwnerTypeValues() []OwnerType

PossibleOwnerTypeValues returns the possible values for the OwnerType const type.

func (OwnerType) ToPtr added in v0.2.0 

func (c OwnerType) ToPtr() *OwnerType

ToPtr returns a *OwnerType pointing to the current value.

type PermissionProviderScope added in v0.2.0 

type PermissionProviderScope string

PermissionProviderScope - Permission provider scope 

const (
	PermissionProviderScopeResourceGroup PermissionProviderScope = "ResourceGroup"
	PermissionProviderScopeSubscription  PermissionProviderScope = "Subscription"
	PermissionProviderScopeWorkspace     PermissionProviderScope = "Workspace"
)

func PossiblePermissionProviderScopeValues added in v0.2.0 

func PossiblePermissionProviderScopeValues() []PermissionProviderScope

PossiblePermissionProviderScopeValues returns the possible values for the PermissionProviderScope const type.

func (PermissionProviderScope) ToPtr added in v0.2.0 

func (c PermissionProviderScope) ToPtr() *PermissionProviderScope

ToPtr returns a *PermissionProviderScope pointing to the current value.

type Permissions added in v0.2.0 

type Permissions struct {
	// Customs permissions required for the connector
	Customs []*PermissionsCustomsItem `json:"customs,omitempty"`

	// Resource provider permissions required for the connector
	ResourceProvider []*PermissionsResourceProviderItem `json:"resourceProvider,omitempty"`
}

Permissions required for the connector

func (Permissions) MarshalJSON added in v0.2.0 

func (p Permissions) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Permissions.

type PermissionsCustomsItem added in v0.2.0 

type PermissionsCustomsItem struct {
	// Customs permissions description
	Description *string `json:"description,omitempty"`

	// Customs permissions name
	Name *string `json:"name,omitempty"`
}

type PermissionsResourceProviderItem added in v0.2.0 

type PermissionsResourceProviderItem struct {
	// Permission description text
	PermissionsDisplayText *string `json:"permissionsDisplayText,omitempty"`

	// Provider name
	Provider *ProviderName `json:"provider,omitempty"`

	// Permission provider display name
	ProviderDisplayName *string `json:"providerDisplayName,omitempty"`

	// Required permissions for the connector
	RequiredPermissions *RequiredPermissions `json:"requiredPermissions,omitempty"`

	// Permission provider scope
	Scope *PermissionProviderScope `json:"scope,omitempty"`
}

type PollingFrequency added in v0.2.0 

type PollingFrequency string

PollingFrequency - The polling frequency for the TAXII server. 

const (
	// PollingFrequencyOnceADay - Once a day
	PollingFrequencyOnceADay PollingFrequency = "OnceADay"
	// PollingFrequencyOnceAMinute - Once a minute
	PollingFrequencyOnceAMinute PollingFrequency = "OnceAMinute"
	// PollingFrequencyOnceAnHour - Once an hour
	PollingFrequencyOnceAnHour PollingFrequency = "OnceAnHour"
)

func PossiblePollingFrequencyValues added in v0.2.0 

func PossiblePollingFrequencyValues() []PollingFrequency

PossiblePollingFrequencyValues returns the possible values for the PollingFrequency const type.

func (PollingFrequency) ToPtr added in v0.2.0 

func (c PollingFrequency) ToPtr() *PollingFrequency

ToPtr returns a *PollingFrequency pointing to the current value.

type ProcessEntity added in v0.2.0 

type ProcessEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Process entity properties
	Properties *ProcessEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ProcessEntity - Represents a process entity.

func (*ProcessEntity) GetEntity added in v0.2.0 

func (p *ProcessEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type ProcessEntity.

func (ProcessEntity) MarshalJSON added in v0.2.0 

func (p ProcessEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ProcessEntity.

func (*ProcessEntity) UnmarshalJSON added in v0.2.0 

func (p *ProcessEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntity.

type ProcessEntityProperties added in v0.2.0 

type ProcessEntityProperties struct {
	// The elevation token associated with the process.
	ElevationToken *ElevationToken `json:"elevationToken,omitempty"`

	// READ-ONLY; The account entity id running the processes.
	AccountEntityID *string `json:"accountEntityId,omitempty" azure:"ro"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The command line used to create the process
	CommandLine *string `json:"commandLine,omitempty" azure:"ro"`

	// READ-ONLY; The time when the process started to run
	CreationTimeUTC *time.Time `json:"creationTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The host entity id on which the process was running
	HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The session entity id in which the process was running
	HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty" azure:"ro"`

	// READ-ONLY; Image file entity id
	ImageFileEntityID *string `json:"imageFileEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The parent process entity id.
	ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The process ID
	ProcessID *string `json:"processId,omitempty" azure:"ro"`
}

ProcessEntityProperties - Process entity property bag.

func (ProcessEntityProperties) MarshalJSON added in v0.2.0 

func (p ProcessEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ProcessEntityProperties.

func (*ProcessEntityProperties) UnmarshalJSON added in v0.2.0 

func (p *ProcessEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntityProperties.

type ProductSettingsClient added in v0.2.0 

type ProductSettingsClient struct {
	// contains filtered or unexported fields
}

ProductSettingsClient contains the methods for the ProductSettings group. Don't use this type directly, use NewProductSettingsClient() instead.

func NewProductSettingsClient added in v0.2.0 

func NewProductSettingsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *ProductSettingsClient

NewProductSettingsClient creates a new instance of ProductSettingsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*ProductSettingsClient) Delete added in v0.2.0 

func (client *ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientDeleteOptions) (ProductSettingsClientDeleteResponse, error)

Delete - Delete setting of the product. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba options - ProductSettingsClientDeleteOptions contains the optional parameters for the ProductSettingsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/DeleteEyesOnSetting.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewProductSettingsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<settings-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*ProductSettingsClient) Get added in v0.2.0 

func (client *ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientGetOptions) (ProductSettingsClientGetResponse, error)

Get - Gets a setting. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba options - ProductSettingsClientGetOptions contains the optional parameters for the ProductSettingsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/GetEyesOnSetting.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewProductSettingsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<settings-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.ProductSettingsClientGetResult)
}

Output:

func (*ProductSettingsClient) List added in v0.2.0 

func (client *ProductSettingsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *ProductSettingsClientListOptions) (ProductSettingsClientListResponse, error)

List - List of all the settings If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - ProductSettingsClientListOptions contains the optional parameters for the ProductSettingsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/GetAllSettings.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewProductSettingsClient("<subscription-id>", cred, nil)
	res, err := client.List(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.ProductSettingsClientListResult)
}

Output:

func (*ProductSettingsClient) Update added in v0.2.0 

func (client *ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, settings SettingsClassification, options *ProductSettingsClientUpdateOptions) (ProductSettingsClientUpdateResponse, error)

Update - Updates setting. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba settings - The setting options - ProductSettingsClientUpdateOptions contains the optional parameters for the ProductSettingsClient.Update method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/settings/UpdateEyesOnSetting.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewProductSettingsClient("<subscription-id>", cred, nil)
	res, err := client.Update(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<settings-name>",
		&armsecurityinsight.EyesOn{
			Etag:       to.StringPtr("<etag>"),
			Kind:       armsecurityinsight.SettingKind("EyesOn").ToPtr(),
			Properties: &armsecurityinsight.EyesOnSettingsProperties{},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.ProductSettingsClientUpdateResult)
}

Output:

type ProductSettingsClientDeleteOptions added in v0.2.0 

type ProductSettingsClientDeleteOptions struct {
}

ProductSettingsClientDeleteOptions contains the optional parameters for the ProductSettingsClient.Delete method.

type ProductSettingsClientDeleteResponse added in v0.2.0 

type ProductSettingsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ProductSettingsClientDeleteResponse contains the response from method ProductSettingsClient.Delete.

type ProductSettingsClientGetOptions added in v0.2.0 

type ProductSettingsClientGetOptions struct {
}

ProductSettingsClientGetOptions contains the optional parameters for the ProductSettingsClient.Get method.

type ProductSettingsClientGetResponse added in v0.2.0 

type ProductSettingsClientGetResponse struct {
	ProductSettingsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ProductSettingsClientGetResponse contains the response from method ProductSettingsClient.Get.

type ProductSettingsClientGetResult added in v0.2.0 

type ProductSettingsClientGetResult struct {
	SettingsClassification
}

ProductSettingsClientGetResult contains the result from method ProductSettingsClient.Get.

func (*ProductSettingsClientGetResult) UnmarshalJSON added in v0.2.0 

func (p *ProductSettingsClientGetResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ProductSettingsClientGetResult.

type ProductSettingsClientListOptions added in v0.2.0 

type ProductSettingsClientListOptions struct {
}

ProductSettingsClientListOptions contains the optional parameters for the ProductSettingsClient.List method.

type ProductSettingsClientListResponse added in v0.2.0 

type ProductSettingsClientListResponse struct {
	ProductSettingsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ProductSettingsClientListResponse contains the response from method ProductSettingsClient.List.

type ProductSettingsClientListResult added in v0.2.0 

type ProductSettingsClientListResult struct {
	SettingList
}

ProductSettingsClientListResult contains the result from method ProductSettingsClient.List.

type ProductSettingsClientUpdateOptions added in v0.2.0 

type ProductSettingsClientUpdateOptions struct {
}

ProductSettingsClientUpdateOptions contains the optional parameters for the ProductSettingsClient.Update method.

type ProductSettingsClientUpdateResponse added in v0.2.0 

type ProductSettingsClientUpdateResponse struct {
	ProductSettingsClientUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ProductSettingsClientUpdateResponse contains the response from method ProductSettingsClient.Update.

type ProductSettingsClientUpdateResult added in v0.2.0 

type ProductSettingsClientUpdateResult struct {
	SettingsClassification
}

ProductSettingsClientUpdateResult contains the result from method ProductSettingsClient.Update.

func (*ProductSettingsClientUpdateResult) UnmarshalJSON added in v0.2.0 

func (p *ProductSettingsClientUpdateResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ProductSettingsClientUpdateResult.

type ProviderName added in v0.2.0 

type ProviderName string

ProviderName - Provider name 

const (
	ProviderNameMicrosoftAadiamDiagnosticSettings                 ProviderName = "microsoft.aadiam/diagnosticSettings"
	ProviderNameMicrosoftAuthorizationPolicyAssignments           ProviderName = "Microsoft.Authorization/policyAssignments"
	ProviderNameMicrosoftOperationalInsightsSolutions             ProviderName = "Microsoft.OperationalInsights/solutions"
	ProviderNameMicrosoftOperationalInsightsWorkspaces            ProviderName = "Microsoft.OperationalInsights/workspaces"
	ProviderNameMicrosoftOperationalInsightsWorkspacesDatasources ProviderName = "Microsoft.OperationalInsights/workspaces/datasources"
	ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys  ProviderName = "Microsoft.OperationalInsights/workspaces/sharedKeys"
)

func PossibleProviderNameValues added in v0.2.0 

func PossibleProviderNameValues() []ProviderName

PossibleProviderNameValues returns the possible values for the ProviderName const type.

func (ProviderName) ToPtr added in v0.2.0 

func (c ProviderName) ToPtr() *ProviderName

ToPtr returns a *ProviderName pointing to the current value.

type QueryBasedAlertRuleProperties added in v0.2.0 

type QueryBasedAlertRuleProperties struct {
	// REQUIRED; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`

	// REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`

	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`

	// The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails,omitempty"`

	// The description of the alert rule.
	Description *string `json:"description,omitempty"`

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping `json:"entityMappings,omitempty"`

	// The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`

	// The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0
	TemplateVersion *string `json:"templateVersion,omitempty"`

	// READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`
}

QueryBasedAlertRuleProperties - Query based alert rule base property bag.

func (QueryBasedAlertRuleProperties) MarshalJSON added in v0.2.0 

func (q QueryBasedAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type QueryBasedAlertRuleProperties.

func (*QueryBasedAlertRuleProperties) UnmarshalJSON added in v0.2.0 

func (q *QueryBasedAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type QueryBasedAlertRuleProperties.

type QueryBasedAlertRuleTemplateProperties added in v0.2.0 

type QueryBasedAlertRuleTemplateProperties struct {
	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails,omitempty"`

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping `json:"entityMappings,omitempty"`

	// The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The version of this template - in format , where all are numbers. For example .
	Version *string `json:"version,omitempty"`
}

QueryBasedAlertRuleTemplateProperties - Query based alert rule template base property bag.

func (QueryBasedAlertRuleTemplateProperties) MarshalJSON added in v0.2.0 

func (q QueryBasedAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type QueryBasedAlertRuleTemplateProperties.

type RegistryHive added in v0.2.0 

type RegistryHive string

RegistryHive - the hive that holds the registry key. 

const (
	// RegistryHiveHKEYA - HKEY_A
	RegistryHiveHKEYA RegistryHive = "HKEY_A"
	// RegistryHiveHKEYCLASSESROOT - HKEY_CLASSES_ROOT
	RegistryHiveHKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT"
	// RegistryHiveHKEYCURRENTCONFIG - HKEY_CURRENT_CONFIG
	RegistryHiveHKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG"
	// RegistryHiveHKEYCURRENTUSER - HKEY_CURRENT_USER
	RegistryHiveHKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER"
	// RegistryHiveHKEYCURRENTUSERLOCALSETTINGS - HKEY_CURRENT_USER_LOCAL_SETTINGS
	RegistryHiveHKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS"
	// RegistryHiveHKEYLOCALMACHINE - HKEY_LOCAL_MACHINE
	RegistryHiveHKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE"
	// RegistryHiveHKEYPERFORMANCEDATA - HKEY_PERFORMANCE_DATA
	RegistryHiveHKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA"
	// RegistryHiveHKEYPERFORMANCENLSTEXT - HKEY_PERFORMANCE_NLSTEXT
	RegistryHiveHKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT"
	// RegistryHiveHKEYPERFORMANCETEXT - HKEY_PERFORMANCE_TEXT
	RegistryHiveHKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT"
	// RegistryHiveHKEYUSERS - HKEY_USERS
	RegistryHiveHKEYUSERS RegistryHive = "HKEY_USERS"
)

func PossibleRegistryHiveValues added in v0.2.0 

func PossibleRegistryHiveValues() []RegistryHive

PossibleRegistryHiveValues returns the possible values for the RegistryHive const type.

func (RegistryHive) ToPtr added in v0.2.0 

func (c RegistryHive) ToPtr() *RegistryHive

ToPtr returns a *RegistryHive pointing to the current value.

type RegistryKeyEntity added in v0.2.0 

type RegistryKeyEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// RegistryKey entity properties
	Properties *RegistryKeyEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

RegistryKeyEntity - Represents a registry key entity.

func (*RegistryKeyEntity) GetEntity added in v0.2.0 

func (r *RegistryKeyEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type RegistryKeyEntity.

func (RegistryKeyEntity) MarshalJSON added in v0.2.0 

func (r RegistryKeyEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntity.

func (*RegistryKeyEntity) UnmarshalJSON added in v0.2.0 

func (r *RegistryKeyEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RegistryKeyEntity.

type RegistryKeyEntityProperties added in v0.2.0 

type RegistryKeyEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; the hive that holds the registry key.
	Hive *RegistryHive `json:"hive,omitempty" azure:"ro"`

	// READ-ONLY; The registry key path.
	Key *string `json:"key,omitempty" azure:"ro"`
}

RegistryKeyEntityProperties - RegistryKey entity property bag.

func (RegistryKeyEntityProperties) MarshalJSON added in v0.2.0 

func (r RegistryKeyEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntityProperties.

type RegistryValueEntity added in v0.2.0 

type RegistryValueEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// RegistryKey entity properties
	Properties *RegistryValueEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

RegistryValueEntity - Represents a registry value entity.

func (*RegistryValueEntity) GetEntity added in v0.2.0 

func (r *RegistryValueEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type RegistryValueEntity.

func (RegistryValueEntity) MarshalJSON added in v0.2.0 

func (r RegistryValueEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryValueEntity.

func (*RegistryValueEntity) UnmarshalJSON added in v0.2.0 

func (r *RegistryValueEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RegistryValueEntity.

type RegistryValueEntityProperties added in v0.2.0 

type RegistryValueEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The registry key entity id.
	KeyEntityID *string `json:"keyEntityId,omitempty" azure:"ro"`

	// READ-ONLY; String formatted representation of the value data.
	ValueData *string `json:"valueData,omitempty" azure:"ro"`

	// READ-ONLY; The registry value name.
	ValueName *string `json:"valueName,omitempty" azure:"ro"`

	// READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value
	// in the registry.
	ValueType *RegistryValueKind `json:"valueType,omitempty" azure:"ro"`
}

RegistryValueEntityProperties - RegistryValue entity property bag.

func (RegistryValueEntityProperties) MarshalJSON added in v0.2.0 

func (r RegistryValueEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryValueEntityProperties.

type RegistryValueKind added in v0.2.0 

type RegistryValueKind string

RegistryValueKind - Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. 

const (
	// RegistryValueKindBinary - Binary value type
	RegistryValueKindBinary RegistryValueKind = "Binary"
	// RegistryValueKindDWord - DWord value type
	RegistryValueKindDWord RegistryValueKind = "DWord"
	// RegistryValueKindExpandString - ExpandString value type
	RegistryValueKindExpandString RegistryValueKind = "ExpandString"
	// RegistryValueKindMultiString - MultiString value type
	RegistryValueKindMultiString RegistryValueKind = "MultiString"
	// RegistryValueKindNone - None
	RegistryValueKindNone RegistryValueKind = "None"
	// RegistryValueKindQWord - QWord value type
	RegistryValueKindQWord RegistryValueKind = "QWord"
	// RegistryValueKindString - String value type
	RegistryValueKindString RegistryValueKind = "String"
	// RegistryValueKindUnknown - Unknown value type
	RegistryValueKindUnknown RegistryValueKind = "Unknown"
)

func PossibleRegistryValueKindValues added in v0.2.0 

func PossibleRegistryValueKindValues() []RegistryValueKind

PossibleRegistryValueKindValues returns the possible values for the RegistryValueKind const type.

func (RegistryValueKind) ToPtr added in v0.2.0 

func (c RegistryValueKind) ToPtr() *RegistryValueKind

ToPtr returns a *RegistryValueKind pointing to the current value.

type Relation added in v0.2.0 

type Relation struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Relation properties
	Properties *RelationProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Relation - Represents a relation between two resources

type RelationList added in v0.2.0 

type RelationList struct {
	// REQUIRED; Array of relations.
	Value []*Relation `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of relations.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

RelationList - List of relations.

func (RelationList) MarshalJSON added in v0.2.0 

func (r RelationList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RelationList.

type RelationProperties added in v0.2.0 

type RelationProperties struct {
	// REQUIRED; The resource ID of the related resource
	RelatedResourceID *string `json:"relatedResourceId,omitempty"`

	// READ-ONLY; The resource kind of the related resource
	RelatedResourceKind *string `json:"relatedResourceKind,omitempty" azure:"ro"`

	// READ-ONLY; The name of the related resource
	RelatedResourceName *string `json:"relatedResourceName,omitempty" azure:"ro"`

	// READ-ONLY; The resource type of the related resource
	RelatedResourceType *string `json:"relatedResourceType,omitempty" azure:"ro"`
}

RelationProperties - Relation property bag.

type Repo added in v0.2.0 

type Repo struct {
	// Array of branches.
	Branches []*string `json:"branches,omitempty"`

	// The name of the repository.
	FullName *string `json:"fullName,omitempty"`

	// The url to access the repository.
	URL *string `json:"url,omitempty"`
}

Repo - Represents a repository.

func (Repo) MarshalJSON added in v0.2.0 

func (r Repo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Repo.

type RepoList added in v0.2.0 

type RepoList struct {
	// REQUIRED; Array of repositories.
	Value []*Repo `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of repositories.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

RepoList - List all the source controls.

func (RepoList) MarshalJSON added in v0.2.0 

func (r RepoList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RepoList.

type RepoType added in v0.2.0 

type RepoType string

RepoType - The type of repository. 

const (
	RepoTypeDevOps RepoType = "DevOps"
	RepoTypeGithub RepoType = "Github"
)

func PossibleRepoTypeValues added in v0.2.0 

func PossibleRepoTypeValues() []RepoType

PossibleRepoTypeValues returns the possible values for the RepoType const type.

func (RepoType) ToPtr added in v0.2.0 

func (c RepoType) ToPtr() *RepoType

ToPtr returns a *RepoType pointing to the current value.

type Repository added in v0.2.0 

type Repository struct {
	// Branch name of repository.
	Branch *string `json:"branch,omitempty"`

	// Url to access repository action logs.
	DeploymentLogsURL *string `json:"deploymentLogsUrl,omitempty"`

	// Display url of repository.
	DisplayURL *string `json:"displayUrl,omitempty"`

	// Dictionary of source control content type and path mapping.
	PathMapping []*ContentPathMap `json:"pathMapping,omitempty"`

	// Url of repository.
	URL *string `json:"url,omitempty"`
}

Repository - metadata of a repository.

func (Repository) MarshalJSON added in v0.2.0 

func (r Repository) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Repository.

type RequiredPermissions added in v0.2.0 

type RequiredPermissions struct {
	// action permission
	Action *bool `json:"action,omitempty"`

	// delete permission
	Delete *bool `json:"delete,omitempty"`

	// read permission
	Read *bool `json:"read,omitempty"`

	// write permission
	Write *bool `json:"write,omitempty"`
}

RequiredPermissions - Required permissions for the connector

type Resource 

type Resource struct {
	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Resource - Common fields that are returned in the response for all Azure Resource Manager resources

type ResourceProvider added in v0.2.0 

type ResourceProvider struct {
	// Permission description text
	PermissionsDisplayText *string `json:"permissionsDisplayText,omitempty"`

	// Provider name
	Provider *ProviderName `json:"provider,omitempty"`

	// Permission provider display name
	ProviderDisplayName *string `json:"providerDisplayName,omitempty"`

	// Required permissions for the connector
	RequiredPermissions *RequiredPermissions `json:"requiredPermissions,omitempty"`

	// Permission provider scope
	Scope *PermissionProviderScope `json:"scope,omitempty"`
}

ResourceProvider - Resource provider permissions required for the connector

type ResourceWithEtag 

type ResourceWithEtag struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ResourceWithEtag - An azure resource object with an Etag property

type SKU added in v0.2.0 

type SKU struct {
	// The amount of reservation level
	CapacityReservationLevel *int32 `json:"capacityReservationLevel,omitempty"`

	// The kind of the tier
	Name *SKUKind `json:"name,omitempty"`
}

SKU - The pricing tier of the solution

type SKUKind added in v0.2.0 

type SKUKind string

SKUKind - The kind of the tier 

const (
	SKUKindCapacityReservation SKUKind = "CapacityReservation"
	SKUKindPerGB               SKUKind = "PerGB"
)

func PossibleSKUKindValues added in v0.2.0 

func PossibleSKUKindValues() []SKUKind

PossibleSKUKindValues returns the possible values for the SKUKind const type.

func (SKUKind) ToPtr added in v0.2.0 

func (c SKUKind) ToPtr() *SKUKind

ToPtr returns a *SKUKind pointing to the current value.

type SampleQueries added in v0.2.0 

type SampleQueries struct {
	// The sample query description
	Description *string `json:"description,omitempty"`

	// the sample query
	Query *string `json:"query,omitempty"`
}

SampleQueries - The sample queries for the connector

type ScheduledAlertRule 

type ScheduledAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Scheduled alert rule properties
	Properties *ScheduledAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ScheduledAlertRule - Represents scheduled alert rule.

func (*ScheduledAlertRule) GetAlertRule added in v0.2.0 

func (s *ScheduledAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type ScheduledAlertRule.

func (ScheduledAlertRule) MarshalJSON 

func (s ScheduledAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRule.

func (*ScheduledAlertRule) UnmarshalJSON 

func (s *ScheduledAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRule.

type ScheduledAlertRuleCommonProperties 

type ScheduledAlertRuleCommonProperties struct {
	// The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`

	// The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`

	// The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`

	// The operation against the threshold that triggers alert rule.
	TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"`

	// The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
}

ScheduledAlertRuleCommonProperties - Scheduled alert rule template property bag.

type ScheduledAlertRuleProperties 

type ScheduledAlertRuleProperties struct {
	// REQUIRED; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`

	// REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`

	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`

	// The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails,omitempty"`

	// The description of the alert rule.
	Description *string `json:"description,omitempty"`

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping `json:"entityMappings,omitempty"`

	// The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`

	// The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`

	// The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`

	// The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`

	// The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0
	TemplateVersion *string `json:"templateVersion,omitempty"`

	// The operation against the threshold that triggers alert rule.
	TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"`

	// The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`

	// READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`
}

ScheduledAlertRuleProperties - Scheduled alert rule base property bag.

func (ScheduledAlertRuleProperties) MarshalJSON 

func (s ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleProperties.

func (*ScheduledAlertRuleProperties) UnmarshalJSON 

func (s *ScheduledAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleProperties.

type ScheduledAlertRuleTemplate 

type ScheduledAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Scheduled alert rule template properties
	Properties *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ScheduledAlertRuleTemplate - Represents scheduled alert rule template.

func (*ScheduledAlertRuleTemplate) GetAlertRuleTemplate added in v0.2.0 

func (s *ScheduledAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) MarshalJSON 

func (s ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplate.

func (*ScheduledAlertRuleTemplate) UnmarshalJSON 

func (s *ScheduledAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplate.

type ScheduledAlertRuleTemplateProperties 

type ScheduledAlertRuleTemplateProperties struct {
	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping `json:"entityMappings,omitempty"`

	// The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`

	// The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`

	// The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`

	// The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The operation against the threshold that triggers alert rule.
	TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"`

	// The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`

	// The version of this template - in format , where all are numbers. For example .
	Version *string `json:"version,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties

func (ScheduledAlertRuleTemplateProperties) MarshalJSON 

func (s ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplateProperties.

func (*ScheduledAlertRuleTemplateProperties) UnmarshalJSON 

func (s *ScheduledAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplateProperties.

type SecurityAlert added in v0.2.0 

type SecurityAlert struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// SecurityAlert entity properties
	Properties *SecurityAlertProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SecurityAlert - Represents a security alert entity.

func (*SecurityAlert) GetEntity added in v0.2.0 

func (s *SecurityAlert) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type SecurityAlert.

func (SecurityAlert) MarshalJSON added in v0.2.0 

func (s SecurityAlert) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityAlert.

func (*SecurityAlert) UnmarshalJSON added in v0.2.0 

func (s *SecurityAlert) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlert.

type SecurityAlertProperties added in v0.2.0 

type SecurityAlertProperties struct {
	// The severity of the alert
	Severity *AlertSeverity `json:"severity,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The display name of the alert.
	AlertDisplayName *string `json:"alertDisplayName,omitempty" azure:"ro"`

	// READ-ONLY; The uri link of the alert.
	AlertLink *string `json:"alertLink,omitempty" azure:"ro"`

	// READ-ONLY; The type name of the alert.
	AlertType *string `json:"alertType,omitempty" azure:"ro"`

	// READ-ONLY; Display name of the main entity being reported on.
	CompromisedEntity *string `json:"compromisedEntity,omitempty" azure:"ro"`

	// READ-ONLY; The confidence level of this alert.
	ConfidenceLevel *ConfidenceLevel `json:"confidenceLevel,omitempty" azure:"ro"`

	// READ-ONLY; The confidence reasons
	ConfidenceReasons []*SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty" azure:"ro"`

	// READ-ONLY; The confidence score of the alert.
	ConfidenceScore *float64 `json:"confidenceScore,omitempty" azure:"ro"`

	// READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not
	// applicable or final.
	ConfidenceScoreStatus *ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty" azure:"ro"`

	// READ-ONLY; Alert description.
	Description *string `json:"description,omitempty" azure:"ro"`

	// READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert).
	EndTimeUTC *time.Time `json:"endTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; Holds the alert intent stage(s) mapping for this alert.
	Intent *KillChainIntent `json:"intent,omitempty" azure:"ro"`

	// READ-ONLY; The time the alert was made available for consumption.
	ProcessingEndTime *time.Time `json:"processingEndTime,omitempty" azure:"ro"`

	// READ-ONLY; The name of a component inside the product which generated the alert.
	ProductComponentName *string `json:"productComponentName,omitempty" azure:"ro"`

	// READ-ONLY; The name of the product which published this alert.
	ProductName *string `json:"productName,omitempty" azure:"ro"`

	// READ-ONLY; The version of the product generating the alert.
	ProductVersion *string `json:"productVersion,omitempty" azure:"ro"`

	// READ-ONLY; The identifier of the alert inside the product which generated the alert.
	ProviderAlertID *string `json:"providerAlertId,omitempty" azure:"ro"`

	// READ-ONLY; Manual action items to take to remediate the alert.
	RemediationSteps []*string `json:"remediationSteps,omitempty" azure:"ro"`

	// READ-ONLY; The list of resource identifiers of the alert.
	ResourceIdentifiers []map[string]interface{} `json:"resourceIdentifiers,omitempty" azure:"ro"`

	// READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert).
	StartTimeUTC *time.Time `json:"startTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; The lifecycle status of the alert.
	Status *AlertStatus `json:"status,omitempty" azure:"ro"`

	// READ-ONLY; Holds the product identifier of the alert for the product.
	SystemAlertID *string `json:"systemAlertId,omitempty" azure:"ro"`

	// READ-ONLY; The tactics of the alert
	Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"`

	// READ-ONLY; The time the alert was generated.
	TimeGenerated *time.Time `json:"timeGenerated,omitempty" azure:"ro"`

	// READ-ONLY; The name of the vendor that raise the alert.
	VendorName *string `json:"vendorName,omitempty" azure:"ro"`
}

SecurityAlertProperties - SecurityAlert entity property bag.

func (SecurityAlertProperties) MarshalJSON added in v0.2.0 

func (s SecurityAlertProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityAlertProperties.

func (*SecurityAlertProperties) UnmarshalJSON added in v0.2.0 

func (s *SecurityAlertProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertProperties.

type SecurityAlertPropertiesConfidenceReasonsItem added in v0.2.0 

type SecurityAlertPropertiesConfidenceReasonsItem struct {
	// READ-ONLY; The reason's description
	Reason *string `json:"reason,omitempty" azure:"ro"`

	// READ-ONLY; The type (category) of the reason
	ReasonType *string `json:"reasonType,omitempty" azure:"ro"`
}

SecurityAlertPropertiesConfidenceReasonsItem - confidence reason item

type SecurityAlertTimelineItem added in v0.2.0 

type SecurityAlertTimelineItem struct {
	// REQUIRED; The name of the alert type.
	AlertType *string `json:"alertType,omitempty"`

	// REQUIRED; The alert azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`

	// REQUIRED; The alert name.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The alert end time.
	EndTimeUTC *time.Time `json:"endTimeUtc,omitempty"`

	// REQUIRED; The entity query kind type.
	Kind *EntityTimelineKind `json:"kind,omitempty"`

	// REQUIRED; The alert severity.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// REQUIRED; The alert start time.
	StartTimeUTC *time.Time `json:"startTimeUtc,omitempty"`

	// REQUIRED; The alert generated time.
	TimeGenerated *time.Time `json:"timeGenerated,omitempty"`

	// The alert description.
	Description *string `json:"description,omitempty"`

	// The alert product name.
	ProductName *string `json:"productName,omitempty"`
}

SecurityAlertTimelineItem - Represents security alert timeline item.

func (*SecurityAlertTimelineItem) GetEntityTimelineItem added in v0.2.0 

func (s *SecurityAlertTimelineItem) GetEntityTimelineItem() *EntityTimelineItem

GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) MarshalJSON added in v0.2.0 

func (s SecurityAlertTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityAlertTimelineItem.

func (*SecurityAlertTimelineItem) UnmarshalJSON added in v0.2.0 

func (s *SecurityAlertTimelineItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertTimelineItem.

type SecurityGroupEntity added in v0.2.0 

type SecurityGroupEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// SecurityGroup entity properties
	Properties *SecurityGroupEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SecurityGroupEntity - Represents a security group entity.

func (*SecurityGroupEntity) GetEntity added in v0.2.0 

func (s *SecurityGroupEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type SecurityGroupEntity.

func (SecurityGroupEntity) MarshalJSON added in v0.2.0 

func (s SecurityGroupEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntity.

func (*SecurityGroupEntity) UnmarshalJSON added in v0.2.0 

func (s *SecurityGroupEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityGroupEntity.

type SecurityGroupEntityProperties added in v0.2.0 

type SecurityGroupEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The group distinguished name
	DistinguishedName *string `json:"distinguishedName,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *string `json:"objectGuid,omitempty" azure:"ro"`

	// READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group
	Sid *string `json:"sid,omitempty" azure:"ro"`
}

SecurityGroupEntityProperties - SecurityGroup entity property bag.

func (SecurityGroupEntityProperties) MarshalJSON added in v0.2.0 

func (s SecurityGroupEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntityProperties.

type SentinelOnboardingState added in v0.2.0 

type SentinelOnboardingState struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// The Sentinel onboarding state object
	Properties *SentinelOnboardingStateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SentinelOnboardingState - Sentinel onboarding state

type SentinelOnboardingStateProperties added in v0.2.0 

type SentinelOnboardingStateProperties struct {
	// Flag that indicates the status of the CMK setting
	CustomerManagedKey *bool `json:"customerManagedKey,omitempty"`
}

SentinelOnboardingStateProperties - The Sentinel onboarding state properties

type SentinelOnboardingStatesClient added in v0.2.0 

type SentinelOnboardingStatesClient struct {
	// contains filtered or unexported fields
}

SentinelOnboardingStatesClient contains the methods for the SentinelOnboardingStates group. Don't use this type directly, use NewSentinelOnboardingStatesClient() instead.

func NewSentinelOnboardingStatesClient added in v0.2.0 

func NewSentinelOnboardingStatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *SentinelOnboardingStatesClient

NewSentinelOnboardingStatesClient creates a new instance of SentinelOnboardingStatesClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*SentinelOnboardingStatesClient) Create added in v0.2.0 

func (client *SentinelOnboardingStatesClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientCreateOptions) (SentinelOnboardingStatesClientCreateResponse, error)

Create - Create Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default options - SentinelOnboardingStatesClientCreateOptions contains the optional parameters for the SentinelOnboardingStatesClient.Create method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewSentinelOnboardingStatesClient("<subscription-id>", cred, nil)
	res, err := client.Create(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<sentinel-onboarding-state-name>",
		&armsecurityinsight.SentinelOnboardingStatesClientCreateOptions{SentinelOnboardingStateParameter: &armsecurityinsight.SentinelOnboardingState{
			Properties: &armsecurityinsight.SentinelOnboardingStateProperties{
				CustomerManagedKey: to.BoolPtr(false),
			},
		},
		})
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.SentinelOnboardingStatesClientCreateResult)
}

Output:

func (*SentinelOnboardingStatesClient) Delete added in v0.2.0 

func (client *SentinelOnboardingStatesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientDeleteOptions) (SentinelOnboardingStatesClientDeleteResponse, error)

Delete - Delete Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default options - SentinelOnboardingStatesClientDeleteOptions contains the optional parameters for the SentinelOnboardingStatesClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewSentinelOnboardingStatesClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<sentinel-onboarding-state-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*SentinelOnboardingStatesClient) Get added in v0.2.0 

func (client *SentinelOnboardingStatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientGetOptions) (SentinelOnboardingStatesClientGetResponse, error)

Get - Get Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default options - SentinelOnboardingStatesClientGetOptions contains the optional parameters for the SentinelOnboardingStatesClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewSentinelOnboardingStatesClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<sentinel-onboarding-state-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.SentinelOnboardingStatesClientGetResult)
}

Output:

func (*SentinelOnboardingStatesClient) List added in v0.2.0 

func (client *SentinelOnboardingStatesClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *SentinelOnboardingStatesClientListOptions) (SentinelOnboardingStatesClientListResponse, error)

List - Gets all Sentinel onboarding states If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewSentinelOnboardingStatesClient("<subscription-id>", cred, nil)
	res, err := client.List(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.SentinelOnboardingStatesClientListResult)
}

Output:

type SentinelOnboardingStatesClientCreateOptions added in v0.2.0 

type SentinelOnboardingStatesClientCreateOptions struct {
	// The Sentinel onboarding state parameter
	SentinelOnboardingStateParameter *SentinelOnboardingState
}

SentinelOnboardingStatesClientCreateOptions contains the optional parameters for the SentinelOnboardingStatesClient.Create method.

type SentinelOnboardingStatesClientCreateResponse added in v0.2.0 

type SentinelOnboardingStatesClientCreateResponse struct {
	SentinelOnboardingStatesClientCreateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

SentinelOnboardingStatesClientCreateResponse contains the response from method SentinelOnboardingStatesClient.Create.

type SentinelOnboardingStatesClientCreateResult added in v0.2.0 

type SentinelOnboardingStatesClientCreateResult struct {
	SentinelOnboardingState
}

SentinelOnboardingStatesClientCreateResult contains the result from method SentinelOnboardingStatesClient.Create.

type SentinelOnboardingStatesClientDeleteOptions added in v0.2.0 

type SentinelOnboardingStatesClientDeleteOptions struct {
}

SentinelOnboardingStatesClientDeleteOptions contains the optional parameters for the SentinelOnboardingStatesClient.Delete method.

type SentinelOnboardingStatesClientDeleteResponse added in v0.2.0 

type SentinelOnboardingStatesClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

SentinelOnboardingStatesClientDeleteResponse contains the response from method SentinelOnboardingStatesClient.Delete.

type SentinelOnboardingStatesClientGetOptions added in v0.2.0 

type SentinelOnboardingStatesClientGetOptions struct {
}

SentinelOnboardingStatesClientGetOptions contains the optional parameters for the SentinelOnboardingStatesClient.Get method.

type SentinelOnboardingStatesClientGetResponse added in v0.2.0 

type SentinelOnboardingStatesClientGetResponse struct {
	SentinelOnboardingStatesClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

SentinelOnboardingStatesClientGetResponse contains the response from method SentinelOnboardingStatesClient.Get.

type SentinelOnboardingStatesClientGetResult added in v0.2.0 

type SentinelOnboardingStatesClientGetResult struct {
	SentinelOnboardingState
}

SentinelOnboardingStatesClientGetResult contains the result from method SentinelOnboardingStatesClient.Get.

type SentinelOnboardingStatesClientListOptions added in v0.2.0 

type SentinelOnboardingStatesClientListOptions struct {
}

SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List method.

type SentinelOnboardingStatesClientListResponse added in v0.2.0 

type SentinelOnboardingStatesClientListResponse struct {
	SentinelOnboardingStatesClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

SentinelOnboardingStatesClientListResponse contains the response from method SentinelOnboardingStatesClient.List.

type SentinelOnboardingStatesClientListResult added in v0.2.0 

type SentinelOnboardingStatesClientListResult struct {
	SentinelOnboardingStatesList
}

SentinelOnboardingStatesClientListResult contains the result from method SentinelOnboardingStatesClient.List.

type SentinelOnboardingStatesList added in v0.2.0 

type SentinelOnboardingStatesList struct {
	// REQUIRED; Array of Sentinel onboarding states
	Value []*SentinelOnboardingState `json:"value,omitempty"`
}

SentinelOnboardingStatesList - List of the Sentinel onboarding states

func (SentinelOnboardingStatesList) MarshalJSON added in v0.2.0 

func (s SentinelOnboardingStatesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingStatesList.

type SettingKind added in v0.2.0 

type SettingKind string

SettingKind - The kind of the setting 

const (
	SettingKindAnomalies       SettingKind = "Anomalies"
	SettingKindEntityAnalytics SettingKind = "EntityAnalytics"
	SettingKindEyesOn          SettingKind = "EyesOn"
	SettingKindUeba            SettingKind = "Ueba"
)

func PossibleSettingKindValues added in v0.2.0 

func PossibleSettingKindValues() []SettingKind

PossibleSettingKindValues returns the possible values for the SettingKind const type.

func (SettingKind) ToPtr added in v0.2.0 

func (c SettingKind) ToPtr() *SettingKind

ToPtr returns a *SettingKind pointing to the current value.

type SettingList added in v0.2.0 

type SettingList struct {
	// REQUIRED; Array of settings.
	Value []SettingsClassification `json:"value,omitempty"`
}

SettingList - List of all the settings.

func (SettingList) MarshalJSON added in v0.2.0 

func (s SettingList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SettingList.

func (*SettingList) UnmarshalJSON added in v0.2.0 

func (s *SettingList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SettingList.

type SettingType added in v0.2.0 

type SettingType string

SettingType - The kind of the setting 

const (
	SettingTypeCopyableLabel         SettingType = "CopyableLabel"
	SettingTypeInfoMessage           SettingType = "InfoMessage"
	SettingTypeInstructionStepsGroup SettingType = "InstructionStepsGroup"
)

func PossibleSettingTypeValues added in v0.2.0 

func PossibleSettingTypeValues() []SettingType

PossibleSettingTypeValues returns the possible values for the SettingType const type.

func (SettingType) ToPtr added in v0.2.0 

func (c SettingType) ToPtr() *SettingType

ToPtr returns a *SettingType pointing to the current value.

type Settings added in v0.2.0 

type Settings struct {
	// REQUIRED; The kind of the setting
	Kind *SettingKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Settings - The Setting.

func (*Settings) GetSettings added in v0.2.0 

func (s *Settings) GetSettings() *Settings

GetSettings implements the SettingsClassification interface for type Settings.

type SettingsClassification added in v0.2.0 

type SettingsClassification interface {
	// GetSettings returns the Settings content of the underlying type.
	GetSettings() *Settings
}

SettingsClassification provides polymorphic access to related types. Call the interface's GetSettings() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *Anomalies, *EntityAnalytics, *EyesOn, *Settings, *Ueba

type Source added in v0.2.0 

type Source string

Source - The source of the watchlist 

const (
	SourceLocalFile     Source = "Local file"
	SourceRemoteStorage Source = "Remote storage"
)

func PossibleSourceValues added in v0.2.0 

func PossibleSourceValues() []Source

PossibleSourceValues returns the possible values for the Source const type.

func (Source) ToPtr added in v0.2.0 

func (c Source) ToPtr() *Source

ToPtr returns a *Source pointing to the current value.

type SourceControl added in v0.2.0 

type SourceControl struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// source control properties
	Properties *SourceControlProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SourceControl - Represents a SourceControl in Azure Security Insights.

type SourceControlClient added in v0.2.0 

type SourceControlClient struct {
	// contains filtered or unexported fields
}

SourceControlClient contains the methods for the SourceControl group. Don't use this type directly, use NewSourceControlClient() instead.

func NewSourceControlClient added in v0.2.0 

func NewSourceControlClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *SourceControlClient

NewSourceControlClient creates a new instance of SourceControlClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*SourceControlClient) ListRepositories added in v0.2.0 

func (client *SourceControlClient) ListRepositories(resourceGroupName string, workspaceName string, repoType RepoType, options *SourceControlClientListRepositoriesOptions) *SourceControlClientListRepositoriesPager

ListRepositories - Gets a list of repositories metadata. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. repoType - The repo type. options - SourceControlClientListRepositoriesOptions contains the optional parameters for the SourceControlClient.ListRepositories method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/repositories/GetRepositories.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewSourceControlClient("<subscription-id>", cred, nil)
	pager := client.ListRepositories("<resource-group-name>",
		"<workspace-name>",
		armsecurityinsight.RepoType("Github"),
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type SourceControlClientListRepositoriesOptions added in v0.2.0 

type SourceControlClientListRepositoriesOptions struct {
}

SourceControlClientListRepositoriesOptions contains the optional parameters for the SourceControlClient.ListRepositories method.

type SourceControlClientListRepositoriesPager added in v0.2.0 

type SourceControlClientListRepositoriesPager struct {
	// contains filtered or unexported fields
}

SourceControlClientListRepositoriesPager provides operations for iterating over paged responses.

func (*SourceControlClientListRepositoriesPager) Err added in v0.2.0 

func (p *SourceControlClientListRepositoriesPager) Err() error

Err returns the last error encountered while paging.

func (*SourceControlClientListRepositoriesPager) NextPage added in v0.2.0 

func (p *SourceControlClientListRepositoriesPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*SourceControlClientListRepositoriesPager) PageResponse added in v0.2.0 

func (p *SourceControlClientListRepositoriesPager) PageResponse() SourceControlClientListRepositoriesResponse

PageResponse returns the current SourceControlClientListRepositoriesResponse page.

type SourceControlClientListRepositoriesResponse added in v0.2.0 

type SourceControlClientListRepositoriesResponse struct {
	SourceControlClientListRepositoriesResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

SourceControlClientListRepositoriesResponse contains the response from method SourceControlClient.ListRepositories.

type SourceControlClientListRepositoriesResult added in v0.2.0 

type SourceControlClientListRepositoriesResult struct {
	RepoList
}

SourceControlClientListRepositoriesResult contains the result from method SourceControlClient.ListRepositories.

type SourceControlList added in v0.2.0 

type SourceControlList struct {
	// REQUIRED; Array of source controls.
	Value []*SourceControl `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of source controls.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

SourceControlList - List all the source controls.

func (SourceControlList) MarshalJSON added in v0.2.0 

func (s SourceControlList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SourceControlList.

type SourceControlProperties added in v0.2.0 

type SourceControlProperties struct {
	// REQUIRED; Array of source control content types.
	ContentTypes []*ContentType `json:"contentTypes,omitempty"`

	// REQUIRED; The display name of the source control
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The repository type of the source control
	RepoType *RepoType `json:"repoType,omitempty"`

	// REQUIRED; Repository metadata.
	Repository *Repository `json:"repository,omitempty"`

	// A description of the source control
	Description *string `json:"description,omitempty"`

	// The id (a Guid) of the source control
	ID *string `json:"id,omitempty"`
}

SourceControlProperties - Describes source control properties

func (SourceControlProperties) MarshalJSON added in v0.2.0 

func (s SourceControlProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SourceControlProperties.

type SourceControlsClient added in v0.2.0 

type SourceControlsClient struct {
	// contains filtered or unexported fields
}

SourceControlsClient contains the methods for the SourceControls group. Don't use this type directly, use NewSourceControlsClient() instead.

func NewSourceControlsClient added in v0.2.0 

func NewSourceControlsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *SourceControlsClient

NewSourceControlsClient creates a new instance of SourceControlsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*SourceControlsClient) Create added in v0.2.0 

func (client *SourceControlsClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, sourceControl SourceControl, options *SourceControlsClientCreateOptions) (SourceControlsClientCreateResponse, error)

Create - Creates a source control. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sourceControlID - Source control Id sourceControl - The SourceControl options - SourceControlsClientCreateOptions contains the optional parameters for the SourceControlsClient.Create method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/CreateSourceControl.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewSourceControlsClient("<subscription-id>", cred, nil)
	res, err := client.Create(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<source-control-id>",
		armsecurityinsight.SourceControl{
			Etag: to.StringPtr("<etag>"),
			Properties: &armsecurityinsight.SourceControlProperties{
				Description: to.StringPtr("<description>"),
				ContentTypes: []*armsecurityinsight.ContentType{
					armsecurityinsight.ContentType("AnalyticRules").ToPtr(),
					armsecurityinsight.ContentType("Workbook").ToPtr()},
				DisplayName: to.StringPtr("<display-name>"),
				RepoType:    armsecurityinsight.RepoType("Github").ToPtr(),
				Repository: &armsecurityinsight.Repository{
					Branch:     to.StringPtr("<branch>"),
					DisplayURL: to.StringPtr("<display-url>"),
					PathMapping: []*armsecurityinsight.ContentPathMap{
						{
							Path:        to.StringPtr("<path>"),
							ContentType: armsecurityinsight.ContentType("AnalyticRules").ToPtr(),
						},
						{
							Path:        to.StringPtr("<path>"),
							ContentType: armsecurityinsight.ContentType("Workbook").ToPtr(),
						}},
					URL: to.StringPtr("<url>"),
				},
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.SourceControlsClientCreateResult)
}

Output:

func (*SourceControlsClient) Delete added in v0.2.0 

func (client *SourceControlsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientDeleteOptions) (SourceControlsClientDeleteResponse, error)

Delete - Delete a source control. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sourceControlID - Source control Id options - SourceControlsClientDeleteOptions contains the optional parameters for the SourceControlsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewSourceControlsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<source-control-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*SourceControlsClient) Get added in v0.2.0 

func (client *SourceControlsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientGetOptions) (SourceControlsClientGetResponse, error)

Get - Gets a source control byt its identifier. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. sourceControlID - Source control Id options - SourceControlsClientGetOptions contains the optional parameters for the SourceControlsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/GetSourceControlById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewSourceControlsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<source-control-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.SourceControlsClientGetResult)
}

Output:

func (*SourceControlsClient) List added in v0.2.0 

func (client *SourceControlsClient) List(resourceGroupName string, workspaceName string, options *SourceControlsClientListOptions) *SourceControlsClientListPager

List - Gets all source controls, without source control items. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - SourceControlsClientListOptions contains the optional parameters for the SourceControlsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/sourcecontrols/GetSourceControls.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewSourceControlsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type SourceControlsClientCreateOptions added in v0.2.0 

type SourceControlsClientCreateOptions struct {
}

SourceControlsClientCreateOptions contains the optional parameters for the SourceControlsClient.Create method.

type SourceControlsClientCreateResponse added in v0.2.0 

type SourceControlsClientCreateResponse struct {
	SourceControlsClientCreateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

SourceControlsClientCreateResponse contains the response from method SourceControlsClient.Create.

type SourceControlsClientCreateResult added in v0.2.0 

type SourceControlsClientCreateResult struct {
	SourceControl
}

SourceControlsClientCreateResult contains the result from method SourceControlsClient.Create.

type SourceControlsClientDeleteOptions added in v0.2.0 

type SourceControlsClientDeleteOptions struct {
}

SourceControlsClientDeleteOptions contains the optional parameters for the SourceControlsClient.Delete method.

type SourceControlsClientDeleteResponse added in v0.2.0 

type SourceControlsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

SourceControlsClientDeleteResponse contains the response from method SourceControlsClient.Delete.

type SourceControlsClientGetOptions added in v0.2.0 

type SourceControlsClientGetOptions struct {
}

SourceControlsClientGetOptions contains the optional parameters for the SourceControlsClient.Get method.

type SourceControlsClientGetResponse added in v0.2.0 

type SourceControlsClientGetResponse struct {
	SourceControlsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

SourceControlsClientGetResponse contains the response from method SourceControlsClient.Get.

type SourceControlsClientGetResult added in v0.2.0 

type SourceControlsClientGetResult struct {
	SourceControl
}

SourceControlsClientGetResult contains the result from method SourceControlsClient.Get.

type SourceControlsClientListOptions added in v0.2.0 

type SourceControlsClientListOptions struct {
}

SourceControlsClientListOptions contains the optional parameters for the SourceControlsClient.List method.

type SourceControlsClientListPager added in v0.2.0 

type SourceControlsClientListPager struct {
	// contains filtered or unexported fields
}

SourceControlsClientListPager provides operations for iterating over paged responses.

func (*SourceControlsClientListPager) Err added in v0.2.0 

func (p *SourceControlsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*SourceControlsClientListPager) NextPage added in v0.2.0 

func (p *SourceControlsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*SourceControlsClientListPager) PageResponse added in v0.2.0 

func (p *SourceControlsClientListPager) PageResponse() SourceControlsClientListResponse

PageResponse returns the current SourceControlsClientListResponse page.

type SourceControlsClientListResponse added in v0.2.0 

type SourceControlsClientListResponse struct {
	SourceControlsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

SourceControlsClientListResponse contains the response from method SourceControlsClient.List.

type SourceControlsClientListResult added in v0.2.0 

type SourceControlsClientListResult struct {
	SourceControlList
}

SourceControlsClientListResult contains the result from method SourceControlsClient.List.

type SourceKind added in v0.2.0 

type SourceKind string

SourceKind - Source type of the content 

const (
	SourceKindCommunity        SourceKind = "Community"
	SourceKindLocalWorkspace   SourceKind = "LocalWorkspace"
	SourceKindSolution         SourceKind = "Solution"
	SourceKindSourceRepository SourceKind = "SourceRepository"
)

func PossibleSourceKindValues added in v0.2.0 

func PossibleSourceKindValues() []SourceKind

PossibleSourceKindValues returns the possible values for the SourceKind const type.

func (SourceKind) ToPtr added in v0.2.0 

func (c SourceKind) ToPtr() *SourceKind

ToPtr returns a *SourceKind pointing to the current value.

type SubmissionMailEntity added in v0.2.0 

type SubmissionMailEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Submission mail entity properties
	Properties *SubmissionMailEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SubmissionMailEntity - Represents a submission mail entity.

func (*SubmissionMailEntity) GetEntity added in v0.2.0 

func (s *SubmissionMailEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type SubmissionMailEntity.

func (SubmissionMailEntity) MarshalJSON added in v0.2.0 

func (s SubmissionMailEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntity.

func (*SubmissionMailEntity) UnmarshalJSON added in v0.2.0 

func (s *SubmissionMailEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntity.

type SubmissionMailEntityProperties added in v0.2.0 

type SubmissionMailEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The network message id of email to which submission belongs
	NetworkMessageID *string `json:"networkMessageId,omitempty" azure:"ro"`

	// READ-ONLY; The recipient of the mail
	Recipient *string `json:"recipient,omitempty" azure:"ro"`

	// READ-ONLY; The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.
	ReportType *string `json:"reportType,omitempty" azure:"ro"`

	// READ-ONLY; The sender of the mail
	Sender *string `json:"sender,omitempty" azure:"ro"`

	// READ-ONLY; The sender's IP
	SenderIP *string `json:"senderIp,omitempty" azure:"ro"`

	// READ-ONLY; The subject of submission mail
	Subject *string `json:"subject,omitempty" azure:"ro"`

	// READ-ONLY; The submission date
	SubmissionDate *time.Time `json:"submissionDate,omitempty" azure:"ro"`

	// READ-ONLY; The submission id
	SubmissionID *string `json:"submissionId,omitempty" azure:"ro"`

	// READ-ONLY; The submitter
	Submitter *string `json:"submitter,omitempty" azure:"ro"`

	// READ-ONLY; The Time stamp when the message is received (Mail)
	Timestamp *time.Time `json:"timestamp,omitempty" azure:"ro"`
}

SubmissionMailEntityProperties - Submission mail entity property bag.

func (SubmissionMailEntityProperties) MarshalJSON added in v0.2.0 

func (s SubmissionMailEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntityProperties.

func (*SubmissionMailEntityProperties) UnmarshalJSON added in v0.2.0 

func (s *SubmissionMailEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntityProperties.

type SupportTier added in v0.2.0 

type SupportTier string

SupportTier - Type of support for content item 

const (
	SupportTierCommunity SupportTier = "Community"
	SupportTierMicrosoft SupportTier = "Microsoft"
	SupportTierPartner   SupportTier = "Partner"
)

func PossibleSupportTierValues added in v0.2.0 

func PossibleSupportTierValues() []SupportTier

PossibleSupportTierValues returns the possible values for the SupportTier const type.

func (SupportTier) ToPtr added in v0.2.0 

func (c SupportTier) ToPtr() *SupportTier

ToPtr returns a *SupportTier pointing to the current value.

type SystemData added in v0.2.0 

type SystemData struct {
	// The timestamp of resource creation (UTC).
	CreatedAt *time.Time `json:"createdAt,omitempty"`

	// The identity that created the resource.
	CreatedBy *string `json:"createdBy,omitempty"`

	// The type of identity that created the resource.
	CreatedByType *CreatedByType `json:"createdByType,omitempty"`

	// The timestamp of resource last modification (UTC)
	LastModifiedAt *time.Time `json:"lastModifiedAt,omitempty"`

	// The identity that last modified the resource.
	LastModifiedBy *string `json:"lastModifiedBy,omitempty"`

	// The type of identity that last modified the resource.
	LastModifiedByType *CreatedByType `json:"lastModifiedByType,omitempty"`
}

SystemData - Metadata pertaining to creation and last modification of the resource.

func (SystemData) MarshalJSON added in v0.2.0 

func (s SystemData) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SystemData.

func (*SystemData) UnmarshalJSON added in v0.2.0 

func (s *SystemData) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SystemData.

type TICheckRequirements added in v0.2.0 

type TICheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Threat Intelligence Platforms data connector check required properties
	Properties *TICheckRequirementsProperties `json:"properties,omitempty"`
}

TICheckRequirements - Threat Intelligence Platforms data connector check requirements

func (*TICheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (t *TICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type TICheckRequirements.

func (TICheckRequirements) MarshalJSON added in v0.2.0 

func (t TICheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TICheckRequirements.

func (*TICheckRequirements) UnmarshalJSON added in v0.2.0 

func (t *TICheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TICheckRequirements.

type TICheckRequirementsProperties added in v0.2.0 

type TICheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TICheckRequirementsProperties - Threat Intelligence Platforms data connector required properties.

type TIDataConnector 

type TIDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// TI (Threat Intelligence) data connector properties.
	Properties *TIDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

TIDataConnector - Represents threat intelligence data connector.

func (*TIDataConnector) GetDataConnector added in v0.2.0 

func (t *TIDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type TIDataConnector.

func (TIDataConnector) MarshalJSON 

func (t TIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TIDataConnector.

func (*TIDataConnector) UnmarshalJSON 

func (t *TIDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnector.

type TIDataConnectorDataTypes 

type TIDataConnectorDataTypes struct {
	// REQUIRED; Data type for indicators connection.
	Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"`
}

TIDataConnectorDataTypes - The available data types for TI (Threat Intelligence) data connector.

type TIDataConnectorDataTypesIndicators 

type TIDataConnectorDataTypesIndicators struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

TIDataConnectorDataTypesIndicators - Data type for indicators connection.

type TIDataConnectorProperties 

type TIDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The lookback period for the feed to be imported.
	TipLookbackPeriod *time.Time `json:"tipLookbackPeriod,omitempty"`
}

TIDataConnectorProperties - TI (Threat Intelligence) data connector properties.

func (TIDataConnectorProperties) MarshalJSON 

func (t TIDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TIDataConnectorProperties.

func (*TIDataConnectorProperties) UnmarshalJSON 

func (t *TIDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorProperties.

type TeamInformation added in v0.2.0 

type TeamInformation struct {
	// READ-ONLY; The description of the team
	Description *string `json:"description,omitempty" azure:"ro"`

	// READ-ONLY; The name of the team
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; The primary channel URL of the team
	PrimaryChannelURL *string `json:"primaryChannelUrl,omitempty" azure:"ro"`

	// READ-ONLY; The time the team was created
	TeamCreationTimeUTC *time.Time `json:"teamCreationTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; Team ID
	TeamID *string `json:"teamId,omitempty" azure:"ro"`
}

TeamInformation - Describes team information

func (TeamInformation) MarshalJSON added in v0.2.0 

func (t TeamInformation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TeamInformation.

func (*TeamInformation) UnmarshalJSON added in v0.2.0 

func (t *TeamInformation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TeamInformation.

type TeamProperties added in v0.2.0 

type TeamProperties struct {
	// REQUIRED; The name of the team
	TeamName *string `json:"teamName,omitempty"`

	// List of group IDs to add their members to the team
	GroupIDs []*string `json:"groupIds,omitempty"`

	// List of member IDs to add to the team
	MemberIDs []*string `json:"memberIds,omitempty"`

	// The description of the team
	TeamDescription *string `json:"teamDescription,omitempty"`
}

TeamProperties - Describes team properties

func (TeamProperties) MarshalJSON added in v0.2.0 

func (t TeamProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TeamProperties.

type TemplateStatus 

type TemplateStatus string

TemplateStatus - The alert rule template status. 

const (
	// TemplateStatusAvailable - Alert rule template is available.
	TemplateStatusAvailable TemplateStatus = "Available"
	// TemplateStatusInstalled - Alert rule template installed. and can not use more then once
	TemplateStatusInstalled TemplateStatus = "Installed"
	// TemplateStatusNotAvailable - Alert rule template is not available
	TemplateStatusNotAvailable TemplateStatus = "NotAvailable"
)

func PossibleTemplateStatusValues 

func PossibleTemplateStatusValues() []TemplateStatus

PossibleTemplateStatusValues returns the possible values for the TemplateStatus const type.

func (TemplateStatus) ToPtr 

func (c TemplateStatus) ToPtr() *TemplateStatus

ToPtr returns a *TemplateStatus pointing to the current value.

type ThreatIntelligence 

type ThreatIntelligence struct {
	// READ-ONLY; Confidence (must be between 0 and 1)
	Confidence *float64 `json:"confidence,omitempty" azure:"ro"`

	// READ-ONLY; Name of the provider from whom this Threat Intelligence information was received
	ProviderName *string `json:"providerName,omitempty" azure:"ro"`

	// READ-ONLY; Report link
	ReportLink *string `json:"reportLink,omitempty" azure:"ro"`

	// READ-ONLY; Threat description (free text)
	ThreatDescription *string `json:"threatDescription,omitempty" azure:"ro"`

	// READ-ONLY; Threat name (e.g. "Jedobot malware")
	ThreatName *string `json:"threatName,omitempty" azure:"ro"`

	// READ-ONLY; Threat type (e.g. "Botnet")
	ThreatType *string `json:"threatType,omitempty" azure:"ro"`
}

ThreatIntelligence property bag.

type ThreatIntelligenceAlertRule added in v0.2.0 

type ThreatIntelligenceAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Threat Intelligence alert rule properties
	Properties *ThreatIntelligenceAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ThreatIntelligenceAlertRule - Represents Threat Intelligence alert rule.

func (*ThreatIntelligenceAlertRule) GetAlertRule added in v0.2.0 

func (t *ThreatIntelligenceAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type ThreatIntelligenceAlertRule.

func (ThreatIntelligenceAlertRule) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRule.

func (*ThreatIntelligenceAlertRule) UnmarshalJSON added in v0.2.0 

func (t *ThreatIntelligenceAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRule.

type ThreatIntelligenceAlertRuleProperties added in v0.2.0 

type ThreatIntelligenceAlertRuleProperties struct {
	// REQUIRED; The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty" azure:"ro"`

	// READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`

	// READ-ONLY; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"`

	// READ-ONLY; The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"`
}

ThreatIntelligenceAlertRuleProperties - Threat Intelligence alert rule base property bag.

func (ThreatIntelligenceAlertRuleProperties) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleProperties.

func (*ThreatIntelligenceAlertRuleProperties) UnmarshalJSON added in v0.2.0 

func (t *ThreatIntelligenceAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleProperties.

type ThreatIntelligenceAlertRuleTemplate added in v0.2.0 

type ThreatIntelligenceAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Threat Intelligence alert rule template properties
	Properties *ThreatIntelligenceAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ThreatIntelligenceAlertRuleTemplate - Represents Threat Intelligence alert rule template.

func (*ThreatIntelligenceAlertRuleTemplate) GetAlertRuleTemplate added in v0.2.0 

func (t *ThreatIntelligenceAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type ThreatIntelligenceAlertRuleTemplate.

func (ThreatIntelligenceAlertRuleTemplate) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleTemplate.

func (*ThreatIntelligenceAlertRuleTemplate) UnmarshalJSON added in v0.2.0 

func (t *ThreatIntelligenceAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleTemplate.

type ThreatIntelligenceAlertRuleTemplateProperties added in v0.2.0 

type ThreatIntelligenceAlertRuleTemplateProperties struct {
	// REQUIRED; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// The tactics of the alert rule template
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

ThreatIntelligenceAlertRuleTemplateProperties - Threat Intelligence alert rule template properties

func (ThreatIntelligenceAlertRuleTemplateProperties) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleTemplateProperties.

func (*ThreatIntelligenceAlertRuleTemplateProperties) UnmarshalJSON added in v0.2.0 

func (t *ThreatIntelligenceAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleTemplateProperties.

type ThreatIntelligenceAppendTags added in v0.2.0 

type ThreatIntelligenceAppendTags struct {
	// List of tags to be appended.
	ThreatIntelligenceTags []*string `json:"threatIntelligenceTags,omitempty"`
}

ThreatIntelligenceAppendTags - Array of tags to be appended to the threat intelligence indicator.

func (ThreatIntelligenceAppendTags) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceAppendTags) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAppendTags.

type ThreatIntelligenceExternalReference added in v0.2.0 

type ThreatIntelligenceExternalReference struct {
	// External reference description
	Description *string `json:"description,omitempty"`

	// External reference ID
	ExternalID *string `json:"externalId,omitempty"`

	// External reference hashes
	Hashes map[string]*string `json:"hashes,omitempty"`

	// External reference source name
	SourceName *string `json:"sourceName,omitempty"`

	// External reference URL
	URL *string `json:"url,omitempty"`
}

ThreatIntelligenceExternalReference - Describes external reference

func (ThreatIntelligenceExternalReference) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceExternalReference) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceExternalReference.

type ThreatIntelligenceFilteringCriteria added in v0.2.0 

type ThreatIntelligenceFilteringCriteria struct {
	// Ids of threat intelligence indicators
	IDs []*string `json:"ids,omitempty"`

	// Parameter to include/exclude disabled indicators.
	IncludeDisabled *bool `json:"includeDisabled,omitempty"`

	// Keywords for searching threat intelligence indicators
	Keywords []*string `json:"keywords,omitempty"`

	// Maximum confidence.
	MaxConfidence *int32 `json:"maxConfidence,omitempty"`

	// End time for ValidUntil filter.
	MaxValidUntil *string `json:"maxValidUntil,omitempty"`

	// Minimum confidence.
	MinConfidence *int32 `json:"minConfidence,omitempty"`

	// Start time for ValidUntil filter.
	MinValidUntil *string `json:"minValidUntil,omitempty"`

	// Page size
	PageSize *int32 `json:"pageSize,omitempty"`

	// Pattern types
	PatternTypes []*string `json:"patternTypes,omitempty"`

	// Skip token.
	SkipToken *string `json:"skipToken,omitempty"`

	// Columns to sort by and sorting order
	SortBy []*ThreatIntelligenceSortingCriteria `json:"sortBy,omitempty"`

	// Sources of threat intelligence indicators
	Sources []*string `json:"sources,omitempty"`

	// Threat types of threat intelligence indicators
	ThreatTypes []*string `json:"threatTypes,omitempty"`
}

ThreatIntelligenceFilteringCriteria - Filtering criteria for querying threat intelligence indicators.

func (ThreatIntelligenceFilteringCriteria) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceFilteringCriteria) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceFilteringCriteria.

type ThreatIntelligenceGranularMarkingModel added in v0.2.0 

type ThreatIntelligenceGranularMarkingModel struct {
	// Language granular marking model
	Language *string `json:"language,omitempty"`

	// marking reference granular marking model
	MarkingRef *int32 `json:"markingRef,omitempty"`

	// granular marking model selectors
	Selectors []*string `json:"selectors,omitempty"`
}

ThreatIntelligenceGranularMarkingModel - Describes threat granular marking model entity

func (ThreatIntelligenceGranularMarkingModel) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceGranularMarkingModel) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceGranularMarkingModel.

type ThreatIntelligenceIndicatorClient added in v0.2.0 

type ThreatIntelligenceIndicatorClient struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorClient contains the methods for the ThreatIntelligenceIndicator group. Don't use this type directly, use NewThreatIntelligenceIndicatorClient() instead.

func NewThreatIntelligenceIndicatorClient added in v0.2.0 

func NewThreatIntelligenceIndicatorClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *ThreatIntelligenceIndicatorClient

NewThreatIntelligenceIndicatorClient creates a new instance of ThreatIntelligenceIndicatorClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*ThreatIntelligenceIndicatorClient) AppendTags added in v0.2.0 

func (client *ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags, options *ThreatIntelligenceIndicatorClientAppendTagsOptions) (ThreatIntelligenceIndicatorClientAppendTagsResponse, error)

AppendTags - Append tags to a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. name - Threat intelligence indicator name field. threatIntelligenceAppendTags - The threat intelligence append tags request body options - ThreatIntelligenceIndicatorClientAppendTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.AppendTags method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil)
	_, err = client.AppendTags(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<name>",
		armsecurityinsight.ThreatIntelligenceAppendTags{
			ThreatIntelligenceTags: []*string{
				to.StringPtr("tag1"),
				to.StringPtr("tag2")},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*ThreatIntelligenceIndicatorClient) Create added in v0.2.0 

func (client *ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody, options *ThreatIntelligenceIndicatorClientCreateOptions) (ThreatIntelligenceIndicatorClientCreateResponse, error)

Create - Update a threat Intelligence indicator. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. name - Threat intelligence indicator name field. threatIntelligenceProperties - Properties of threat intelligence indicators to create and update. options - ThreatIntelligenceIndicatorClientCreateOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Create method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil)
	res, err := client.Create(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<name>",
		armsecurityinsight.ThreatIntelligenceIndicatorModelForRequestBody{
			Kind: armsecurityinsight.ThreatIntelligenceResourceKindEnum("indicator").ToPtr(),
			Properties: &armsecurityinsight.ThreatIntelligenceIndicatorProperties{
				Description:        to.StringPtr("<description>"),
				Confidence:         to.Int32Ptr(78),
				CreatedByRef:       to.StringPtr("<created-by-ref>"),
				DisplayName:        to.StringPtr("<display-name>"),
				ExternalReferences: []*armsecurityinsight.ThreatIntelligenceExternalReference{},
				GranularMarkings:   []*armsecurityinsight.ThreatIntelligenceGranularMarkingModel{},
				KillChainPhases:    []*armsecurityinsight.ThreatIntelligenceKillChainPhase{},
				Labels:             []*string{},
				Modified:           to.StringPtr("<modified>"),
				Pattern:            to.StringPtr("<pattern>"),
				PatternType:        to.StringPtr("<pattern-type>"),
				Revoked:            to.BoolPtr(false),
				Source:             to.StringPtr("<source>"),
				ThreatIntelligenceTags: []*string{
					to.StringPtr("new schema")},
				ThreatTypes: []*string{
					to.StringPtr("compromised")},
				ValidFrom:  to.StringPtr("<valid-from>"),
				ValidUntil: to.StringPtr("<valid-until>"),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.ThreatIntelligenceIndicatorClientCreateResult)
}

Output:

func (*ThreatIntelligenceIndicatorClient) CreateIndicator added in v0.2.0 

func (client *ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody, options *ThreatIntelligenceIndicatorClientCreateIndicatorOptions) (ThreatIntelligenceIndicatorClientCreateIndicatorResponse, error)

CreateIndicator - Create a new threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. threatIntelligenceProperties - Properties of threat intelligence indicators to create and update. options - ThreatIntelligenceIndicatorClientCreateIndicatorOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.CreateIndicator method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil)
	res, err := client.CreateIndicator(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		armsecurityinsight.ThreatIntelligenceIndicatorModelForRequestBody{
			Kind: armsecurityinsight.ThreatIntelligenceResourceKindEnum("indicator").ToPtr(),
			Properties: &armsecurityinsight.ThreatIntelligenceIndicatorProperties{
				Description:        to.StringPtr("<description>"),
				Confidence:         to.Int32Ptr(78),
				CreatedByRef:       to.StringPtr("<created-by-ref>"),
				DisplayName:        to.StringPtr("<display-name>"),
				ExternalReferences: []*armsecurityinsight.ThreatIntelligenceExternalReference{},
				GranularMarkings:   []*armsecurityinsight.ThreatIntelligenceGranularMarkingModel{},
				KillChainPhases:    []*armsecurityinsight.ThreatIntelligenceKillChainPhase{},
				Labels:             []*string{},
				Modified:           to.StringPtr("<modified>"),
				Pattern:            to.StringPtr("<pattern>"),
				PatternType:        to.StringPtr("<pattern-type>"),
				Revoked:            to.BoolPtr(false),
				Source:             to.StringPtr("<source>"),
				ThreatIntelligenceTags: []*string{
					to.StringPtr("new schema")},
				ThreatTypes: []*string{
					to.StringPtr("compromised")},
				ValidFrom:  to.StringPtr("<valid-from>"),
				ValidUntil: to.StringPtr("<valid-until>"),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.ThreatIntelligenceIndicatorClientCreateIndicatorResult)
}

Output:

func (*ThreatIntelligenceIndicatorClient) Delete added in v0.2.0 

func (client *ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, name string, options *ThreatIntelligenceIndicatorClientDeleteOptions) (ThreatIntelligenceIndicatorClientDeleteResponse, error)

Delete - Delete a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. name - Threat intelligence indicator name field. options - ThreatIntelligenceIndicatorClientDeleteOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*ThreatIntelligenceIndicatorClient) Get added in v0.2.0 

func (client *ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, name string, options *ThreatIntelligenceIndicatorClientGetOptions) (ThreatIntelligenceIndicatorClientGetResponse, error)

Get - View a threat intelligence indicator by name. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. name - Threat intelligence indicator name field. options - ThreatIntelligenceIndicatorClientGetOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.ThreatIntelligenceIndicatorClientGetResult)
}

Output:

func (*ThreatIntelligenceIndicatorClient) QueryIndicators added in v0.2.0 

func (client *ThreatIntelligenceIndicatorClient) QueryIndicators(resourceGroupName string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria, options *ThreatIntelligenceIndicatorClientQueryIndicatorsOptions) *ThreatIntelligenceIndicatorClientQueryIndicatorsPager

QueryIndicators - Query threat intelligence indicators as per filtering criteria. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. threatIntelligenceFilteringCriteria - Filtering criteria for querying threat intelligence indicators. options - ThreatIntelligenceIndicatorClientQueryIndicatorsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.QueryIndicators method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil)
	pager := client.QueryIndicators("<resource-group-name>",
		"<workspace-name>",
		armsecurityinsight.ThreatIntelligenceFilteringCriteria{
			MaxConfidence: to.Int32Ptr(80),
			MaxValidUntil: to.StringPtr("<max-valid-until>"),
			MinConfidence: to.Int32Ptr(25),
			MinValidUntil: to.StringPtr("<min-valid-until>"),
			PageSize:      to.Int32Ptr(100),
			SortBy: []*armsecurityinsight.ThreatIntelligenceSortingCriteria{
				{
					ItemKey:   to.StringPtr("<item-key>"),
					SortOrder: armsecurityinsight.ThreatIntelligenceSortingCriteriaEnum("descending").ToPtr(),
				}},
			Sources: []*string{
				to.StringPtr("Azure Sentinel")},
		},
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

func (*ThreatIntelligenceIndicatorClient) ReplaceTags added in v0.2.0 

func (client *ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody, options *ThreatIntelligenceIndicatorClientReplaceTagsOptions) (ThreatIntelligenceIndicatorClientReplaceTagsResponse, error)

ReplaceTags - Replace tags added to a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. name - Threat intelligence indicator name field. threatIntelligenceReplaceTags - Tags in the threat intelligence indicator to be replaced. options - ThreatIntelligenceIndicatorClientReplaceTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.ReplaceTags method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewThreatIntelligenceIndicatorClient("<subscription-id>", cred, nil)
	res, err := client.ReplaceTags(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<name>",
		armsecurityinsight.ThreatIntelligenceIndicatorModelForRequestBody{
			Kind: armsecurityinsight.ThreatIntelligenceResourceKindEnum("indicator").ToPtr(),
			Etag: to.StringPtr("<etag>"),
			Properties: &armsecurityinsight.ThreatIntelligenceIndicatorProperties{
				ThreatIntelligenceTags: []*string{
					to.StringPtr("patching tags")},
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.ThreatIntelligenceIndicatorClientReplaceTagsResult)
}

Output:

type ThreatIntelligenceIndicatorClientAppendTagsOptions added in v0.2.0 

type ThreatIntelligenceIndicatorClientAppendTagsOptions struct {
}

ThreatIntelligenceIndicatorClientAppendTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.AppendTags method.

type ThreatIntelligenceIndicatorClientAppendTagsResponse added in v0.2.0 

type ThreatIntelligenceIndicatorClientAppendTagsResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ThreatIntelligenceIndicatorClientAppendTagsResponse contains the response from method ThreatIntelligenceIndicatorClient.AppendTags.

type ThreatIntelligenceIndicatorClientCreateIndicatorOptions added in v0.2.0 

type ThreatIntelligenceIndicatorClientCreateIndicatorOptions struct {
}

ThreatIntelligenceIndicatorClientCreateIndicatorOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.CreateIndicator method.

type ThreatIntelligenceIndicatorClientCreateIndicatorResponse added in v0.2.0 

type ThreatIntelligenceIndicatorClientCreateIndicatorResponse struct {
	ThreatIntelligenceIndicatorClientCreateIndicatorResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ThreatIntelligenceIndicatorClientCreateIndicatorResponse contains the response from method ThreatIntelligenceIndicatorClient.CreateIndicator.

type ThreatIntelligenceIndicatorClientCreateIndicatorResult added in v0.2.0 

type ThreatIntelligenceIndicatorClientCreateIndicatorResult struct {
	ThreatIntelligenceInformation
}

ThreatIntelligenceIndicatorClientCreateIndicatorResult contains the result from method ThreatIntelligenceIndicatorClient.CreateIndicator.

type ThreatIntelligenceIndicatorClientCreateOptions added in v0.2.0 

type ThreatIntelligenceIndicatorClientCreateOptions struct {
}

ThreatIntelligenceIndicatorClientCreateOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Create method.

type ThreatIntelligenceIndicatorClientCreateResponse added in v0.2.0 

type ThreatIntelligenceIndicatorClientCreateResponse struct {
	ThreatIntelligenceIndicatorClientCreateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ThreatIntelligenceIndicatorClientCreateResponse contains the response from method ThreatIntelligenceIndicatorClient.Create.

type ThreatIntelligenceIndicatorClientCreateResult added in v0.2.0 

type ThreatIntelligenceIndicatorClientCreateResult struct {
	ThreatIntelligenceInformation
}

ThreatIntelligenceIndicatorClientCreateResult contains the result from method ThreatIntelligenceIndicatorClient.Create.

type ThreatIntelligenceIndicatorClientDeleteOptions added in v0.2.0 

type ThreatIntelligenceIndicatorClientDeleteOptions struct {
}

ThreatIntelligenceIndicatorClientDeleteOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Delete method.

type ThreatIntelligenceIndicatorClientDeleteResponse added in v0.2.0 

type ThreatIntelligenceIndicatorClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ThreatIntelligenceIndicatorClientDeleteResponse contains the response from method ThreatIntelligenceIndicatorClient.Delete.

type ThreatIntelligenceIndicatorClientGetOptions added in v0.2.0 

type ThreatIntelligenceIndicatorClientGetOptions struct {
}

ThreatIntelligenceIndicatorClientGetOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Get method.

type ThreatIntelligenceIndicatorClientGetResponse added in v0.2.0 

type ThreatIntelligenceIndicatorClientGetResponse struct {
	ThreatIntelligenceIndicatorClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ThreatIntelligenceIndicatorClientGetResponse contains the response from method ThreatIntelligenceIndicatorClient.Get.

type ThreatIntelligenceIndicatorClientGetResult added in v0.2.0 

type ThreatIntelligenceIndicatorClientGetResult struct {
	ThreatIntelligenceInformation
}

ThreatIntelligenceIndicatorClientGetResult contains the result from method ThreatIntelligenceIndicatorClient.Get.

type ThreatIntelligenceIndicatorClientQueryIndicatorsOptions added in v0.2.0 

type ThreatIntelligenceIndicatorClientQueryIndicatorsOptions struct {
}

ThreatIntelligenceIndicatorClientQueryIndicatorsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.QueryIndicators method.

type ThreatIntelligenceIndicatorClientQueryIndicatorsPager added in v0.2.0 

type ThreatIntelligenceIndicatorClientQueryIndicatorsPager struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorClientQueryIndicatorsPager provides operations for iterating over paged responses.

func (*ThreatIntelligenceIndicatorClientQueryIndicatorsPager) Err added in v0.2.0 

func (p *ThreatIntelligenceIndicatorClientQueryIndicatorsPager) Err() error

Err returns the last error encountered while paging.

func (*ThreatIntelligenceIndicatorClientQueryIndicatorsPager) NextPage added in v0.2.0 

func (p *ThreatIntelligenceIndicatorClientQueryIndicatorsPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*ThreatIntelligenceIndicatorClientQueryIndicatorsPager) PageResponse added in v0.2.0 

func (p *ThreatIntelligenceIndicatorClientQueryIndicatorsPager) PageResponse() ThreatIntelligenceIndicatorClientQueryIndicatorsResponse

PageResponse returns the current ThreatIntelligenceIndicatorClientQueryIndicatorsResponse page.

type ThreatIntelligenceIndicatorClientQueryIndicatorsResponse added in v0.2.0 

type ThreatIntelligenceIndicatorClientQueryIndicatorsResponse struct {
	ThreatIntelligenceIndicatorClientQueryIndicatorsResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ThreatIntelligenceIndicatorClientQueryIndicatorsResponse contains the response from method ThreatIntelligenceIndicatorClient.QueryIndicators.

type ThreatIntelligenceIndicatorClientQueryIndicatorsResult added in v0.2.0 

type ThreatIntelligenceIndicatorClientQueryIndicatorsResult struct {
	ThreatIntelligenceInformationList
}

ThreatIntelligenceIndicatorClientQueryIndicatorsResult contains the result from method ThreatIntelligenceIndicatorClient.QueryIndicators.

type ThreatIntelligenceIndicatorClientReplaceTagsOptions added in v0.2.0 

type ThreatIntelligenceIndicatorClientReplaceTagsOptions struct {
}

ThreatIntelligenceIndicatorClientReplaceTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.ReplaceTags method.

type ThreatIntelligenceIndicatorClientReplaceTagsResponse added in v0.2.0 

type ThreatIntelligenceIndicatorClientReplaceTagsResponse struct {
	ThreatIntelligenceIndicatorClientReplaceTagsResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ThreatIntelligenceIndicatorClientReplaceTagsResponse contains the response from method ThreatIntelligenceIndicatorClient.ReplaceTags.

type ThreatIntelligenceIndicatorClientReplaceTagsResult added in v0.2.0 

type ThreatIntelligenceIndicatorClientReplaceTagsResult struct {
	ThreatIntelligenceInformation
}

ThreatIntelligenceIndicatorClientReplaceTagsResult contains the result from method ThreatIntelligenceIndicatorClient.ReplaceTags.

type ThreatIntelligenceIndicatorMetricsClient added in v0.2.0 

type ThreatIntelligenceIndicatorMetricsClient struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorMetricsClient contains the methods for the ThreatIntelligenceIndicatorMetrics group. Don't use this type directly, use NewThreatIntelligenceIndicatorMetricsClient() instead.

func NewThreatIntelligenceIndicatorMetricsClient added in v0.2.0 

func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *ThreatIntelligenceIndicatorMetricsClient

NewThreatIntelligenceIndicatorMetricsClient creates a new instance of ThreatIntelligenceIndicatorMetricsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*ThreatIntelligenceIndicatorMetricsClient) List added in v0.2.0 

func (client *ThreatIntelligenceIndicatorMetricsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *ThreatIntelligenceIndicatorMetricsClientListOptions) (ThreatIntelligenceIndicatorMetricsClientListResponse, error)

List - Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - ThreatIntelligenceIndicatorMetricsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorMetricsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewThreatIntelligenceIndicatorMetricsClient("<subscription-id>", cred, nil)
	res, err := client.List(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.ThreatIntelligenceIndicatorMetricsClientListResult)
}

Output:

type ThreatIntelligenceIndicatorMetricsClientListOptions added in v0.2.0 

type ThreatIntelligenceIndicatorMetricsClientListOptions struct {
}

ThreatIntelligenceIndicatorMetricsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorMetricsClient.List method.

type ThreatIntelligenceIndicatorMetricsClientListResponse added in v0.2.0 

type ThreatIntelligenceIndicatorMetricsClientListResponse struct {
	ThreatIntelligenceIndicatorMetricsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ThreatIntelligenceIndicatorMetricsClientListResponse contains the response from method ThreatIntelligenceIndicatorMetricsClient.List.

type ThreatIntelligenceIndicatorMetricsClientListResult added in v0.2.0 

type ThreatIntelligenceIndicatorMetricsClientListResult struct {
	ThreatIntelligenceMetricsList
}

ThreatIntelligenceIndicatorMetricsClientListResult contains the result from method ThreatIntelligenceIndicatorMetricsClient.List.

type ThreatIntelligenceIndicatorModel added in v0.2.0 

type ThreatIntelligenceIndicatorModel struct {
	// REQUIRED; The kind of the entity.
	Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Threat Intelligence Entity properties
	Properties *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ThreatIntelligenceIndicatorModel - Threat intelligence indicator entity.

func (ThreatIntelligenceIndicatorModel) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorModel.

func (*ThreatIntelligenceIndicatorModel) UnmarshalJSON added in v0.2.0 

func (t *ThreatIntelligenceIndicatorModel) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorModel.

type ThreatIntelligenceIndicatorModelForRequestBody added in v0.2.0 

type ThreatIntelligenceIndicatorModelForRequestBody struct {
	// REQUIRED; The kind of the entity.
	Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Threat Intelligence Entity properties
	Properties *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"`
}

ThreatIntelligenceIndicatorModelForRequestBody - Threat intelligence indicator entity used in request body.

type ThreatIntelligenceIndicatorProperties added in v0.2.0 

type ThreatIntelligenceIndicatorProperties struct {
	// Confidence of threat intelligence entity
	Confidence *int32 `json:"confidence,omitempty"`

	// Created by
	Created *string `json:"created,omitempty"`

	// Created by reference of threat intelligence entity
	CreatedByRef *string `json:"createdByRef,omitempty"`

	// Is threat intelligence entity defanged
	Defanged *bool `json:"defanged,omitempty"`

	// Description of a threat intelligence entity
	Description *string `json:"description,omitempty"`

	// Display name of a threat intelligence entity
	DisplayName *string `json:"displayName,omitempty"`

	// Extensions map
	Extensions map[string]interface{} `json:"extensions,omitempty"`

	// External ID of threat intelligence entity
	ExternalID *string `json:"externalId,omitempty"`

	// External last updated time in UTC
	ExternalLastUpdatedTimeUTC *string `json:"externalLastUpdatedTimeUtc,omitempty"`

	// External References
	ExternalReferences []*ThreatIntelligenceExternalReference `json:"externalReferences,omitempty"`

	// Granular Markings
	GranularMarkings []*ThreatIntelligenceGranularMarkingModel `json:"granularMarkings,omitempty"`

	// Indicator types of threat intelligence entities
	IndicatorTypes []*string `json:"indicatorTypes,omitempty"`

	// Kill chain phases
	KillChainPhases []*ThreatIntelligenceKillChainPhase `json:"killChainPhases,omitempty"`

	// Labels of threat intelligence entity
	Labels []*string `json:"labels,omitempty"`

	// Language of threat intelligence entity
	Language *string `json:"language,omitempty"`

	// Last updated time in UTC
	LastUpdatedTimeUTC *string `json:"lastUpdatedTimeUtc,omitempty"`

	// Modified by
	Modified *string `json:"modified,omitempty"`

	// Threat intelligence entity object marking references
	ObjectMarkingRefs []*string `json:"objectMarkingRefs,omitempty"`

	// Parsed patterns
	ParsedPattern []*ThreatIntelligenceParsedPattern `json:"parsedPattern,omitempty"`

	// Pattern of a threat intelligence entity
	Pattern *string `json:"pattern,omitempty"`

	// Pattern type of a threat intelligence entity
	PatternType *string `json:"patternType,omitempty"`

	// Pattern version of a threat intelligence entity
	PatternVersion *string `json:"patternVersion,omitempty"`

	// Is threat intelligence entity revoked
	Revoked *bool `json:"revoked,omitempty"`

	// Source of a threat intelligence entity
	Source *string `json:"source,omitempty"`

	// List of tags
	ThreatIntelligenceTags []*string `json:"threatIntelligenceTags,omitempty"`

	// Threat types
	ThreatTypes []*string `json:"threatTypes,omitempty"`

	// Valid from
	ValidFrom *string `json:"validFrom,omitempty"`

	// Valid until
	ValidUntil *string `json:"validUntil,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`
}

ThreatIntelligenceIndicatorProperties - Describes threat intelligence entity properties

func (ThreatIntelligenceIndicatorProperties) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorProperties.

type ThreatIntelligenceIndicatorsClient added in v0.2.0 

type ThreatIntelligenceIndicatorsClient struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorsClient contains the methods for the ThreatIntelligenceIndicators group. Don't use this type directly, use NewThreatIntelligenceIndicatorsClient() instead.

func NewThreatIntelligenceIndicatorsClient added in v0.2.0 

func NewThreatIntelligenceIndicatorsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *ThreatIntelligenceIndicatorsClient

NewThreatIntelligenceIndicatorsClient creates a new instance of ThreatIntelligenceIndicatorsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*ThreatIntelligenceIndicatorsClient) List added in v0.2.0 

func (client *ThreatIntelligenceIndicatorsClient) List(resourceGroupName string, workspaceName string, options *ThreatIntelligenceIndicatorsClientListOptions) *ThreatIntelligenceIndicatorsClientListPager

List - Get all threat intelligence indicators. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - ThreatIntelligenceIndicatorsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewThreatIntelligenceIndicatorsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		&armsecurityinsight.ThreatIntelligenceIndicatorsClientListOptions{Filter: nil,
			Orderby:   nil,
			Top:       nil,
			SkipToken: nil,
		})
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type ThreatIntelligenceIndicatorsClientListOptions added in v0.2.0 

type ThreatIntelligenceIndicatorsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

ThreatIntelligenceIndicatorsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorsClient.List method.

type ThreatIntelligenceIndicatorsClientListPager added in v0.2.0 

type ThreatIntelligenceIndicatorsClientListPager struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorsClientListPager provides operations for iterating over paged responses.

func (*ThreatIntelligenceIndicatorsClientListPager) Err added in v0.2.0 

func (p *ThreatIntelligenceIndicatorsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*ThreatIntelligenceIndicatorsClientListPager) NextPage added in v0.2.0 

func (p *ThreatIntelligenceIndicatorsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*ThreatIntelligenceIndicatorsClientListPager) PageResponse added in v0.2.0 

func (p *ThreatIntelligenceIndicatorsClientListPager) PageResponse() ThreatIntelligenceIndicatorsClientListResponse

PageResponse returns the current ThreatIntelligenceIndicatorsClientListResponse page.

type ThreatIntelligenceIndicatorsClientListResponse added in v0.2.0 

type ThreatIntelligenceIndicatorsClientListResponse struct {
	ThreatIntelligenceIndicatorsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

ThreatIntelligenceIndicatorsClientListResponse contains the response from method ThreatIntelligenceIndicatorsClient.List.

type ThreatIntelligenceIndicatorsClientListResult added in v0.2.0 

type ThreatIntelligenceIndicatorsClientListResult struct {
	ThreatIntelligenceInformationList
}

ThreatIntelligenceIndicatorsClientListResult contains the result from method ThreatIntelligenceIndicatorsClient.List.

type ThreatIntelligenceInformation added in v0.2.0 

type ThreatIntelligenceInformation struct {
	// REQUIRED; The kind of the entity.
	Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ThreatIntelligenceInformation - Threat intelligence information object.

type ThreatIntelligenceInformationList added in v0.2.0 

type ThreatIntelligenceInformationList struct {
	// REQUIRED; Array of threat intelligence information objects.
	Value []*ThreatIntelligenceInformation `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of information objects.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

ThreatIntelligenceInformationList - List of all the threat intelligence information objects.

func (ThreatIntelligenceInformationList) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceInformationList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceInformationList.

type ThreatIntelligenceKillChainPhase added in v0.2.0 

type ThreatIntelligenceKillChainPhase struct {
	// Kill chainName name
	KillChainName *string `json:"killChainName,omitempty"`

	// Phase name
	PhaseName *string `json:"phaseName,omitempty"`
}

ThreatIntelligenceKillChainPhase - Describes threat kill chain phase entity

type ThreatIntelligenceMetric added in v0.2.0 

type ThreatIntelligenceMetric struct {
	// Last updated indicator metric
	LastUpdatedTimeUTC *string `json:"lastUpdatedTimeUtc,omitempty"`

	// Pattern type metrics
	PatternTypeMetrics []*ThreatIntelligenceMetricEntity `json:"patternTypeMetrics,omitempty"`

	// Source metrics
	SourceMetrics []*ThreatIntelligenceMetricEntity `json:"sourceMetrics,omitempty"`

	// Threat type metrics
	ThreatTypeMetrics []*ThreatIntelligenceMetricEntity `json:"threatTypeMetrics,omitempty"`
}

ThreatIntelligenceMetric - Describes threat intelligence metric

func (ThreatIntelligenceMetric) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceMetric) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetric.

type ThreatIntelligenceMetricEntity added in v0.2.0 

type ThreatIntelligenceMetricEntity struct {
	// Metric name
	MetricName *string `json:"metricName,omitempty"`

	// Metric value
	MetricValue *int32 `json:"metricValue,omitempty"`
}

ThreatIntelligenceMetricEntity - Describes threat intelligence metric entity

type ThreatIntelligenceMetrics added in v0.2.0 

type ThreatIntelligenceMetrics struct {
	// Threat intelligence metrics.
	Properties *ThreatIntelligenceMetric `json:"properties,omitempty"`
}

ThreatIntelligenceMetrics - Threat intelligence metrics.

type ThreatIntelligenceMetricsList added in v0.2.0 

type ThreatIntelligenceMetricsList struct {
	// REQUIRED; Array of threat intelligence metric fields (type/threat type/source).
	Value []*ThreatIntelligenceMetrics `json:"value,omitempty"`
}

ThreatIntelligenceMetricsList - List of all the threat intelligence metric fields (type/threat type/source).

func (ThreatIntelligenceMetricsList) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceMetricsList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetricsList.

type ThreatIntelligenceParsedPattern added in v0.2.0 

type ThreatIntelligenceParsedPattern struct {
	// Pattern type key
	PatternTypeKey *string `json:"patternTypeKey,omitempty"`

	// Pattern type keys
	PatternTypeValues []*ThreatIntelligenceParsedPatternTypeValue `json:"patternTypeValues,omitempty"`
}

ThreatIntelligenceParsedPattern - Describes parsed pattern entity

func (ThreatIntelligenceParsedPattern) MarshalJSON added in v0.2.0 

func (t ThreatIntelligenceParsedPattern) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceParsedPattern.

type ThreatIntelligenceParsedPatternTypeValue added in v0.2.0 

type ThreatIntelligenceParsedPatternTypeValue struct {
	// Value of parsed pattern
	Value *string `json:"value,omitempty"`

	// Type of the value
	ValueType *string `json:"valueType,omitempty"`
}

ThreatIntelligenceParsedPatternTypeValue - Describes threat kill chain phase entity

type ThreatIntelligenceResourceKind added in v0.2.0 

type ThreatIntelligenceResourceKind struct {
	// REQUIRED; The kind of the entity.
	Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"`
}

ThreatIntelligenceResourceKind - Describes an entity with kind.

type ThreatIntelligenceResourceKindEnum added in v0.2.0 

type ThreatIntelligenceResourceKindEnum string

ThreatIntelligenceResourceKindEnum - The kind of the threat intelligence entity 

const (
	// ThreatIntelligenceResourceKindEnumIndicator - Entity represents threat intelligence indicator in the system.
	ThreatIntelligenceResourceKindEnumIndicator ThreatIntelligenceResourceKindEnum = "indicator"
)

func PossibleThreatIntelligenceResourceKindEnumValues added in v0.2.0 

func PossibleThreatIntelligenceResourceKindEnumValues() []ThreatIntelligenceResourceKindEnum

PossibleThreatIntelligenceResourceKindEnumValues returns the possible values for the ThreatIntelligenceResourceKindEnum const type.

func (ThreatIntelligenceResourceKindEnum) ToPtr added in v0.2.0 

func (c ThreatIntelligenceResourceKindEnum) ToPtr() *ThreatIntelligenceResourceKindEnum

ToPtr returns a *ThreatIntelligenceResourceKindEnum pointing to the current value.

type ThreatIntelligenceSortingCriteria added in v0.2.0 

type ThreatIntelligenceSortingCriteria struct {
	// Column name
	ItemKey *string `json:"itemKey,omitempty"`

	// Sorting order (ascending/descending/unsorted).
	SortOrder *ThreatIntelligenceSortingCriteriaEnum `json:"sortOrder,omitempty"`
}

ThreatIntelligenceSortingCriteria - List of available columns for sorting

type ThreatIntelligenceSortingCriteriaEnum added in v0.2.0 

type ThreatIntelligenceSortingCriteriaEnum string

ThreatIntelligenceSortingCriteriaEnum - Sorting order (ascending/descending/unsorted). 

const (
	ThreatIntelligenceSortingCriteriaEnumAscending  ThreatIntelligenceSortingCriteriaEnum = "ascending"
	ThreatIntelligenceSortingCriteriaEnumDescending ThreatIntelligenceSortingCriteriaEnum = "descending"
	ThreatIntelligenceSortingCriteriaEnumUnsorted   ThreatIntelligenceSortingCriteriaEnum = "unsorted"
)

func PossibleThreatIntelligenceSortingCriteriaEnumValues added in v0.2.0 

func PossibleThreatIntelligenceSortingCriteriaEnumValues() []ThreatIntelligenceSortingCriteriaEnum

PossibleThreatIntelligenceSortingCriteriaEnumValues returns the possible values for the ThreatIntelligenceSortingCriteriaEnum const type.

func (ThreatIntelligenceSortingCriteriaEnum) ToPtr added in v0.2.0 

func (c ThreatIntelligenceSortingCriteriaEnum) ToPtr() *ThreatIntelligenceSortingCriteriaEnum

ToPtr returns a *ThreatIntelligenceSortingCriteriaEnum pointing to the current value.

type TiTaxiiCheckRequirements added in v0.2.0 

type TiTaxiiCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Threat Intelligence TAXII check required properties.
	Properties *TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"`
}

TiTaxiiCheckRequirements - Threat Intelligence TAXII data connector check requirements

func (*TiTaxiiCheckRequirements) GetDataConnectorsCheckRequirements added in v0.2.0 

func (t *TiTaxiiCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) MarshalJSON added in v0.2.0 

func (t TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TiTaxiiCheckRequirements.

func (*TiTaxiiCheckRequirements) UnmarshalJSON added in v0.2.0 

func (t *TiTaxiiCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiCheckRequirements.

type TiTaxiiCheckRequirementsProperties added in v0.2.0 

type TiTaxiiCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII data connector required properties.

type TiTaxiiDataConnector added in v0.2.0 

type TiTaxiiDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Threat intelligence TAXII data connector properties.
	Properties *TiTaxiiDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

TiTaxiiDataConnector - Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server

func (*TiTaxiiDataConnector) GetDataConnector added in v0.2.0 

func (t *TiTaxiiDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type TiTaxiiDataConnector.

func (TiTaxiiDataConnector) MarshalJSON added in v0.2.0 

func (t TiTaxiiDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnector.

func (*TiTaxiiDataConnector) UnmarshalJSON added in v0.2.0 

func (t *TiTaxiiDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnector.

type TiTaxiiDataConnectorDataTypes added in v0.2.0 

type TiTaxiiDataConnectorDataTypes struct {
	// REQUIRED; Data type for TAXII connector.
	TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"`
}

TiTaxiiDataConnectorDataTypes - The available data types for Threat Intelligence TAXII data connector.

type TiTaxiiDataConnectorDataTypesTaxiiClient added in v0.2.0 

type TiTaxiiDataConnectorDataTypesTaxiiClient struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

TiTaxiiDataConnectorDataTypesTaxiiClient - Data type for TAXII connector.

type TiTaxiiDataConnectorProperties added in v0.2.0 

type TiTaxiiDataConnectorProperties struct {
	// REQUIRED; The available data types for Threat Intelligence TAXII data connector.
	DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The polling frequency for the TAXII server.
	PollingFrequency *PollingFrequency `json:"pollingFrequency,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The collection id of the TAXII server.
	CollectionID *string `json:"collectionId,omitempty"`

	// The friendly name for the TAXII server.
	FriendlyName *string `json:"friendlyName,omitempty"`

	// The password for the TAXII server.
	Password *string `json:"password,omitempty"`

	// The lookback period for the TAXII server.
	TaxiiLookbackPeriod *time.Time `json:"taxiiLookbackPeriod,omitempty"`

	// The API root for the TAXII server.
	TaxiiServer *string `json:"taxiiServer,omitempty"`

	// The userName for the TAXII server.
	UserName *string `json:"userName,omitempty"`

	// The workspace id.
	WorkspaceID *string `json:"workspaceId,omitempty"`
}

TiTaxiiDataConnectorProperties - Threat Intelligence TAXII data connector properties.

func (TiTaxiiDataConnectorProperties) MarshalJSON added in v0.2.0 

func (t TiTaxiiDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnectorProperties.

func (*TiTaxiiDataConnectorProperties) UnmarshalJSON added in v0.2.0 

func (t *TiTaxiiDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnectorProperties.

type TimelineAggregation added in v0.2.0 

type TimelineAggregation struct {
	// REQUIRED; the total items found for a kind
	Count *int32 `json:"count,omitempty"`

	// REQUIRED; the query kind
	Kind *EntityTimelineKind `json:"kind,omitempty"`
}

TimelineAggregation - timeline aggregation information per kind

type TimelineError added in v0.2.0 

type TimelineError struct {
	// REQUIRED; the error message
	ErrorMessage *string `json:"errorMessage,omitempty"`

	// REQUIRED; the query kind
	Kind *EntityTimelineKind `json:"kind,omitempty"`

	// the query id
	QueryID *string `json:"queryId,omitempty"`
}

TimelineError - Timeline Query Errors.

type TimelineResultsMetadata added in v0.2.0 

type TimelineResultsMetadata struct {
	// REQUIRED; timeline aggregation per kind
	Aggregations []*TimelineAggregation `json:"aggregations,omitempty"`

	// REQUIRED; the total items found for the timeline request
	TotalCount *int32 `json:"totalCount,omitempty"`

	// information about the failure queries
	Errors []*TimelineError `json:"errors,omitempty"`
}

TimelineResultsMetadata - Expansion result metadata.

func (TimelineResultsMetadata) MarshalJSON added in v0.2.0 

func (t TimelineResultsMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TimelineResultsMetadata.

type TriggerOperator 

type TriggerOperator string

TriggerOperator - The operation against the threshold that triggers alert rule. 

const (
	TriggerOperatorGreaterThan TriggerOperator = "GreaterThan"
	TriggerOperatorLessThan    TriggerOperator = "LessThan"
	TriggerOperatorEqual       TriggerOperator = "Equal"
	TriggerOperatorNotEqual    TriggerOperator = "NotEqual"
)

func PossibleTriggerOperatorValues 

func PossibleTriggerOperatorValues() []TriggerOperator

PossibleTriggerOperatorValues returns the possible values for the TriggerOperator const type.

func (TriggerOperator) ToPtr 

func (c TriggerOperator) ToPtr() *TriggerOperator

ToPtr returns a *TriggerOperator pointing to the current value.

type TriggersOn added in v0.2.0 

type TriggersOn string

TriggersOn - The type of object the automation rule triggers on 

const (
	// TriggersOnIncidents - Trigger on Incidents
	TriggersOnIncidents TriggersOn = "Incidents"
)

func PossibleTriggersOnValues added in v0.2.0 

func PossibleTriggersOnValues() []TriggersOn

PossibleTriggersOnValues returns the possible values for the TriggersOn const type.

func (TriggersOn) ToPtr added in v0.2.0 

func (c TriggersOn) ToPtr() *TriggersOn

ToPtr returns a *TriggersOn pointing to the current value.

type TriggersWhen added in v0.2.0 

type TriggersWhen string

TriggersWhen - The type of event the automation rule triggers on 

const (
	// TriggersWhenCreated - Trigger on created objects
	TriggersWhenCreated TriggersWhen = "Created"
)

func PossibleTriggersWhenValues added in v0.2.0 

func PossibleTriggersWhenValues() []TriggersWhen

PossibleTriggersWhenValues returns the possible values for the TriggersWhen const type.

func (TriggersWhen) ToPtr added in v0.2.0 

func (c TriggersWhen) ToPtr() *TriggersWhen

ToPtr returns a *TriggersWhen pointing to the current value.

type URLEntity added in v0.2.0 

type URLEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Url entity properties
	Properties *URLEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

URLEntity - Represents a url entity.

func (*URLEntity) GetEntity added in v0.2.0 

func (u *URLEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type URLEntity.

func (URLEntity) MarshalJSON added in v0.2.0 

func (u URLEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type URLEntity.

func (*URLEntity) UnmarshalJSON added in v0.2.0 

func (u *URLEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type URLEntity.

type URLEntityProperties added in v0.2.0 

type URLEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]map[string]interface{} `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; A full URL the entity points to
	URL *string `json:"url,omitempty" azure:"ro"`
}

URLEntityProperties - Url entity property bag.

func (URLEntityProperties) MarshalJSON added in v0.2.0 

func (u URLEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type URLEntityProperties.

type Ueba added in v0.2.0 

type Ueba struct {
	// REQUIRED; The kind of the setting
	Kind *SettingKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Ueba properties
	Properties *UebaProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Ueba - Settings with single toggle.

func (*Ueba) GetSettings added in v0.2.0 

func (u *Ueba) GetSettings() *Settings

GetSettings implements the SettingsClassification interface for type Ueba.

func (Ueba) MarshalJSON added in v0.2.0 

func (u Ueba) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Ueba.

func (*Ueba) UnmarshalJSON added in v0.2.0 

func (u *Ueba) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Ueba.

type UebaDataSources added in v0.2.0 

type UebaDataSources string

UebaDataSources - The data source that enriched by ueba. 

const (
	UebaDataSourcesAuditLogs     UebaDataSources = "AuditLogs"
	UebaDataSourcesAzureActivity UebaDataSources = "AzureActivity"
	UebaDataSourcesSecurityEvent UebaDataSources = "SecurityEvent"
	UebaDataSourcesSigninLogs    UebaDataSources = "SigninLogs"
)

func PossibleUebaDataSourcesValues added in v0.2.0 

func PossibleUebaDataSourcesValues() []UebaDataSources

PossibleUebaDataSourcesValues returns the possible values for the UebaDataSources const type.

func (UebaDataSources) ToPtr added in v0.2.0 

func (c UebaDataSources) ToPtr() *UebaDataSources

ToPtr returns a *UebaDataSources pointing to the current value.

type UebaProperties added in v0.2.0 

type UebaProperties struct {
	// The relevant data sources that enriched by ueba
	DataSources []*UebaDataSources `json:"dataSources,omitempty"`
}

UebaProperties - Ueba property bag.

func (UebaProperties) MarshalJSON added in v0.2.0 

func (u UebaProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type UebaProperties.

type UserInfo 

type UserInfo struct {
	// The object id of the user.
	ObjectID *string `json:"objectId,omitempty"`

	// READ-ONLY; The email of the user.
	Email *string `json:"email,omitempty" azure:"ro"`

	// READ-ONLY; The name of the user.
	Name *string `json:"name,omitempty" azure:"ro"`
}

UserInfo - User information that made some action

type Watchlist added in v0.2.0 

type Watchlist struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Watchlist properties
	Properties *WatchlistProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Watchlist - Represents a Watchlist in Azure Security Insights.

type WatchlistItem added in v0.2.0 

type WatchlistItem struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Watchlist Item properties
	Properties *WatchlistItemProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

WatchlistItem - Represents a Watchlist item in Azure Security Insights.

type WatchlistItemList added in v0.2.0 

type WatchlistItemList struct {
	// REQUIRED; Array of watchlist items.
	Value []*WatchlistItem `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of watchlist item.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

WatchlistItemList - List all the watchlist items.

func (WatchlistItemList) MarshalJSON added in v0.2.0 

func (w WatchlistItemList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistItemList.

type WatchlistItemProperties added in v0.2.0 

type WatchlistItemProperties struct {
	// REQUIRED; key-value pairs for a watchlist item
	ItemsKeyValue map[string]interface{} `json:"itemsKeyValue,omitempty"`

	// The time the watchlist item was created
	Created *time.Time `json:"created,omitempty"`

	// Describes a user that created the watchlist item
	CreatedBy *UserInfo `json:"createdBy,omitempty"`

	// key-value pairs for a watchlist item entity mapping
	EntityMapping map[string]interface{} `json:"entityMapping,omitempty"`

	// A flag that indicates if the watchlist item is deleted or not
	IsDeleted *bool `json:"isDeleted,omitempty"`

	// The tenantId to which the watchlist item belongs to
	TenantID *string `json:"tenantId,omitempty"`

	// The last time the watchlist item was updated
	Updated *time.Time `json:"updated,omitempty"`

	// Describes a user that updated the watchlist item
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`

	// The id (a Guid) of the watchlist item
	WatchlistItemID *string `json:"watchlistItemId,omitempty"`

	// The type of the watchlist item
	WatchlistItemType *string `json:"watchlistItemType,omitempty"`
}

WatchlistItemProperties - Describes watchlist item properties

func (WatchlistItemProperties) MarshalJSON added in v0.2.0 

func (w WatchlistItemProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistItemProperties.

func (*WatchlistItemProperties) UnmarshalJSON added in v0.2.0 

func (w *WatchlistItemProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistItemProperties.

type WatchlistItemsClient added in v0.2.0 

type WatchlistItemsClient struct {
	// contains filtered or unexported fields
}

WatchlistItemsClient contains the methods for the WatchlistItems group. Don't use this type directly, use NewWatchlistItemsClient() instead.

func NewWatchlistItemsClient added in v0.2.0 

func NewWatchlistItemsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *WatchlistItemsClient

NewWatchlistItemsClient creates a new instance of WatchlistItemsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*WatchlistItemsClient) CreateOrUpdate added in v0.2.0 

func (client *WatchlistItemsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, watchlistItem WatchlistItem, options *WatchlistItemsClientCreateOrUpdateOptions) (WatchlistItemsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates a watchlist item. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias watchlistItemID - Watchlist Item Id (GUID) watchlistItem - The watchlist item options - WatchlistItemsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistItemsClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/CreateWatchlistItem.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewWatchlistItemsClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<watchlist-alias>",
		"<watchlist-item-id>",
		armsecurityinsight.WatchlistItem{
			Etag: to.StringPtr("<etag>"),
			Properties: &armsecurityinsight.WatchlistItemProperties{
				ItemsKeyValue: map[string]interface{}{
					"Business tier":  "10.0.2.0/24",
					"Data tier":      "10.0.2.0/24",
					"Gateway subnet": "10.0.255.224/27",
					"Private DMZ in": "10.0.0.0/27",
					"Public DMZ out": "10.0.0.96/27",
					"Web Tier":       "10.0.1.0/24",
				},
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.WatchlistItemsClientCreateOrUpdateResult)
}

Output:

func (*WatchlistItemsClient) Delete added in v0.2.0 

func (client *WatchlistItemsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientDeleteOptions) (WatchlistItemsClientDeleteResponse, error)

Delete - Delete a watchlist item. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias watchlistItemID - Watchlist Item Id (GUID) options - WatchlistItemsClientDeleteOptions contains the optional parameters for the WatchlistItemsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/DeleteWatchlistItem.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewWatchlistItemsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<watchlist-alias>",
		"<watchlist-item-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*WatchlistItemsClient) Get added in v0.2.0 

func (client *WatchlistItemsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientGetOptions) (WatchlistItemsClientGetResponse, error)

Get - Gets a watchlist, without its watchlist items. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias watchlistItemID - Watchlist Item Id (GUID) options - WatchlistItemsClientGetOptions contains the optional parameters for the WatchlistItemsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlistItemById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewWatchlistItemsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<watchlist-alias>",
		"<watchlist-item-id>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.WatchlistItemsClientGetResult)
}

Output:

func (*WatchlistItemsClient) List added in v0.2.0 

func (client *WatchlistItemsClient) List(resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistItemsClientListOptions) *WatchlistItemsClientListPager

List - Gets all watchlist Items. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias options - WatchlistItemsClientListOptions contains the optional parameters for the WatchlistItemsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlistItems.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewWatchlistItemsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		"<watchlist-alias>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type WatchlistItemsClientCreateOrUpdateOptions added in v0.2.0 

type WatchlistItemsClientCreateOrUpdateOptions struct {
}

WatchlistItemsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistItemsClient.CreateOrUpdate method.

type WatchlistItemsClientCreateOrUpdateResponse added in v0.2.0 

type WatchlistItemsClientCreateOrUpdateResponse struct {
	WatchlistItemsClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

WatchlistItemsClientCreateOrUpdateResponse contains the response from method WatchlistItemsClient.CreateOrUpdate.

type WatchlistItemsClientCreateOrUpdateResult added in v0.2.0 

type WatchlistItemsClientCreateOrUpdateResult struct {
	WatchlistItem
}

WatchlistItemsClientCreateOrUpdateResult contains the result from method WatchlistItemsClient.CreateOrUpdate.

type WatchlistItemsClientDeleteOptions added in v0.2.0 

type WatchlistItemsClientDeleteOptions struct {
}

WatchlistItemsClientDeleteOptions contains the optional parameters for the WatchlistItemsClient.Delete method.

type WatchlistItemsClientDeleteResponse added in v0.2.0 

type WatchlistItemsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

WatchlistItemsClientDeleteResponse contains the response from method WatchlistItemsClient.Delete.

type WatchlistItemsClientGetOptions added in v0.2.0 

type WatchlistItemsClientGetOptions struct {
}

WatchlistItemsClientGetOptions contains the optional parameters for the WatchlistItemsClient.Get method.

type WatchlistItemsClientGetResponse added in v0.2.0 

type WatchlistItemsClientGetResponse struct {
	WatchlistItemsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

WatchlistItemsClientGetResponse contains the response from method WatchlistItemsClient.Get.

type WatchlistItemsClientGetResult added in v0.2.0 

type WatchlistItemsClientGetResult struct {
	WatchlistItem
}

WatchlistItemsClientGetResult contains the result from method WatchlistItemsClient.Get.

type WatchlistItemsClientListOptions added in v0.2.0 

type WatchlistItemsClientListOptions struct {
}

WatchlistItemsClientListOptions contains the optional parameters for the WatchlistItemsClient.List method.

type WatchlistItemsClientListPager added in v0.2.0 

type WatchlistItemsClientListPager struct {
	// contains filtered or unexported fields
}

WatchlistItemsClientListPager provides operations for iterating over paged responses.

func (*WatchlistItemsClientListPager) Err added in v0.2.0 

func (p *WatchlistItemsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*WatchlistItemsClientListPager) NextPage added in v0.2.0 

func (p *WatchlistItemsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*WatchlistItemsClientListPager) PageResponse added in v0.2.0 

func (p *WatchlistItemsClientListPager) PageResponse() WatchlistItemsClientListResponse

PageResponse returns the current WatchlistItemsClientListResponse page.

type WatchlistItemsClientListResponse added in v0.2.0 

type WatchlistItemsClientListResponse struct {
	WatchlistItemsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

WatchlistItemsClientListResponse contains the response from method WatchlistItemsClient.List.

type WatchlistItemsClientListResult added in v0.2.0 

type WatchlistItemsClientListResult struct {
	WatchlistItemList
}

WatchlistItemsClientListResult contains the result from method WatchlistItemsClient.List.

type WatchlistList added in v0.2.0 

type WatchlistList struct {
	// REQUIRED; Array of watchlist.
	Value []*Watchlist `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of watchlists.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

WatchlistList - List all the watchlists.

func (WatchlistList) MarshalJSON added in v0.2.0 

func (w WatchlistList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistList.

type WatchlistProperties added in v0.2.0 

type WatchlistProperties struct {
	// REQUIRED; The display name of the watchlist
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The search key is used to optimize query performance when using watchlists for joins with other data. For example,
	// enable a column with IP addresses to be the designated SearchKey field, then use this
	// field as the key field when joining to other event data by IP address.
	ItemsSearchKey *string `json:"itemsSearchKey,omitempty"`

	// REQUIRED; The provider of the watchlist
	Provider *string `json:"provider,omitempty"`

	// REQUIRED; The source of the watchlist
	Source *Source `json:"source,omitempty"`

	// The content type of the raw content. Example : text/csv or text/tsv
	ContentType *string `json:"contentType,omitempty"`

	// The time the watchlist was created
	Created *time.Time `json:"created,omitempty"`

	// Describes a user that created the watchlist
	CreatedBy *UserInfo `json:"createdBy,omitempty"`

	// The default duration of a watchlist (in ISO 8601 duration format)
	DefaultDuration *string `json:"defaultDuration,omitempty"`

	// A description of the watchlist
	Description *string `json:"description,omitempty"`

	// A flag that indicates if the watchlist is deleted or not
	IsDeleted *bool `json:"isDeleted,omitempty"`

	// List of labels relevant to this watchlist
	Labels []*string `json:"labels,omitempty"`

	// The number of lines in a csv/tsv content to skip before the header
	NumberOfLinesToSkip *int32 `json:"numberOfLinesToSkip,omitempty"`

	// The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the
	// file that will parsed by the endpoint
	RawContent *string `json:"rawContent,omitempty"`

	// The tenantId where the watchlist belongs to
	TenantID *string `json:"tenantId,omitempty"`

	// The last time the watchlist was updated
	Updated *time.Time `json:"updated,omitempty"`

	// Describes a user that updated the watchlist
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`

	// The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to
	// InProgress, the Watchlist cannot be deleted
	UploadStatus *string `json:"uploadStatus,omitempty"`

	// The alias of the watchlist
	WatchlistAlias *string `json:"watchlistAlias,omitempty"`

	// The id (a Guid) of the watchlist
	WatchlistID *string `json:"watchlistId,omitempty"`

	// The number of Watchlist Items in the Watchlist
	WatchlistItemsCount *int32 `json:"watchlistItemsCount,omitempty"`

	// The type of the watchlist
	WatchlistType *string `json:"watchlistType,omitempty"`
}

WatchlistProperties - Describes watchlist properties

func (WatchlistProperties) MarshalJSON added in v0.2.0 

func (w WatchlistProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistProperties.

func (*WatchlistProperties) UnmarshalJSON added in v0.2.0 

func (w *WatchlistProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistProperties.

type WatchlistsClient added in v0.2.0 

type WatchlistsClient struct {
	// contains filtered or unexported fields
}

WatchlistsClient contains the methods for the Watchlists group. Don't use this type directly, use NewWatchlistsClient() instead.

func NewWatchlistsClient added in v0.2.0 

func NewWatchlistsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) *WatchlistsClient

NewWatchlistsClient creates a new instance of WatchlistsClient with the specified values. subscriptionID - The ID of the target subscription. credential - used to authorize requests. Usually a credential from azidentity. options - pass nil to accept the default values.

func (*WatchlistsClient) CreateOrUpdate added in v0.2.0 

func (client *WatchlistsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist, options *WatchlistsClientCreateOrUpdateOptions) (WatchlistsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its items, we should call this endpoint with rawContent and contentType properties. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias watchlist - The watchlist options - WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewWatchlistsClient("<subscription-id>", cred, nil)
	res, err := client.CreateOrUpdate(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<watchlist-alias>",
		armsecurityinsight.Watchlist{
			Etag: to.StringPtr("<etag>"),
			Properties: &armsecurityinsight.WatchlistProperties{
				Description:         to.StringPtr("<description>"),
				ContentType:         to.StringPtr("<content-type>"),
				DisplayName:         to.StringPtr("<display-name>"),
				ItemsSearchKey:      to.StringPtr("<items-search-key>"),
				NumberOfLinesToSkip: to.Int32Ptr(1),
				Provider:            to.StringPtr("<provider>"),
				RawContent:          to.StringPtr("<raw-content>"),
				Source:              armsecurityinsight.Source("Local file").ToPtr(),
			},
		},
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.WatchlistsClientCreateOrUpdateResult)
}

Output:

func (*WatchlistsClient) Delete added in v0.2.0 

func (client *WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientDeleteOptions) (WatchlistsClientDeleteResponse, error)

Delete - Delete a watchlist. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias options - WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/DeleteWatchlist.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewWatchlistsClient("<subscription-id>", cred, nil)
	_, err = client.Delete(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<watchlist-alias>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
}

Output:

func (*WatchlistsClient) Get added in v0.2.0 

func (client *WatchlistsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientGetOptions) (WatchlistsClientGetResponse, error)

Get - Gets a watchlist, without its watchlist items. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. watchlistAlias - Watchlist Alias options - WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlistByAlias.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewWatchlistsClient("<subscription-id>", cred, nil)
	res, err := client.Get(ctx,
		"<resource-group-name>",
		"<workspace-name>",
		"<watchlist-alias>",
		nil)
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("Response result: %#v\n", res.WatchlistsClientGetResult)
}

Output:

func (*WatchlistsClient) List added in v0.2.0 

func (client *WatchlistsClient) List(resourceGroupName string, workspaceName string, options *WatchlistsClientListOptions) *WatchlistsClientListPager

List - Gets all watchlists, without watchlist items. If the operation fails it returns an *azcore.ResponseError type. resourceGroupName - The name of the resource group. The name is case insensitive. workspaceName - The name of the workspace. options - WatchlistsClientListOptions contains the optional parameters for the WatchlistsClient.List method.

Example

x-ms-original-file: specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/examples/watchlists/GetWatchlists.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsight/armsecurityinsight"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	client := armsecurityinsight.NewWatchlistsClient("<subscription-id>", cred, nil)
	pager := client.List("<resource-group-name>",
		"<workspace-name>",
		nil)
	for {
		nextResult := pager.NextPage(ctx)
		if err := pager.Err(); err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		if !nextResult {
			break
		}
		for _, v := range pager.PageResponse().Value {
			log.Printf("Pager result: %#v\n", v)
		}
	}
}

Output:

type WatchlistsClientCreateOrUpdateOptions added in v0.2.0 

type WatchlistsClientCreateOrUpdateOptions struct {
}

WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate method.

type WatchlistsClientCreateOrUpdateResponse added in v0.2.0 

type WatchlistsClientCreateOrUpdateResponse struct {
	WatchlistsClientCreateOrUpdateResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

WatchlistsClientCreateOrUpdateResponse contains the response from method WatchlistsClient.CreateOrUpdate.

type WatchlistsClientCreateOrUpdateResult added in v0.2.0 

type WatchlistsClientCreateOrUpdateResult struct {
	Watchlist
}

WatchlistsClientCreateOrUpdateResult contains the result from method WatchlistsClient.CreateOrUpdate.

type WatchlistsClientDeleteOptions added in v0.2.0 

type WatchlistsClientDeleteOptions struct {
}

WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method.

type WatchlistsClientDeleteResponse added in v0.2.0 

type WatchlistsClientDeleteResponse struct {
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

WatchlistsClientDeleteResponse contains the response from method WatchlistsClient.Delete.

type WatchlistsClientGetOptions added in v0.2.0 

type WatchlistsClientGetOptions struct {
}

WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method.

type WatchlistsClientGetResponse added in v0.2.0 

type WatchlistsClientGetResponse struct {
	WatchlistsClientGetResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

WatchlistsClientGetResponse contains the response from method WatchlistsClient.Get.

type WatchlistsClientGetResult added in v0.2.0 

type WatchlistsClientGetResult struct {
	Watchlist
}

WatchlistsClientGetResult contains the result from method WatchlistsClient.Get.

type WatchlistsClientListOptions added in v0.2.0 

type WatchlistsClientListOptions struct {
}

WatchlistsClientListOptions contains the optional parameters for the WatchlistsClient.List method.

type WatchlistsClientListPager added in v0.2.0 

type WatchlistsClientListPager struct {
	// contains filtered or unexported fields
}

WatchlistsClientListPager provides operations for iterating over paged responses.

func (*WatchlistsClientListPager) Err added in v0.2.0 

func (p *WatchlistsClientListPager) Err() error

Err returns the last error encountered while paging.

func (*WatchlistsClientListPager) NextPage added in v0.2.0 

func (p *WatchlistsClientListPager) NextPage(ctx context.Context) bool

NextPage returns true if the pager advanced to the next page. Returns false if there are no more pages or an error occurred.

func (*WatchlistsClientListPager) PageResponse added in v0.2.0 

func (p *WatchlistsClientListPager) PageResponse() WatchlistsClientListResponse

PageResponse returns the current WatchlistsClientListResponse page.

type WatchlistsClientListResponse added in v0.2.0 

type WatchlistsClientListResponse struct {
	WatchlistsClientListResult
	// RawResponse contains the underlying HTTP response.
	RawResponse *http.Response
}

WatchlistsClientListResponse contains the response from method WatchlistsClient.List.

type WatchlistsClientListResult added in v0.2.0 

type WatchlistsClientListResult struct {
	WatchlistList
}

WatchlistsClientListResult contains the result from method WatchlistsClient.List.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.