armsecurityinsights

package module
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 24, 2023 License: MIT Imports: 15 Imported by: 73

README

Azure Security Insight Module for Go

PkgGoDev

The armsecurityinsights module provides operations for working with Azure Security Insight.

Source code

Getting started

Prerequisites

  • an Azure subscription
  • Go 1.18 or above (You could download and install the latest version of Go from here. It will replace the existing Go on your machine. If you want to install multiple Go versions on the same machine, you could refer this doc.)

Install the package

This project uses Go modules for versioning and dependency management.

Install the Azure Security Insight module:

go get github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights

Authorization

When creating a client, you will need to provide a credential for authenticating with Azure Security Insight. The azidentity module provides facilities for various ways of authenticating with Azure including client/secret, certificate, managed identity, and more.

cred, err := azidentity.NewDefaultAzureCredential(nil)

For more information on authentication, please see the documentation for azidentity at pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity.

Client Factory

Azure Security Insight module consists of one or more clients. We provide a client factory which could be used to create any client in this module.

clientFactory, err := armsecurityinsights.NewClientFactory(<subscription ID>, cred, nil)

You can use ClientOptions in package github.com/Azure/azure-sdk-for-go/sdk/azcore/arm to set endpoint to connect with public and sovereign clouds as well as Azure Stack. For more information, please see the documentation for azcore at pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azcore.

options := arm.ClientOptions {
    ClientOptions: azcore.ClientOptions {
        Cloud: cloud.AzureChina,
    },
}
clientFactory, err := armsecurityinsights.NewClientFactory(<subscription ID>, cred, &options)

Clients

A client groups a set of related APIs, providing access to its functionality. Create one or more clients to access the APIs you require using client factory.

client := clientFactory.NewEntityQueriesClient()

Fakes

The fake package contains types used for constructing in-memory fake servers used in unit tests. This allows writing tests to cover various success/error conditions without the need for connecting to a live service.

Please see https://github.com/Azure/azure-sdk-for-go/tree/main/sdk/samples/fakes for details and examples on how to use fakes.

Provide Feedback

If you encounter bugs or have suggestions, please open an issue and assign the Security Insight label.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AADDataConnector 

type AADDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind

	// Etag of the azure resource
	Etag *string

	// AAD (Azure Active Directory) data connector properties.
	Properties *AADDataConnectorProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

AADDataConnector - Represents AAD (Azure Active Directory) data connector.

func (*AADDataConnector) GetDataConnector 

func (a *AADDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AADDataConnector.

func (AADDataConnector) MarshalJSON 

func (a AADDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AADDataConnector.

func (*AADDataConnector) UnmarshalJSON 

func (a *AADDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AADDataConnector.

type AADDataConnectorProperties 

type AADDataConnectorProperties struct {
	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector

	// The tenant id to connect to, and get the data from.
	TenantID *string
}

AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties.

func (AADDataConnectorProperties) MarshalJSON added in v1.1.0 

func (a AADDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AADDataConnectorProperties.

func (*AADDataConnectorProperties) UnmarshalJSON added in v1.1.0 

func (a *AADDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AADDataConnectorProperties.

type AATPDataConnector 

type AATPDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind

	// Etag of the azure resource
	Etag *string

	// AATP (Azure Advanced Threat Protection) data connector properties.
	Properties *AATPDataConnectorProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

AATPDataConnector - Represents AATP (Azure Advanced Threat Protection) data connector.

func (*AATPDataConnector) GetDataConnector 

func (a *AATPDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AATPDataConnector.

func (AATPDataConnector) MarshalJSON 

func (a AATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AATPDataConnector.

func (*AATPDataConnector) UnmarshalJSON 

func (a *AATPDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AATPDataConnector.

type AATPDataConnectorProperties 

type AATPDataConnectorProperties struct {
	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector

	// The tenant id to connect to, and get the data from.
	TenantID *string
}

AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties.

func (AATPDataConnectorProperties) MarshalJSON added in v1.1.0 

func (a AATPDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AATPDataConnectorProperties.

func (*AATPDataConnectorProperties) UnmarshalJSON added in v1.1.0 

func (a *AATPDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AATPDataConnectorProperties.

type ASCDataConnector 

type ASCDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind

	// Etag of the azure resource
	Etag *string

	// ASC (Azure Security Center) data connector properties.
	Properties *ASCDataConnectorProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

ASCDataConnector - Represents ASC (Azure Security Center) data connector.

func (*ASCDataConnector) GetDataConnector 

func (a *ASCDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type ASCDataConnector.

func (ASCDataConnector) MarshalJSON 

func (a ASCDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ASCDataConnector.

func (*ASCDataConnector) UnmarshalJSON 

func (a *ASCDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ASCDataConnector.

type ASCDataConnectorProperties 

type ASCDataConnectorProperties struct {
	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector

	// The subscription id to connect to, and get the data from.
	SubscriptionID *string
}

ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties.

func (ASCDataConnectorProperties) MarshalJSON added in v1.1.0 

func (a ASCDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ASCDataConnectorProperties.

func (*ASCDataConnectorProperties) UnmarshalJSON added in v1.1.0 

func (a *ASCDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ASCDataConnectorProperties.

type AccountEntity 

type AccountEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// Account entity properties
	Properties *AccountEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

AccountEntity - Represents an account entity.

func (*AccountEntity) GetEntity 

func (a *AccountEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type AccountEntity.

func (AccountEntity) MarshalJSON 

func (a AccountEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AccountEntity.

func (*AccountEntity) UnmarshalJSON 

func (a *AccountEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AccountEntity.

type AccountEntityProperties 

type AccountEntityProperties struct {
	// READ-ONLY; The Azure Active Directory tenant id.
	AADTenantID *string

	// READ-ONLY; The Azure Active Directory user id.
	AADUserID *string

	// READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.
	AccountName *string

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The fully qualified domain DNS name.
	DNSDomain *string

	// READ-ONLY; The display name of the account.
	DisplayName *string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined)
	HostEntityID *string

	// READ-ONLY; Determines whether this is a domain account.
	IsDomainJoined *bool

	// READ-ONLY; The NetBIOS domain name as it appears in the alert format - domain\username. Examples: NT AUTHORITY.
	NtDomain *string

	// READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned
	// by active directory.
	ObjectGUID *string

	// READ-ONLY; The Azure Active Directory Passport User ID.
	Puid *string

	// READ-ONLY; The account security identifier, e.g. S-1-5-18.
	Sid *string

	// READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.
	UpnSuffix *string
}

AccountEntityProperties - Account entity property bag.

func (AccountEntityProperties) MarshalJSON 

func (a AccountEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AccountEntityProperties.

func (*AccountEntityProperties) UnmarshalJSON added in v1.1.0 

func (a *AccountEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AccountEntityProperties.

type ActionRequest 

type ActionRequest struct {
	// Etag of the azure resource
	Etag *string

	// Action properties for put request
	Properties *ActionRequestProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

ActionRequest - Action for alert rule.

func (ActionRequest) MarshalJSON added in v1.1.0 

func (a ActionRequest) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionRequest.

func (*ActionRequest) UnmarshalJSON added in v1.1.0 

func (a *ActionRequest) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActionRequest.

type ActionRequestProperties 

type ActionRequestProperties struct {
	// REQUIRED; Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string

	// REQUIRED; Logic App Callback URL for this specific workflow.
	TriggerURI *string
}

ActionRequestProperties - Action property bag.

func (ActionRequestProperties) MarshalJSON added in v1.1.0 

func (a ActionRequestProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionRequestProperties.

func (*ActionRequestProperties) UnmarshalJSON added in v1.1.0 

func (a *ActionRequestProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActionRequestProperties.

type ActionResponse 

type ActionResponse struct {
	// Etag of the action.
	Etag *string

	// Action properties for get request
	Properties *ActionResponseProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

ActionResponse - Action for alert rule.

func (ActionResponse) MarshalJSON added in v1.1.0 

func (a ActionResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionResponse.

func (*ActionResponse) UnmarshalJSON added in v1.1.0 

func (a *ActionResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActionResponse.

type ActionResponseProperties 

type ActionResponseProperties struct {
	// REQUIRED; Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string

	// The name of the logic app's workflow.
	WorkflowID *string
}

ActionResponseProperties - Action property bag.

func (ActionResponseProperties) MarshalJSON added in v1.1.0 

func (a ActionResponseProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionResponseProperties.

func (*ActionResponseProperties) UnmarshalJSON added in v1.1.0 

func (a *ActionResponseProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActionResponseProperties.

type ActionType 

type ActionType string

ActionType - The type of the automation rule action 

const (
	// ActionTypeModifyProperties - Modify an object's properties
	ActionTypeModifyProperties ActionType = "ModifyProperties"
	// ActionTypeRunPlaybook - Run a playbook on an object
	ActionTypeRunPlaybook ActionType = "RunPlaybook"
)

func PossibleActionTypeValues 

func PossibleActionTypeValues() []ActionType

PossibleActionTypeValues returns the possible values for the ActionType const type.

type ActionsClient 

type ActionsClient struct {
	// contains filtered or unexported fields
}

ActionsClient contains the methods for the Actions group. Don't use this type directly, use NewActionsClient() instead.

func NewActionsClient 

func NewActionsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ActionsClient, error)

NewActionsClient creates a new instance of ActionsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ActionsClient) CreateOrUpdate 

func (client *ActionsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest, options *ActionsClientCreateOrUpdateOptions) (ActionsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the action of alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • actionID - Action ID
  • action - The action
  • options - ActionsClientCreateOrUpdateOptions contains the optional parameters for the ActionsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/actions/CreateActionOfAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewActionsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "912bec42-cb66-4c03-ac63-1761b6898c3e", armsecurityinsights.ActionRequest{
		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		Properties: &armsecurityinsights.ActionRequestProperties{
			LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"),
			TriggerURI:         to.Ptr("https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ActionResponse = armsecurityinsights.ActionResponse{
	// 	Name: to.Ptr("912bec42-cb66-4c03-ac63-1761b6898c3e"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/alertRules/actions"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 	Properties: &armsecurityinsights.ActionResponseProperties{
	// 		LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"),
	// 		WorkflowID: to.Ptr("cd3765391efd48549fd7681ded1d48d7"),
	// 	},
	// }
}

Output:

func (*ActionsClient) Delete 

func (client *ActionsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, options *ActionsClientDeleteOptions) (ActionsClientDeleteResponse, error)

Delete - Delete the action of alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • actionID - Action ID
  • options - ActionsClientDeleteOptions contains the optional parameters for the ActionsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/actions/DeleteActionOfAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewActionsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "912bec42-cb66-4c03-ac63-1761b6898c3e", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*ActionsClient) Get 

func (client *ActionsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, options *ActionsClientGetOptions) (ActionsClientGetResponse, error)

Get - Gets the action of alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • actionID - Action ID
  • options - ActionsClientGetOptions contains the optional parameters for the ActionsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/actions/GetActionOfAlertRuleById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewActionsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "912bec42-cb66-4c03-ac63-1761b6898c3e", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ActionResponse = armsecurityinsights.ActionResponse{
	// 	Name: to.Ptr("912bec42-cb66-4c03-ac63-1761b6898c3e"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/alertRules/actions"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 	Properties: &armsecurityinsights.ActionResponseProperties{
	// 		LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"),
	// 		WorkflowID: to.Ptr("cd3765391efd48549fd7681ded1d48d7"),
	// 	},
	// }
}

Output:

func (*ActionsClient) NewListByAlertRulePager added in v0.3.0 

func (client *ActionsClient) NewListByAlertRulePager(resourceGroupName string, workspaceName string, ruleID string, options *ActionsClientListByAlertRuleOptions) *runtime.Pager[ActionsClientListByAlertRuleResponse]

NewListByAlertRulePager - Gets all actions of alert rule.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • options - ActionsClientListByAlertRuleOptions contains the optional parameters for the ActionsClient.NewListByAlertRulePager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/actions/GetAllActionsByAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewActionsClient().NewListByAlertRulePager("myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.ActionsList = armsecurityinsights.ActionsList{
		// 	Value: []*armsecurityinsights.ActionResponse{
		// 		{
		// 			Name: to.Ptr("912bec42-cb66-4c03-ac63-1761b6898c3e"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/alertRules/actions"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Properties: &armsecurityinsights.ActionResponseProperties{
		// 				LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"),
		// 				WorkflowID: to.Ptr("cd3765391efd48549fd7681ded1d48d7"),
		// 			},
		// 	}},
		// }
	}
}

Output:

type ActionsClientCreateOrUpdateOptions 

type ActionsClientCreateOrUpdateOptions struct {
}

ActionsClientCreateOrUpdateOptions contains the optional parameters for the ActionsClient.CreateOrUpdate method.

type ActionsClientCreateOrUpdateResponse 

type ActionsClientCreateOrUpdateResponse struct {
	// Action for alert rule.
	ActionResponse
}

ActionsClientCreateOrUpdateResponse contains the response from method ActionsClient.CreateOrUpdate.

type ActionsClientDeleteOptions 

type ActionsClientDeleteOptions struct {
}

ActionsClientDeleteOptions contains the optional parameters for the ActionsClient.Delete method.

type ActionsClientDeleteResponse 

type ActionsClientDeleteResponse struct {
}

ActionsClientDeleteResponse contains the response from method ActionsClient.Delete.

type ActionsClientGetOptions 

type ActionsClientGetOptions struct {
}

ActionsClientGetOptions contains the optional parameters for the ActionsClient.Get method.

type ActionsClientGetResponse 

type ActionsClientGetResponse struct {
	// Action for alert rule.
	ActionResponse
}

ActionsClientGetResponse contains the response from method ActionsClient.Get.

type ActionsClientListByAlertRuleOptions 

type ActionsClientListByAlertRuleOptions struct {
}

ActionsClientListByAlertRuleOptions contains the optional parameters for the ActionsClient.NewListByAlertRulePager method.

type ActionsClientListByAlertRuleResponse 

type ActionsClientListByAlertRuleResponse struct {
	// List all the actions.
	ActionsList
}

ActionsClientListByAlertRuleResponse contains the response from method ActionsClient.NewListByAlertRulePager.

type ActionsList 

type ActionsList struct {
	// REQUIRED; Array of actions.
	Value []*ActionResponse

	// READ-ONLY; URL to fetch the next set of actions.
	NextLink *string
}

ActionsList - List all the actions.

func (ActionsList) MarshalJSON 

func (a ActionsList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionsList.

func (*ActionsList) UnmarshalJSON added in v1.1.0 

func (a *ActionsList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActionsList.

type AlertDetail 

type AlertDetail string

AlertDetail - Alert detail 

const (
	// AlertDetailDisplayName - Alert display name
	AlertDetailDisplayName AlertDetail = "DisplayName"
	// AlertDetailSeverity - Alert severity
	AlertDetailSeverity AlertDetail = "Severity"
)

func PossibleAlertDetailValues 

func PossibleAlertDetailValues() []AlertDetail

PossibleAlertDetailValues returns the possible values for the AlertDetail const type.

type AlertDetailsOverride 

type AlertDetailsOverride struct {
	// the format containing columns name(s) to override the alert description
	AlertDescriptionFormat *string

	// the format containing columns name(s) to override the alert name
	AlertDisplayNameFormat *string

	// the column name to take the alert severity from
	AlertSeverityColumnName *string

	// the column name to take the alert tactics from
	AlertTacticsColumnName *string
}

AlertDetailsOverride - Settings for how to dynamically override alert static details

func (AlertDetailsOverride) MarshalJSON added in v1.1.0 

func (a AlertDetailsOverride) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertDetailsOverride.

func (*AlertDetailsOverride) UnmarshalJSON added in v1.1.0 

func (a *AlertDetailsOverride) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertDetailsOverride.

type AlertRule 

type AlertRule struct {
	// REQUIRED; The alert rule kind
	Kind *AlertRuleKind

	// Etag of the azure resource
	Etag *string

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

AlertRule - Alert rule.

func (*AlertRule) GetAlertRule 

func (a *AlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type AlertRule.

func (AlertRule) MarshalJSON added in v1.1.0 

func (a AlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRule.

func (*AlertRule) UnmarshalJSON added in v1.1.0 

func (a *AlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRule.

type AlertRuleClassification 

type AlertRuleClassification interface {
	// GetAlertRule returns the AlertRule content of the underlying type.
	GetAlertRule() *AlertRule
}

AlertRuleClassification provides polymorphic access to related types. Call the interface's GetAlertRule() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AlertRule, *FusionAlertRule, *MicrosoftSecurityIncidentCreationAlertRule, *ScheduledAlertRule

type AlertRuleKind 

type AlertRuleKind string

AlertRuleKind - The kind of the alert rule 

const (
	AlertRuleKindFusion                            AlertRuleKind = "Fusion"
	AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation"
	AlertRuleKindScheduled                         AlertRuleKind = "Scheduled"
)

func PossibleAlertRuleKindValues 

func PossibleAlertRuleKindValues() []AlertRuleKind

PossibleAlertRuleKindValues returns the possible values for the AlertRuleKind const type.

type AlertRuleTemplate 

type AlertRuleTemplate struct {
	// REQUIRED; The alert rule kind
	Kind *AlertRuleKind

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

AlertRuleTemplate - Alert rule template.

func (*AlertRuleTemplate) GetAlertRuleTemplate 

func (a *AlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type AlertRuleTemplate.

func (AlertRuleTemplate) MarshalJSON added in v1.1.0 

func (a AlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplate.

func (*AlertRuleTemplate) UnmarshalJSON added in v1.1.0 

func (a *AlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplate.

type AlertRuleTemplateClassification 

type AlertRuleTemplateClassification interface {
	// GetAlertRuleTemplate returns the AlertRuleTemplate content of the underlying type.
	GetAlertRuleTemplate() *AlertRuleTemplate
}

AlertRuleTemplateClassification provides polymorphic access to related types. Call the interface's GetAlertRuleTemplate() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AlertRuleTemplate, *FusionAlertRuleTemplate, *MicrosoftSecurityIncidentCreationAlertRuleTemplate, *ScheduledAlertRuleTemplate

type AlertRuleTemplateDataSource 

type AlertRuleTemplateDataSource struct {
	// The connector id that provides the following data types
	ConnectorID *string

	// The data types used by the alert rule template
	DataTypes []*string
}

AlertRuleTemplateDataSource - alert rule template data sources

func (AlertRuleTemplateDataSource) MarshalJSON 

func (a AlertRuleTemplateDataSource) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplateDataSource.

func (*AlertRuleTemplateDataSource) UnmarshalJSON added in v1.1.0 

func (a *AlertRuleTemplateDataSource) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplateDataSource.

type AlertRuleTemplatesClient 

type AlertRuleTemplatesClient struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesClient contains the methods for the AlertRuleTemplates group. Don't use this type directly, use NewAlertRuleTemplatesClient() instead.

func NewAlertRuleTemplatesClient 

func NewAlertRuleTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*AlertRuleTemplatesClient, error)

NewAlertRuleTemplatesClient creates a new instance of AlertRuleTemplatesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*AlertRuleTemplatesClient) Get 

func (client *AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string, options *AlertRuleTemplatesClientGetOptions) (AlertRuleTemplatesClientGetResponse, error)

Get - Gets the alert rule template. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • alertRuleTemplateID - Alert rule template ID
  • options - AlertRuleTemplatesClientGetOptions contains the optional parameters for the AlertRuleTemplatesClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAlertRuleTemplatesClient().Get(ctx, "myRg", "myWorkspace", "65360bb0-8986-4ade-a89d-af3cf44d28aa", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.AlertRuleTemplatesClientGetResponse{
	// 	                            AlertRuleTemplateClassification: &armsecurityinsights.ScheduledAlertRuleTemplate{
	// 		Name: to.Ptr("65360bb0-8986-4ade-a89d-af3cf44d28aa"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa"),
	// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
	// 		Properties: &armsecurityinsights.ScheduledAlertRuleTemplateProperties{
	// 			Description: to.Ptr("This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/"),
	// 			AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{
	// 				AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{AccountCustomEntity}}"),
	// 				AlertDisplayNameFormat: to.Ptr("Alert on event {{EventName}}"),
	// 			},
	// 			AlertRulesCreatedByTemplateCount: to.Ptr[int32](0),
	// 			CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-27T00:00:00.000Z"); return t}()),
	// 			CustomDetails: map[string]*string{
	// 				"EventNames": to.Ptr("EventName"),
	// 				"EventTypes": to.Ptr("EventTypeName"),
	// 			},
	// 			DisplayName: to.Ptr("Changes to Amazon VPC settings"),
	// 			EntityMappings: []*armsecurityinsights.EntityMapping{
	// 				{
	// 					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeAccount),
	// 					FieldMappings: []*armsecurityinsights.FieldMapping{
	// 						{
	// 							ColumnName: to.Ptr("AccountCustomEntity"),
	// 							Identifier: to.Ptr("FullName"),
	// 					}},
	// 				},
	// 				{
	// 					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP),
	// 					FieldMappings: []*armsecurityinsights.FieldMapping{
	// 						{
	// 							ColumnName: to.Ptr("IPCustomEntity"),
	// 							Identifier: to.Ptr("Address"),
	// 					}},
	// 			}},
	// 			EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
	// 				AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
	// 			},
	// 			LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-27T10:00:00.000Z"); return t}()),
	// 			Query: to.Ptr("let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n    or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress"),
	// 			QueryFrequency: to.Ptr("P1D"),
	// 			QueryPeriod: to.Ptr("P1D"),
	// 			RequiredDataConnectors: []*armsecurityinsights.AlertRuleTemplateDataSource{
	// 				{
	// 					ConnectorID: to.Ptr("AWS"),
	// 					DataTypes: []*string{
	// 						to.Ptr("AWSCloudTrail")},
	// 				}},
	// 				Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 				Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable),
	// 				Tactics: []*armsecurityinsights.AttackTactic{
	// 					to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation),
	// 					to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
	// 					TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
	// 					TriggerThreshold: to.Ptr[int32](0),
	// 					Version: to.Ptr("1.0.2"),
	// 				},
	// 			},
	// 			                        }
}

Output:

func (*AlertRuleTemplatesClient) NewListPager added in v0.3.0 

func (client *AlertRuleTemplatesClient) NewListPager(resourceGroupName string, workspaceName string, options *AlertRuleTemplatesClientListOptions) *runtime.Pager[AlertRuleTemplatesClientListResponse]

NewListPager - Gets all alert rule templates.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - AlertRuleTemplatesClientListOptions contains the optional parameters for the AlertRuleTemplatesClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRuleTemplates/GetAlertRuleTemplates.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAlertRuleTemplatesClient().NewListPager("myRg", "myWorkspace", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AlertRuleTemplatesList = armsecurityinsights.AlertRuleTemplatesList{
		// 	Value: []armsecurityinsights.AlertRuleTemplateClassification{
		// 		&armsecurityinsights.ScheduledAlertRuleTemplate{
		// 			Name: to.Ptr("65360bb0-8986-4ade-a89d-af3cf44d28aa"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa"),
		// 			Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
		// 			Properties: &armsecurityinsights.ScheduledAlertRuleTemplateProperties{
		// 				Description: to.Ptr("This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/"),
		// 				AlertRulesCreatedByTemplateCount: to.Ptr[int32](0),
		// 				CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-27T00:00:00.000Z"); return t}()),
		// 				DisplayName: to.Ptr("Changes to Amazon VPC settings"),
		// 				LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-27T10:00:00.000Z"); return t}()),
		// 				Query: to.Ptr("let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n    or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress"),
		// 				QueryFrequency: to.Ptr("P1D"),
		// 				QueryPeriod: to.Ptr("P1D"),
		// 				RequiredDataConnectors: []*armsecurityinsights.AlertRuleTemplateDataSource{
		// 					{
		// 						ConnectorID: to.Ptr("AWS"),
		// 						DataTypes: []*string{
		// 							to.Ptr("AWSCloudTrail")},
		// 					}},
		// 					Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
		// 					Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable),
		// 					Tactics: []*armsecurityinsights.AttackTactic{
		// 						to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation),
		// 						to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
		// 						TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
		// 						TriggerThreshold: to.Ptr[int32](0),
		// 						Version: to.Ptr("1.0.1"),
		// 					},
		// 				},
		// 				&armsecurityinsights.FusionAlertRuleTemplate{
		// 					Name: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
		// 					Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"),
		// 					ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8"),
		// 					Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
		// 					Properties: &armsecurityinsights.FusionAlertRuleTemplateProperties{
		// 						Description: to.Ptr("Place holder: Fusion uses graph powered machine learning algorithms to correlate between millions of lower fidelity anomalous activities from different products such as Azure AD Identity Protection, and Microsoft Cloud App Security, to combine them into a manageable number of interesting security cases.\n"),
		// 						AlertRulesCreatedByTemplateCount: to.Ptr[int32](0),
		// 						CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-25T00:00:00.000Z"); return t}()),
		// 						DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"),
		// 						LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-27T10:00:00.000Z"); return t}()),
		// 						Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
		// 						Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable),
		// 						Tactics: []*armsecurityinsights.AttackTactic{
		// 							to.Ptr(armsecurityinsights.AttackTacticPersistence),
		// 							to.Ptr(armsecurityinsights.AttackTacticLateralMovement),
		// 							to.Ptr(armsecurityinsights.AttackTacticExfiltration),
		// 							to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)},
		// 						},
		// 					},
		// 					&armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleTemplate{
		// 						Name: to.Ptr("b3cfc7c0-092c-481c-a55b-34a3979758cb"),
		// 						Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"),
		// 						ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb"),
		// 						Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation),
		// 						Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties{
		// 							Description: to.Ptr("Create incidents based on all alerts generated in Microsoft Cloud App Security"),
		// 							AlertRulesCreatedByTemplateCount: to.Ptr[int32](0),
		// 							CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-16T00:00:00.000Z"); return t}()),
		// 							DisplayName: to.Ptr("Create incidents based on Microsoft Cloud App Security alerts"),
		// 							LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-05-27T10:00:00.000Z"); return t}()),
		// 							ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity),
		// 							Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable),
		// 						},
		// 				}},
		// 			}
	}
}

Output:

type AlertRuleTemplatesClientGetOptions 

type AlertRuleTemplatesClientGetOptions struct {
}

AlertRuleTemplatesClientGetOptions contains the optional parameters for the AlertRuleTemplatesClient.Get method.

type AlertRuleTemplatesClientGetResponse 

type AlertRuleTemplatesClientGetResponse struct {
	// Alert rule template.
	AlertRuleTemplateClassification
}

AlertRuleTemplatesClientGetResponse contains the response from method AlertRuleTemplatesClient.Get.

func (*AlertRuleTemplatesClientGetResponse) UnmarshalJSON added in v0.2.0 

func (a *AlertRuleTemplatesClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesClientGetResponse.

type AlertRuleTemplatesClientListOptions 

type AlertRuleTemplatesClientListOptions struct {
}

AlertRuleTemplatesClientListOptions contains the optional parameters for the AlertRuleTemplatesClient.NewListPager method.

type AlertRuleTemplatesClientListResponse 

type AlertRuleTemplatesClientListResponse struct {
	// List all the alert rule templates.
	AlertRuleTemplatesList
}

AlertRuleTemplatesClientListResponse contains the response from method AlertRuleTemplatesClient.NewListPager.

type AlertRuleTemplatesList 

type AlertRuleTemplatesList struct {
	// REQUIRED; Array of alert rule templates.
	Value []AlertRuleTemplateClassification

	// READ-ONLY; URL to fetch the next set of alert rule templates.
	NextLink *string
}

AlertRuleTemplatesList - List all the alert rule templates.

func (AlertRuleTemplatesList) MarshalJSON 

func (a AlertRuleTemplatesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplatesList.

func (*AlertRuleTemplatesList) UnmarshalJSON 

func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesList.

type AlertRulesClient 

type AlertRulesClient struct {
	// contains filtered or unexported fields
}

AlertRulesClient contains the methods for the AlertRules group. Don't use this type directly, use NewAlertRulesClient() instead.

func NewAlertRulesClient 

func NewAlertRulesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*AlertRulesClient, error)

NewAlertRulesClient creates a new instance of AlertRulesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*AlertRulesClient) CreateOrUpdate 

func (client *AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule AlertRuleClassification, options *AlertRulesClientCreateOrUpdateOptions) (AlertRulesClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • alertRule - The alert rule
  • options - AlertRulesClientCreateOrUpdateOptions contains the optional parameters for the AlertRulesClient.CreateOrUpdate method.
Example (CreatesOrUpdatesAFusionAlertRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/CreateFusionAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "myFirstFusionRule", &armsecurityinsights.FusionAlertRule{
		Etag: to.Ptr("3d00c3ca-0000-0100-0000-5d42d5010000"),
		Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
		Properties: &armsecurityinsights.FusionAlertRuleProperties{
			AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
			Enabled:               to.Ptr(true),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{
	// 	                            AlertRuleClassification: &armsecurityinsights.FusionAlertRule{
	// 		Name: to.Ptr("myFirstFusionRule"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"),
	// 		Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""),
	// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
	// 		Properties: &armsecurityinsights.FusionAlertRuleProperties{
	// 			Description: to.Ptr("In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion"),
	// 			AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
	// 			DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"),
	// 			Enabled: to.Ptr(true),
	// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T13:13:11.534Z"); return t}()),
	// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 			Tactics: []*armsecurityinsights.AttackTactic{
	// 				to.Ptr(armsecurityinsights.AttackTacticPersistence),
	// 				to.Ptr(armsecurityinsights.AttackTacticLateralMovement),
	// 				to.Ptr(armsecurityinsights.AttackTacticExfiltration),
	// 				to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)},
	// 			},
	// 		},
	// 		                        }
}

Output:
Example (CreatesOrUpdatesAMicrosoftSecurityIncidentCreationRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "microsoftSecurityIncidentCreationRuleExample", &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{
		Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""),
		Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation),
		Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{
			ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity),
			DisplayName:   to.Ptr("testing displayname"),
			Enabled:       to.Ptr(true),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{
	// 	                            AlertRuleClassification: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{
	// 		Name: to.Ptr("microsoftSecurityIncidentCreationRuleExample"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample"),
	// 		Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation),
	// 		Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{
	// 			ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity),
	// 			DisplayName: to.Ptr("testing displayname"),
	// 			Enabled: to.Ptr(true),
	// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T12:05:35.729Z"); return t}()),
	// 		},
	// 	},
	// 	                        }
}

Output:
Example (CreatesOrUpdatesAScheduledAlertRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/CreateScheduledAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.ScheduledAlertRule{
		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
		Properties: &armsecurityinsights.ScheduledAlertRuleProperties{
			AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{
				AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"),
				AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"),
			},
			CustomDetails: map[string]*string{
				"OperatingSystemName": to.Ptr("OSName"),
				"OperatingSystemType": to.Ptr("OSType"),
			},
			EntityMappings: []*armsecurityinsights.EntityMapping{
				{
					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost),
					FieldMappings: []*armsecurityinsights.FieldMapping{
						{
							ColumnName: to.Ptr("Computer"),
							Identifier: to.Ptr("FullName"),
						}},
				},
				{
					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP),
					FieldMappings: []*armsecurityinsights.FieldMapping{
						{
							ColumnName: to.Ptr("ComputerIP"),
							Identifier: to.Ptr("Address"),
						}},
				}},
			EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
				AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
			},
			Query:            to.Ptr("Heartbeat"),
			QueryFrequency:   to.Ptr("PT1H"),
			QueryPeriod:      to.Ptr("P2DT1H30M"),
			Severity:         to.Ptr(armsecurityinsights.AlertSeverityHigh),
			TriggerOperator:  to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
			TriggerThreshold: to.Ptr[int32](0),
			Description:      to.Ptr("An example for a scheduled rule"),
			DisplayName:      to.Ptr("My scheduled rule"),
			Enabled:          to.Ptr(true),
			IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
				CreateIncident: to.Ptr(true),
				GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
					Enabled: to.Ptr(true),
					GroupByAlertDetails: []*armsecurityinsights.AlertDetail{
						to.Ptr(armsecurityinsights.AlertDetailDisplayName)},
					GroupByCustomDetails: []*string{
						to.Ptr("OperatingSystemType"),
						to.Ptr("OperatingSystemName")},
					GroupByEntities: []*armsecurityinsights.EntityMappingType{
						to.Ptr(armsecurityinsights.EntityMappingTypeHost)},
					LookbackDuration:     to.Ptr("PT5H"),
					MatchingMethod:       to.Ptr(armsecurityinsights.MatchingMethodSelected),
					ReopenClosedIncident: to.Ptr(false),
				},
			},
			SuppressionDuration: to.Ptr("PT1H"),
			SuppressionEnabled:  to.Ptr(false),
			Tactics: []*armsecurityinsights.AttackTactic{
				to.Ptr(armsecurityinsights.AttackTacticPersistence),
				to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{
	// 	                            AlertRuleClassification: &armsecurityinsights.ScheduledAlertRule{
	// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
	// 		Properties: &armsecurityinsights.ScheduledAlertRuleProperties{
	// 			AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{
	// 				AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"),
	// 				AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"),
	// 			},
	// 			CustomDetails: map[string]*string{
	// 				"OperatingSystemName": to.Ptr("OSName"),
	// 				"OperatingSystemType": to.Ptr("OSType"),
	// 			},
	// 			EntityMappings: []*armsecurityinsights.EntityMapping{
	// 				{
	// 					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost),
	// 					FieldMappings: []*armsecurityinsights.FieldMapping{
	// 						{
	// 							ColumnName: to.Ptr("Computer"),
	// 							Identifier: to.Ptr("FullName"),
	// 					}},
	// 				},
	// 				{
	// 					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP),
	// 					FieldMappings: []*armsecurityinsights.FieldMapping{
	// 						{
	// 							ColumnName: to.Ptr("ComputerIP"),
	// 							Identifier: to.Ptr("Address"),
	// 					}},
	// 			}},
	// 			EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
	// 				AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
	// 			},
	// 			Query: to.Ptr("Heartbeat"),
	// 			QueryFrequency: to.Ptr("PT1H"),
	// 			QueryPeriod: to.Ptr("P2DT1H30M"),
	// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 			TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
	// 			TriggerThreshold: to.Ptr[int32](0),
	// 			Description: to.Ptr("An example for a scheduled rule"),
	// 			DisplayName: to.Ptr("My scheduled rule"),
	// 			Enabled: to.Ptr(true),
	// 			IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
	// 				CreateIncident: to.Ptr(true),
	// 				GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
	// 					Enabled: to.Ptr(true),
	// 					GroupByAlertDetails: []*armsecurityinsights.AlertDetail{
	// 						to.Ptr(armsecurityinsights.AlertDetailDisplayName)},
	// 						GroupByCustomDetails: []*string{
	// 							to.Ptr("OperatingSystemType"),
	// 							to.Ptr("OperatingSystemName")},
	// 							GroupByEntities: []*armsecurityinsights.EntityMappingType{
	// 								to.Ptr(armsecurityinsights.EntityMappingTypeHost)},
	// 								LookbackDuration: to.Ptr("PT5H"),
	// 								MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected),
	// 								ReopenClosedIncident: to.Ptr(false),
	// 							},
	// 						},
	// 						LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-01T13:17:30.000Z"); return t}()),
	// 						SuppressionDuration: to.Ptr("PT1H"),
	// 						SuppressionEnabled: to.Ptr(false),
	// 						Tactics: []*armsecurityinsights.AttackTactic{
	// 							to.Ptr(armsecurityinsights.AttackTacticPersistence),
	// 							to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
	// 						},
	// 					},
	// 					                        }
}

Output:

func (*AlertRulesClient) Delete 

func (client *AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, options *AlertRulesClientDeleteOptions) (AlertRulesClientDeleteResponse, error)

Delete - Delete the alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • options - AlertRulesClientDeleteOptions contains the optional parameters for the AlertRulesClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/DeleteAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewAlertRulesClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*AlertRulesClient) Get 

func (client *AlertRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, options *AlertRulesClientGetOptions) (AlertRulesClientGetResponse, error)

Get - Gets the alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • options - AlertRulesClientGetOptions contains the optional parameters for the AlertRulesClient.Get method.
Example (GetAFusionAlertRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/GetFusionAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "myFirstFusionRule", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.AlertRulesClientGetResponse{
	// 	                            AlertRuleClassification: &armsecurityinsights.FusionAlertRule{
	// 		Name: to.Ptr("myFirstFusionRule"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"),
	// 		Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""),
	// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
	// 		Properties: &armsecurityinsights.FusionAlertRuleProperties{
	// 			Description: to.Ptr("In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion"),
	// 			AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
	// 			DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"),
	// 			Enabled: to.Ptr(true),
	// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T13:13:11.534Z"); return t}()),
	// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 			Tactics: []*armsecurityinsights.AttackTactic{
	// 				to.Ptr(armsecurityinsights.AttackTacticPersistence),
	// 				to.Ptr(armsecurityinsights.AttackTacticLateralMovement),
	// 				to.Ptr(armsecurityinsights.AttackTacticExfiltration),
	// 				to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)},
	// 			},
	// 		},
	// 		                        }
}

Output:
Example (GetAMicrosoftSecurityIncidentCreationRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "microsoftSecurityIncidentCreationRuleExample", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.AlertRulesClientGetResponse{
	// 	                            AlertRuleClassification: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{
	// 		Name: to.Ptr("microsoftSecurityIncidentCreationRuleExample"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample"),
	// 		Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation),
	// 		Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{
	// 			ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity),
	// 			DisplayName: to.Ptr("testing displayname"),
	// 			Enabled: to.Ptr(true),
	// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T12:05:35.729Z"); return t}()),
	// 		},
	// 	},
	// 	                        }
}

Output:
Example (GetAScheduledAlertRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/GetScheduledAlertRule.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.AlertRulesClientGetResponse{
	// 	                            AlertRuleClassification: &armsecurityinsights.ScheduledAlertRule{
	// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
	// 		Properties: &armsecurityinsights.ScheduledAlertRuleProperties{
	// 			AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{
	// 				AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"),
	// 				AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"),
	// 			},
	// 			CustomDetails: map[string]*string{
	// 				"OperatingSystemName": to.Ptr("OSName"),
	// 				"OperatingSystemType": to.Ptr("OSType"),
	// 			},
	// 			EntityMappings: []*armsecurityinsights.EntityMapping{
	// 				{
	// 					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost),
	// 					FieldMappings: []*armsecurityinsights.FieldMapping{
	// 						{
	// 							ColumnName: to.Ptr("Computer"),
	// 							Identifier: to.Ptr("FullName"),
	// 					}},
	// 				},
	// 				{
	// 					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP),
	// 					FieldMappings: []*armsecurityinsights.FieldMapping{
	// 						{
	// 							ColumnName: to.Ptr("ComputerIP"),
	// 							Identifier: to.Ptr("Address"),
	// 					}},
	// 			}},
	// 			EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
	// 				AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
	// 			},
	// 			Query: to.Ptr("Heartbeat"),
	// 			QueryFrequency: to.Ptr("PT1H"),
	// 			QueryPeriod: to.Ptr("P2DT1H30M"),
	// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 			TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
	// 			TriggerThreshold: to.Ptr[int32](0),
	// 			Description: to.Ptr("An example for a scheduled rule"),
	// 			DisplayName: to.Ptr("My scheduled rule"),
	// 			Enabled: to.Ptr(true),
	// 			IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
	// 				CreateIncident: to.Ptr(true),
	// 				GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
	// 					Enabled: to.Ptr(true),
	// 					GroupByAlertDetails: []*armsecurityinsights.AlertDetail{
	// 						to.Ptr(armsecurityinsights.AlertDetailDisplayName)},
	// 						GroupByCustomDetails: []*string{
	// 							to.Ptr("OperatingSystemType"),
	// 							to.Ptr("OperatingSystemName")},
	// 							GroupByEntities: []*armsecurityinsights.EntityMappingType{
	// 								to.Ptr(armsecurityinsights.EntityMappingTypeHost)},
	// 								LookbackDuration: to.Ptr("PT5H"),
	// 								MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected),
	// 								ReopenClosedIncident: to.Ptr(false),
	// 							},
	// 						},
	// 						LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 						SuppressionDuration: to.Ptr("PT1H"),
	// 						SuppressionEnabled: to.Ptr(false),
	// 						Tactics: []*armsecurityinsights.AttackTactic{
	// 							to.Ptr(armsecurityinsights.AttackTacticPersistence),
	// 							to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
	// 						},
	// 					},
	// 					                        }
}

Output:

func (*AlertRulesClient) NewListPager added in v0.3.0 

func (client *AlertRulesClient) NewListPager(resourceGroupName string, workspaceName string, options *AlertRulesClientListOptions) *runtime.Pager[AlertRulesClientListResponse]

NewListPager - Gets all alert rules.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - AlertRulesClientListOptions contains the optional parameters for the AlertRulesClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRules/GetAllAlertRules.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAlertRulesClient().NewListPager("myRg", "myWorkspace", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AlertRulesList = armsecurityinsights.AlertRulesList{
		// 	Value: []armsecurityinsights.AlertRuleClassification{
		// 		&armsecurityinsights.ScheduledAlertRule{
		// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
		// 			Properties: &armsecurityinsights.ScheduledAlertRuleProperties{
		// 				AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{
		// 					AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"),
		// 					AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"),
		// 				},
		// 				CustomDetails: map[string]*string{
		// 					"OperatingSystemName": to.Ptr("OSName"),
		// 					"OperatingSystemType": to.Ptr("OSType"),
		// 				},
		// 				EntityMappings: []*armsecurityinsights.EntityMapping{
		// 					{
		// 						EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost),
		// 						FieldMappings: []*armsecurityinsights.FieldMapping{
		// 							{
		// 								ColumnName: to.Ptr("Computer"),
		// 								Identifier: to.Ptr("FullName"),
		// 						}},
		// 					},
		// 					{
		// 						EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP),
		// 						FieldMappings: []*armsecurityinsights.FieldMapping{
		// 							{
		// 								ColumnName: to.Ptr("ComputerIP"),
		// 								Identifier: to.Ptr("Address"),
		// 						}},
		// 				}},
		// 				EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
		// 					AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
		// 				},
		// 				Query: to.Ptr("Heartbeat"),
		// 				QueryFrequency: to.Ptr("PT1H"),
		// 				QueryPeriod: to.Ptr("P2DT1H30M"),
		// 				Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
		// 				TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
		// 				TriggerThreshold: to.Ptr[int32](0),
		// 				Description: to.Ptr("An example for a scheduled rule"),
		// 				DisplayName: to.Ptr("My scheduled rule"),
		// 				Enabled: to.Ptr(true),
		// 				IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
		// 					CreateIncident: to.Ptr(true),
		// 					GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
		// 						Enabled: to.Ptr(true),
		// 						GroupByAlertDetails: []*armsecurityinsights.AlertDetail{
		// 							to.Ptr(armsecurityinsights.AlertDetailDisplayName)},
		// 							GroupByCustomDetails: []*string{
		// 								to.Ptr("OperatingSystemType"),
		// 								to.Ptr("OperatingSystemName")},
		// 								GroupByEntities: []*armsecurityinsights.EntityMappingType{
		// 									to.Ptr(armsecurityinsights.EntityMappingTypeHost)},
		// 									LookbackDuration: to.Ptr("PT5H"),
		// 									MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected),
		// 									ReopenClosedIncident: to.Ptr(false),
		// 								},
		// 							},
		// 							LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-01T13:17:30.000Z"); return t}()),
		// 							SuppressionDuration: to.Ptr("PT1H"),
		// 							SuppressionEnabled: to.Ptr(false),
		// 							Tactics: []*armsecurityinsights.AttackTactic{
		// 								to.Ptr(armsecurityinsights.AttackTacticPersistence),
		// 								to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
		// 							},
		// 						},
		// 						&armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{
		// 							Name: to.Ptr("microsoftSecurityIncidentCreationRuleExample"),
		// 							Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
		// 							ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample"),
		// 							Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""),
		// 							Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation),
		// 							Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{
		// 								ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity),
		// 								DisplayName: to.Ptr("testing displayname"),
		// 								Enabled: to.Ptr(true),
		// 								LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T12:05:35.729Z"); return t}()),
		// 							},
		// 						},
		// 						&armsecurityinsights.FusionAlertRule{
		// 							Name: to.Ptr("myFirstFusionRule"),
		// 							Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
		// 							ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"),
		// 							Etag: to.Ptr("\"25005c11-0000-0d00-0000-5d6cc0e20000\""),
		// 							Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
		// 							Properties: &armsecurityinsights.FusionAlertRuleProperties{
		// 								Description: to.Ptr("In this mode, Sentinel combines low fidelity alerts, which themselves may not be actionable, and events across multiple products, into high fidelity security interesting incidents. The system looks at multiple products to produce actionable incidents. Custom tailored to each tenant, Fusion not only reduces false positive rates but also can detect attacks with limited or missing information. \nIncidents generated by Fusion system will encase two or more alerts. By design, Fusion incidents are low volume, high fidelity and will be high severity, which is why Fusion is turned ON by default in Azure Sentinel.\n\nFor Fusion to work, please configure the following data sources in Data Connectors tab:\nRequired - Azure Active Directory Identity Protection\nRequired - Microsoft Cloud App Security\nIf Available - Palo Alto Network\n\nFor full list of scenarios covered by Fusion, and detail instructions on how to configure the required data sources, go to aka.ms/SentinelFusion"),
		// 								AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
		// 								DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"),
		// 								Enabled: to.Ptr(false),
		// 								LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-02T07:12:34.906Z"); return t}()),
		// 								Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
		// 								Tactics: []*armsecurityinsights.AttackTactic{
		// 									to.Ptr(armsecurityinsights.AttackTacticPersistence),
		// 									to.Ptr(armsecurityinsights.AttackTacticLateralMovement),
		// 									to.Ptr(armsecurityinsights.AttackTacticExfiltration),
		// 									to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)},
		// 								},
		// 						}},
		// 					}
	}
}

Output:

type AlertRulesClientCreateOrUpdateOptions 

type AlertRulesClientCreateOrUpdateOptions struct {
}

AlertRulesClientCreateOrUpdateOptions contains the optional parameters for the AlertRulesClient.CreateOrUpdate method.

type AlertRulesClientCreateOrUpdateResponse 

type AlertRulesClientCreateOrUpdateResponse struct {
	// Alert rule.
	AlertRuleClassification
}

AlertRulesClientCreateOrUpdateResponse contains the response from method AlertRulesClient.CreateOrUpdate.

func (*AlertRulesClientCreateOrUpdateResponse) UnmarshalJSON added in v0.2.0 

func (a *AlertRulesClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesClientCreateOrUpdateResponse.

type AlertRulesClientDeleteOptions 

type AlertRulesClientDeleteOptions struct {
}

AlertRulesClientDeleteOptions contains the optional parameters for the AlertRulesClient.Delete method.

type AlertRulesClientDeleteResponse 

type AlertRulesClientDeleteResponse struct {
}

AlertRulesClientDeleteResponse contains the response from method AlertRulesClient.Delete.

type AlertRulesClientGetOptions 

type AlertRulesClientGetOptions struct {
}

AlertRulesClientGetOptions contains the optional parameters for the AlertRulesClient.Get method.

type AlertRulesClientGetResponse 

type AlertRulesClientGetResponse struct {
	// Alert rule.
	AlertRuleClassification
}

AlertRulesClientGetResponse contains the response from method AlertRulesClient.Get.

func (*AlertRulesClientGetResponse) UnmarshalJSON added in v0.2.0 

func (a *AlertRulesClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesClientGetResponse.

type AlertRulesClientListOptions 

type AlertRulesClientListOptions struct {
}

AlertRulesClientListOptions contains the optional parameters for the AlertRulesClient.NewListPager method.

type AlertRulesClientListResponse 

type AlertRulesClientListResponse struct {
	// List all the alert rules.
	AlertRulesList
}

AlertRulesClientListResponse contains the response from method AlertRulesClient.NewListPager.

type AlertRulesList 

type AlertRulesList struct {
	// REQUIRED; Array of alert rules.
	Value []AlertRuleClassification

	// READ-ONLY; URL to fetch the next set of alert rules.
	NextLink *string
}

AlertRulesList - List all the alert rules.

func (AlertRulesList) MarshalJSON 

func (a AlertRulesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRulesList.

func (*AlertRulesList) UnmarshalJSON 

func (a *AlertRulesList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesList.

type AlertSeverity 

type AlertSeverity string

AlertSeverity - The severity of the alert 

const (
	// AlertSeverityHigh - High severity
	AlertSeverityHigh AlertSeverity = "High"
	// AlertSeverityInformational - Informational severity
	AlertSeverityInformational AlertSeverity = "Informational"
	// AlertSeverityLow - Low severity
	AlertSeverityLow AlertSeverity = "Low"
	// AlertSeverityMedium - Medium severity
	AlertSeverityMedium AlertSeverity = "Medium"
)

func PossibleAlertSeverityValues 

func PossibleAlertSeverityValues() []AlertSeverity

PossibleAlertSeverityValues returns the possible values for the AlertSeverity const type.

type AlertStatus 

type AlertStatus string

AlertStatus - The lifecycle status of the alert. 

const (
	// AlertStatusDismissed - Alert dismissed as false positive
	AlertStatusDismissed AlertStatus = "Dismissed"
	// AlertStatusInProgress - Alert is being handled
	AlertStatusInProgress AlertStatus = "InProgress"
	// AlertStatusNew - New alert
	AlertStatusNew AlertStatus = "New"
	// AlertStatusResolved - Alert closed after handling
	AlertStatusResolved AlertStatus = "Resolved"
	// AlertStatusUnknown - Unknown value
	AlertStatusUnknown AlertStatus = "Unknown"
)

func PossibleAlertStatusValues 

func PossibleAlertStatusValues() []AlertStatus

PossibleAlertStatusValues returns the possible values for the AlertStatus const type.

type AlertsDataTypeOfDataConnector 

type AlertsDataTypeOfDataConnector struct {
	// Alerts data type connection.
	Alerts *DataConnectorDataTypeCommon
}

AlertsDataTypeOfDataConnector - Alerts data type for data connectors.

func (AlertsDataTypeOfDataConnector) MarshalJSON added in v1.1.0 

func (a AlertsDataTypeOfDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertsDataTypeOfDataConnector.

func (*AlertsDataTypeOfDataConnector) UnmarshalJSON added in v1.1.0 

func (a *AlertsDataTypeOfDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertsDataTypeOfDataConnector.

type AntispamMailDirection 

type AntispamMailDirection string

AntispamMailDirection - The directionality of this mail message 

const (
	// AntispamMailDirectionInbound - Inbound
	AntispamMailDirectionInbound AntispamMailDirection = "Inbound"
	// AntispamMailDirectionIntraorg - Intraorg
	AntispamMailDirectionIntraorg AntispamMailDirection = "Intraorg"
	// AntispamMailDirectionOutbound - Outbound
	AntispamMailDirectionOutbound AntispamMailDirection = "Outbound"
	// AntispamMailDirectionUnknown - Unknown
	AntispamMailDirectionUnknown AntispamMailDirection = "Unknown"
)

func PossibleAntispamMailDirectionValues 

func PossibleAntispamMailDirectionValues() []AntispamMailDirection

PossibleAntispamMailDirectionValues returns the possible values for the AntispamMailDirection const type.

type AttackTactic 

type AttackTactic string

AttackTactic - The severity for alerts created by this alert rule. 

const (
	AttackTacticCollection          AttackTactic = "Collection"
	AttackTacticCommandAndControl   AttackTactic = "CommandAndControl"
	AttackTacticCredentialAccess    AttackTactic = "CredentialAccess"
	AttackTacticDefenseEvasion      AttackTactic = "DefenseEvasion"
	AttackTacticDiscovery           AttackTactic = "Discovery"
	AttackTacticExecution           AttackTactic = "Execution"
	AttackTacticExfiltration        AttackTactic = "Exfiltration"
	AttackTacticImpact              AttackTactic = "Impact"
	AttackTacticInitialAccess       AttackTactic = "InitialAccess"
	AttackTacticLateralMovement     AttackTactic = "LateralMovement"
	AttackTacticPersistence         AttackTactic = "Persistence"
	AttackTacticPreAttack           AttackTactic = "PreAttack"
	AttackTacticPrivilegeEscalation AttackTactic = "PrivilegeEscalation"
)

func PossibleAttackTacticValues 

func PossibleAttackTacticValues() []AttackTactic

PossibleAttackTacticValues returns the possible values for the AttackTactic const type.

type AutomationRule 

type AutomationRule struct {
	// REQUIRED; Automation rule properties
	Properties *AutomationRuleProperties

	// Etag of the azure resource
	Etag *string

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

func (AutomationRule) MarshalJSON added in v1.1.0 

func (a AutomationRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRule.

func (*AutomationRule) UnmarshalJSON added in v1.1.0 

func (a *AutomationRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRule.

type AutomationRuleAction 

type AutomationRuleAction struct {
	// REQUIRED; The type of the automation rule action
	ActionType *ActionType

	// REQUIRED
	Order *int32
}

AutomationRuleAction - Describes an automation rule action

func (*AutomationRuleAction) GetAutomationRuleAction 

func (a *AutomationRuleAction) GetAutomationRuleAction() *AutomationRuleAction

GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleAction.

func (AutomationRuleAction) MarshalJSON added in v1.1.0 

func (a AutomationRuleAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleAction.

func (*AutomationRuleAction) UnmarshalJSON added in v1.1.0 

func (a *AutomationRuleAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleAction.

type AutomationRuleActionClassification 

type AutomationRuleActionClassification interface {
	// GetAutomationRuleAction returns the AutomationRuleAction content of the underlying type.
	GetAutomationRuleAction() *AutomationRuleAction
}

AutomationRuleActionClassification provides polymorphic access to related types. Call the interface's GetAutomationRuleAction() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AutomationRuleAction, *AutomationRuleModifyPropertiesAction, *AutomationRuleRunPlaybookAction

type AutomationRuleCondition 

type AutomationRuleCondition struct {
	// REQUIRED
	ConditionType *ConditionType
}

AutomationRuleCondition - Describes an automation rule condition

func (*AutomationRuleCondition) GetAutomationRuleCondition 

func (a *AutomationRuleCondition) GetAutomationRuleCondition() *AutomationRuleCondition

GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type AutomationRuleCondition.

func (AutomationRuleCondition) MarshalJSON added in v1.1.0 

func (a AutomationRuleCondition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleCondition.

func (*AutomationRuleCondition) UnmarshalJSON added in v1.1.0 

func (a *AutomationRuleCondition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleCondition.

type AutomationRuleConditionClassification 

type AutomationRuleConditionClassification interface {
	// GetAutomationRuleCondition returns the AutomationRuleCondition content of the underlying type.
	GetAutomationRuleCondition() *AutomationRuleCondition
}

AutomationRuleConditionClassification provides polymorphic access to related types. Call the interface's GetAutomationRuleCondition() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AutomationRuleCondition, *PropertyConditionProperties

type AutomationRuleModifyPropertiesAction 

type AutomationRuleModifyPropertiesAction struct {
	// REQUIRED; The type of the automation rule action
	ActionType *ActionType

	// REQUIRED
	Order               *int32
	ActionConfiguration *IncidentPropertiesAction
}

AutomationRuleModifyPropertiesAction - Describes an automation rule action to modify an object's properties.

func (*AutomationRuleModifyPropertiesAction) GetAutomationRuleAction 

func (a *AutomationRuleModifyPropertiesAction) GetAutomationRuleAction() *AutomationRuleAction

GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleModifyPropertiesAction.

func (AutomationRuleModifyPropertiesAction) MarshalJSON 

func (a AutomationRuleModifyPropertiesAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleModifyPropertiesAction.

func (*AutomationRuleModifyPropertiesAction) UnmarshalJSON 

func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleModifyPropertiesAction.

type AutomationRuleProperties 

type AutomationRuleProperties struct {
	// REQUIRED; The actions to execute when the automation rule is triggered
	Actions []AutomationRuleActionClassification

	// REQUIRED; The display name of the automation rule
	DisplayName *string

	// REQUIRED; The order of execution of the automation rule
	Order *int32

	// REQUIRED; Describes automation rule triggering logic
	TriggeringLogic *AutomationRuleTriggeringLogic

	// READ-ONLY; Information on the client (user or application) that made some action
	CreatedBy *ClientInfo

	// READ-ONLY; The time the automation rule was created
	CreatedTimeUTC *time.Time

	// READ-ONLY; Information on the client (user or application) that made some action
	LastModifiedBy *ClientInfo

	// READ-ONLY; The last time the automation rule was updated
	LastModifiedTimeUTC *time.Time
}

AutomationRuleProperties - Automation rule properties

func (AutomationRuleProperties) MarshalJSON 

func (a AutomationRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleProperties.

func (*AutomationRuleProperties) UnmarshalJSON 

func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleProperties.

type AutomationRulePropertyConditionSupportedOperator 

type AutomationRulePropertyConditionSupportedOperator string
const (
	// AutomationRulePropertyConditionSupportedOperatorContains - Evaluates if the property contains at least one of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorContains AutomationRulePropertyConditionSupportedOperator = "Contains"
	// AutomationRulePropertyConditionSupportedOperatorEndsWith - Evaluates if the property ends with any of the condition values
	AutomationRulePropertyConditionSupportedOperatorEndsWith AutomationRulePropertyConditionSupportedOperator = "EndsWith"
	// AutomationRulePropertyConditionSupportedOperatorEquals - Evaluates if the property equals at least one of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorEquals AutomationRulePropertyConditionSupportedOperator = "Equals"
	// AutomationRulePropertyConditionSupportedOperatorNotContains - Evaluates if the property does not contain any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorNotContains AutomationRulePropertyConditionSupportedOperator = "NotContains"
	// AutomationRulePropertyConditionSupportedOperatorNotEndsWith - Evaluates if the property does not end with any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorNotEndsWith AutomationRulePropertyConditionSupportedOperator = "NotEndsWith"
	// AutomationRulePropertyConditionSupportedOperatorNotEquals - Evaluates if the property does not equal any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorNotEquals AutomationRulePropertyConditionSupportedOperator = "NotEquals"
	// AutomationRulePropertyConditionSupportedOperatorNotStartsWith - Evaluates if the property does not start with any of the
	// condition values
	AutomationRulePropertyConditionSupportedOperatorNotStartsWith AutomationRulePropertyConditionSupportedOperator = "NotStartsWith"
	// AutomationRulePropertyConditionSupportedOperatorStartsWith - Evaluates if the property starts with any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorStartsWith AutomationRulePropertyConditionSupportedOperator = "StartsWith"
)

func PossibleAutomationRulePropertyConditionSupportedOperatorValues 

func PossibleAutomationRulePropertyConditionSupportedOperatorValues() []AutomationRulePropertyConditionSupportedOperator

PossibleAutomationRulePropertyConditionSupportedOperatorValues returns the possible values for the AutomationRulePropertyConditionSupportedOperator const type.

type AutomationRulePropertyConditionSupportedProperty 

type AutomationRulePropertyConditionSupportedProperty string

AutomationRulePropertyConditionSupportedProperty - The property to evaluate in an automation rule property condition 

const (
	// AutomationRulePropertyConditionSupportedPropertyAccountAADTenantID - The account Azure Active Directory tenant id
	AutomationRulePropertyConditionSupportedPropertyAccountAADTenantID AutomationRulePropertyConditionSupportedProperty = "AccountAadTenantId"
	// AutomationRulePropertyConditionSupportedPropertyAccountAADUserID - The account Azure Active Directory user id
	AutomationRulePropertyConditionSupportedPropertyAccountAADUserID AutomationRulePropertyConditionSupportedProperty = "AccountAadUserId"
	// AutomationRulePropertyConditionSupportedPropertyAccountNTDomain - The account NetBIOS domain name
	AutomationRulePropertyConditionSupportedPropertyAccountNTDomain AutomationRulePropertyConditionSupportedProperty = "AccountNTDomain"
	// AutomationRulePropertyConditionSupportedPropertyAccountName - The account name
	AutomationRulePropertyConditionSupportedPropertyAccountName AutomationRulePropertyConditionSupportedProperty = "AccountName"
	// AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID - The account unique identifier
	AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID AutomationRulePropertyConditionSupportedProperty = "AccountObjectGuid"
	// AutomationRulePropertyConditionSupportedPropertyAccountPUID - The account Azure Active Directory Passport User ID
	AutomationRulePropertyConditionSupportedPropertyAccountPUID AutomationRulePropertyConditionSupportedProperty = "AccountPUID"
	// AutomationRulePropertyConditionSupportedPropertyAccountSid - The account security identifier
	AutomationRulePropertyConditionSupportedPropertyAccountSid AutomationRulePropertyConditionSupportedProperty = "AccountSid"
	// AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix - The account user principal name suffix
	AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix AutomationRulePropertyConditionSupportedProperty = "AccountUPNSuffix"
	// AutomationRulePropertyConditionSupportedPropertyAlertProductNames - The name of the product of the alert
	AutomationRulePropertyConditionSupportedPropertyAlertProductNames AutomationRulePropertyConditionSupportedProperty = "AlertProductNames"
	// AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID - The Azure resource id
	AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID AutomationRulePropertyConditionSupportedProperty = "AzureResourceResourceId"
	// AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID - The Azure resource subscription id
	AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID AutomationRulePropertyConditionSupportedProperty = "AzureResourceSubscriptionId"
	// AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID - The cloud application identifier
	AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppId"
	// AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName - The cloud application name
	AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppName"
	// AutomationRulePropertyConditionSupportedPropertyDNSDomainName - The dns record domain name
	AutomationRulePropertyConditionSupportedPropertyDNSDomainName AutomationRulePropertyConditionSupportedProperty = "DNSDomainName"
	// AutomationRulePropertyConditionSupportedPropertyFileDirectory - The file directory full path
	AutomationRulePropertyConditionSupportedPropertyFileDirectory AutomationRulePropertyConditionSupportedProperty = "FileDirectory"
	// AutomationRulePropertyConditionSupportedPropertyFileHashValue - The file hash value
	AutomationRulePropertyConditionSupportedPropertyFileHashValue AutomationRulePropertyConditionSupportedProperty = "FileHashValue"
	// AutomationRulePropertyConditionSupportedPropertyFileName - The file name without path
	AutomationRulePropertyConditionSupportedPropertyFileName AutomationRulePropertyConditionSupportedProperty = "FileName"
	// AutomationRulePropertyConditionSupportedPropertyHostAzureID - The host Azure resource id
	AutomationRulePropertyConditionSupportedPropertyHostAzureID AutomationRulePropertyConditionSupportedProperty = "HostAzureID"
	// AutomationRulePropertyConditionSupportedPropertyHostNTDomain - The host NT domain
	AutomationRulePropertyConditionSupportedPropertyHostNTDomain AutomationRulePropertyConditionSupportedProperty = "HostNTDomain"
	// AutomationRulePropertyConditionSupportedPropertyHostName - The host name without domain
	AutomationRulePropertyConditionSupportedPropertyHostName AutomationRulePropertyConditionSupportedProperty = "HostName"
	// AutomationRulePropertyConditionSupportedPropertyHostNetBiosName - The host NetBIOS name
	AutomationRulePropertyConditionSupportedPropertyHostNetBiosName AutomationRulePropertyConditionSupportedProperty = "HostNetBiosName"
	// AutomationRulePropertyConditionSupportedPropertyHostOSVersion - The host operating system
	AutomationRulePropertyConditionSupportedPropertyHostOSVersion AutomationRulePropertyConditionSupportedProperty = "HostOSVersion"
	// AutomationRulePropertyConditionSupportedPropertyIPAddress - The IP address
	AutomationRulePropertyConditionSupportedPropertyIPAddress AutomationRulePropertyConditionSupportedProperty = "IPAddress"
	// AutomationRulePropertyConditionSupportedPropertyIncidentDescription - The description of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentDescription AutomationRulePropertyConditionSupportedProperty = "IncidentDescription"
	// AutomationRulePropertyConditionSupportedPropertyIncidentLabel - The labels of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentLabel AutomationRulePropertyConditionSupportedProperty = "IncidentLabel"
	// AutomationRulePropertyConditionSupportedPropertyIncidentProviderName - The provider name of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentProviderName AutomationRulePropertyConditionSupportedProperty = "IncidentProviderName"
	// AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs - The related Analytic rule ids of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs AutomationRulePropertyConditionSupportedProperty = "IncidentRelatedAnalyticRuleIds"
	// AutomationRulePropertyConditionSupportedPropertyIncidentSeverity - The severity of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentSeverity AutomationRulePropertyConditionSupportedProperty = "IncidentSeverity"
	// AutomationRulePropertyConditionSupportedPropertyIncidentStatus - The status of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentStatus AutomationRulePropertyConditionSupportedProperty = "IncidentStatus"
	// AutomationRulePropertyConditionSupportedPropertyIncidentTactics - The tactics of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentTactics AutomationRulePropertyConditionSupportedProperty = "IncidentTactics"
	// AutomationRulePropertyConditionSupportedPropertyIncidentTitle - The title of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentTitle AutomationRulePropertyConditionSupportedProperty = "IncidentTitle"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceID - "The IoT device id
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceID AutomationRulePropertyConditionSupportedProperty = "IoTDeviceId"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel - The IoT device model
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel AutomationRulePropertyConditionSupportedProperty = "IoTDeviceModel"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceName - The IoT device name
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceName AutomationRulePropertyConditionSupportedProperty = "IoTDeviceName"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem - The IoT device operating system
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem AutomationRulePropertyConditionSupportedProperty = "IoTDeviceOperatingSystem"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceType - The IoT device type
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceType AutomationRulePropertyConditionSupportedProperty = "IoTDeviceType"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor - The IoT device vendor
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor AutomationRulePropertyConditionSupportedProperty = "IoTDeviceVendor"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction - The mail message delivery action
	AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryAction"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation - The mail message delivery location
	AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryLocation"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender - The mail message P1 sender
	AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP1Sender"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender - The mail message P2 sender
	AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP2Sender"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient - The mail message recipient
	AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient AutomationRulePropertyConditionSupportedProperty = "MailMessageRecipient"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP - The mail message sender IP address
	AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP AutomationRulePropertyConditionSupportedProperty = "MailMessageSenderIP"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageSubject - The mail message subject
	AutomationRulePropertyConditionSupportedPropertyMailMessageSubject AutomationRulePropertyConditionSupportedProperty = "MailMessageSubject"
	// AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName - The mailbox display name
	AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName AutomationRulePropertyConditionSupportedProperty = "MailboxDisplayName"
	// AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress - The mailbox primary address
	AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress AutomationRulePropertyConditionSupportedProperty = "MailboxPrimaryAddress"
	// AutomationRulePropertyConditionSupportedPropertyMailboxUPN - The mailbox user principal name
	AutomationRulePropertyConditionSupportedPropertyMailboxUPN AutomationRulePropertyConditionSupportedProperty = "MailboxUPN"
	// AutomationRulePropertyConditionSupportedPropertyMalwareCategory - The malware category
	AutomationRulePropertyConditionSupportedPropertyMalwareCategory AutomationRulePropertyConditionSupportedProperty = "MalwareCategory"
	// AutomationRulePropertyConditionSupportedPropertyMalwareName - The malware name
	AutomationRulePropertyConditionSupportedPropertyMalwareName AutomationRulePropertyConditionSupportedProperty = "MalwareName"
	// AutomationRulePropertyConditionSupportedPropertyProcessCommandLine - The process execution command line
	AutomationRulePropertyConditionSupportedPropertyProcessCommandLine AutomationRulePropertyConditionSupportedProperty = "ProcessCommandLine"
	// AutomationRulePropertyConditionSupportedPropertyProcessID - The process id
	AutomationRulePropertyConditionSupportedPropertyProcessID AutomationRulePropertyConditionSupportedProperty = "ProcessId"
	// AutomationRulePropertyConditionSupportedPropertyRegistryKey - The registry key path
	AutomationRulePropertyConditionSupportedPropertyRegistryKey AutomationRulePropertyConditionSupportedProperty = "RegistryKey"
	// AutomationRulePropertyConditionSupportedPropertyRegistryValueData - The registry key value in string formatted representation
	AutomationRulePropertyConditionSupportedPropertyRegistryValueData AutomationRulePropertyConditionSupportedProperty = "RegistryValueData"
	// AutomationRulePropertyConditionSupportedPropertyURL - The url
	AutomationRulePropertyConditionSupportedPropertyURL AutomationRulePropertyConditionSupportedProperty = "Url"
)

func PossibleAutomationRulePropertyConditionSupportedPropertyValues 

func PossibleAutomationRulePropertyConditionSupportedPropertyValues() []AutomationRulePropertyConditionSupportedProperty

PossibleAutomationRulePropertyConditionSupportedPropertyValues returns the possible values for the AutomationRulePropertyConditionSupportedProperty const type.

type AutomationRulePropertyValuesCondition 

type AutomationRulePropertyValuesCondition struct {
	Operator *AutomationRulePropertyConditionSupportedOperator

	// The property to evaluate in an automation rule property condition
	PropertyName   *AutomationRulePropertyConditionSupportedProperty
	PropertyValues []*string
}

func (AutomationRulePropertyValuesCondition) MarshalJSON 

func (a AutomationRulePropertyValuesCondition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesCondition.

func (*AutomationRulePropertyValuesCondition) UnmarshalJSON added in v1.1.0 

func (a *AutomationRulePropertyValuesCondition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyValuesCondition.

type AutomationRuleRunPlaybookAction 

type AutomationRuleRunPlaybookAction struct {
	// REQUIRED; The type of the automation rule action
	ActionType *ActionType

	// REQUIRED
	Order               *int32
	ActionConfiguration *PlaybookActionProperties
}

AutomationRuleRunPlaybookAction - Describes an automation rule action to run a playbook

func (*AutomationRuleRunPlaybookAction) GetAutomationRuleAction 

func (a *AutomationRuleRunPlaybookAction) GetAutomationRuleAction() *AutomationRuleAction

GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleRunPlaybookAction.

func (AutomationRuleRunPlaybookAction) MarshalJSON 

func (a AutomationRuleRunPlaybookAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleRunPlaybookAction.

func (*AutomationRuleRunPlaybookAction) UnmarshalJSON 

func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleRunPlaybookAction.

type AutomationRuleTriggeringLogic 

type AutomationRuleTriggeringLogic struct {
	// REQUIRED; Determines whether the automation rule is enabled or disabled
	IsEnabled *bool

	// REQUIRED
	TriggersOn *TriggersOn

	// REQUIRED
	TriggersWhen *TriggersWhen

	// The conditions to evaluate to determine if the automation rule should be triggered on a given object
	Conditions []AutomationRuleConditionClassification

	// Determines when the automation rule should automatically expire and be disabled.
	ExpirationTimeUTC *time.Time
}

AutomationRuleTriggeringLogic - Describes automation rule triggering logic

func (AutomationRuleTriggeringLogic) MarshalJSON 

func (a AutomationRuleTriggeringLogic) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleTriggeringLogic.

func (*AutomationRuleTriggeringLogic) UnmarshalJSON 

func (a *AutomationRuleTriggeringLogic) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleTriggeringLogic.

type AutomationRulesClient 

type AutomationRulesClient struct {
	// contains filtered or unexported fields
}

AutomationRulesClient contains the methods for the AutomationRules group. Don't use this type directly, use NewAutomationRulesClient() instead.

func NewAutomationRulesClient 

func NewAutomationRulesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*AutomationRulesClient, error)

NewAutomationRulesClient creates a new instance of AutomationRulesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*AutomationRulesClient) CreateOrUpdate 

func (client *AutomationRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, options *AutomationRulesClientCreateOrUpdateOptions) (AutomationRulesClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the automation rule If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • automationRuleID - Automation rule ID
  • options - AutomationRulesClientCreateOrUpdateOptions contains the optional parameters for the AutomationRulesClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/automationRules/AutomationRules_CreateOrUpdate.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAutomationRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.AutomationRulesClientCreateOrUpdateOptions{AutomationRuleToUpsert: nil})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AutomationRule = armsecurityinsights.AutomationRule{
	// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/automationRules"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 	Properties: &armsecurityinsights.AutomationRuleProperties{
	// 		Actions: []armsecurityinsights.AutomationRuleActionClassification{
	// 			&armsecurityinsights.AutomationRuleModifyPropertiesAction{
	// 				ActionType: to.Ptr(armsecurityinsights.ActionTypeModifyProperties),
	// 				Order: to.Ptr[int32](1),
	// 				ActionConfiguration: &armsecurityinsights.IncidentPropertiesAction{
	// 					Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
	// 				},
	// 		}},
	// 		CreatedBy: &armsecurityinsights.ClientInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john.doe@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 			UserPrincipalName: to.Ptr("john@contoso.com"),
	// 		},
	// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:00.000Z"); return t}()),
	// 		DisplayName: to.Ptr("High severity incidents escalation"),
	// 		LastModifiedBy: &armsecurityinsights.ClientInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john.doe@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 			UserPrincipalName: to.Ptr("john@contoso.com"),
	// 		},
	// 		LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()),
	// 		Order: to.Ptr[int32](1),
	// 		TriggeringLogic: &armsecurityinsights.AutomationRuleTriggeringLogic{
	// 			Conditions: []armsecurityinsights.AutomationRuleConditionClassification{
	// 				&armsecurityinsights.PropertyConditionProperties{
	// 					ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty),
	// 					ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{
	// 						Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorContains),
	// 						PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs),
	// 						PropertyValues: []*string{
	// 							to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
	// 							to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")},
	// 						},
	// 				}},
	// 				IsEnabled: to.Ptr(true),
	// 				TriggersOn: to.Ptr(armsecurityinsights.TriggersOnIncidents),
	// 				TriggersWhen: to.Ptr(armsecurityinsights.TriggersWhenCreated),
	// 			},
	// 		},
	// 	}
}

Output:

func (*AutomationRulesClient) Delete 

func (client *AutomationRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, options *AutomationRulesClientDeleteOptions) (AutomationRulesClientDeleteResponse, error)

Delete - Delete the automation rule If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • automationRuleID - Automation rule ID
  • options - AutomationRulesClientDeleteOptions contains the optional parameters for the AutomationRulesClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/automationRules/AutomationRules_Delete.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAutomationRulesClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Interface = map[string]any{
	// }
}

Output:

func (*AutomationRulesClient) Get 

func (client *AutomationRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, options *AutomationRulesClientGetOptions) (AutomationRulesClientGetResponse, error)

Get - Gets the automation rule If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • automationRuleID - Automation rule ID
  • options - AutomationRulesClientGetOptions contains the optional parameters for the AutomationRulesClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/automationRules/AutomationRules_Get.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAutomationRulesClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AutomationRule = armsecurityinsights.AutomationRule{
	// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/automationRules"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 	Properties: &armsecurityinsights.AutomationRuleProperties{
	// 		Actions: []armsecurityinsights.AutomationRuleActionClassification{
	// 			&armsecurityinsights.AutomationRuleModifyPropertiesAction{
	// 				ActionType: to.Ptr(armsecurityinsights.ActionTypeModifyProperties),
	// 				Order: to.Ptr[int32](1),
	// 				ActionConfiguration: &armsecurityinsights.IncidentPropertiesAction{
	// 					Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
	// 				},
	// 		}},
	// 		CreatedBy: &armsecurityinsights.ClientInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john.doe@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 			UserPrincipalName: to.Ptr("john@contoso.com"),
	// 		},
	// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:00.000Z"); return t}()),
	// 		DisplayName: to.Ptr("High severity incidents escalation"),
	// 		LastModifiedBy: &armsecurityinsights.ClientInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john.doe@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 			UserPrincipalName: to.Ptr("john@contoso.com"),
	// 		},
	// 		LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()),
	// 		Order: to.Ptr[int32](1),
	// 		TriggeringLogic: &armsecurityinsights.AutomationRuleTriggeringLogic{
	// 			Conditions: []armsecurityinsights.AutomationRuleConditionClassification{
	// 				&armsecurityinsights.PropertyConditionProperties{
	// 					ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty),
	// 					ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{
	// 						Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorContains),
	// 						PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs),
	// 						PropertyValues: []*string{
	// 							to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
	// 							to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")},
	// 						},
	// 				}},
	// 				IsEnabled: to.Ptr(true),
	// 				TriggersOn: to.Ptr(armsecurityinsights.TriggersOnIncidents),
	// 				TriggersWhen: to.Ptr(armsecurityinsights.TriggersWhenCreated),
	// 			},
	// 		},
	// 	}
}

Output:

func (*AutomationRulesClient) NewListPager added in v0.3.0 

func (client *AutomationRulesClient) NewListPager(resourceGroupName string, workspaceName string, options *AutomationRulesClientListOptions) *runtime.Pager[AutomationRulesClientListResponse]

NewListPager - Gets all automation rules

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - AutomationRulesClientListOptions contains the optional parameters for the AutomationRulesClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/automationRules/AutomationRules_List.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAutomationRulesClient().NewListPager("myRg", "myWorkspace", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AutomationRulesList = armsecurityinsights.AutomationRulesList{
		// 	Value: []*armsecurityinsights.AutomationRule{
		// 		{
		// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/automationRules"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Properties: &armsecurityinsights.AutomationRuleProperties{
		// 				Actions: []armsecurityinsights.AutomationRuleActionClassification{
		// 					&armsecurityinsights.AutomationRuleModifyPropertiesAction{
		// 						ActionType: to.Ptr(armsecurityinsights.ActionTypeModifyProperties),
		// 						Order: to.Ptr[int32](1),
		// 						ActionConfiguration: &armsecurityinsights.IncidentPropertiesAction{
		// 							Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
		// 						},
		// 				}},
		// 				CreatedBy: &armsecurityinsights.ClientInfo{
		// 					Name: to.Ptr("john doe"),
		// 					Email: to.Ptr("john.doe@contoso.com"),
		// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		// 					UserPrincipalName: to.Ptr("john@contoso.com"),
		// 				},
		// 				CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:00.000Z"); return t}()),
		// 				DisplayName: to.Ptr("High severity incidents escalation"),
		// 				LastModifiedBy: &armsecurityinsights.ClientInfo{
		// 					Name: to.Ptr("john doe"),
		// 					Email: to.Ptr("john.doe@contoso.com"),
		// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		// 					UserPrincipalName: to.Ptr("john@contoso.com"),
		// 				},
		// 				LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()),
		// 				Order: to.Ptr[int32](1),
		// 				TriggeringLogic: &armsecurityinsights.AutomationRuleTriggeringLogic{
		// 					Conditions: []armsecurityinsights.AutomationRuleConditionClassification{
		// 						&armsecurityinsights.PropertyConditionProperties{
		// 							ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty),
		// 							ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{
		// 								Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorContains),
		// 								PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs),
		// 								PropertyValues: []*string{
		// 									to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
		// 									to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")},
		// 								},
		// 						}},
		// 						IsEnabled: to.Ptr(true),
		// 						TriggersOn: to.Ptr(armsecurityinsights.TriggersOnIncidents),
		// 						TriggersWhen: to.Ptr(armsecurityinsights.TriggersWhenCreated),
		// 					},
		// 				},
		// 		}},
		// 	}
	}
}

Output:

type AutomationRulesClientCreateOrUpdateOptions 

type AutomationRulesClientCreateOrUpdateOptions struct {
	// The automation rule
	AutomationRuleToUpsert *AutomationRule
}

AutomationRulesClientCreateOrUpdateOptions contains the optional parameters for the AutomationRulesClient.CreateOrUpdate method.

type AutomationRulesClientCreateOrUpdateResponse 

type AutomationRulesClientCreateOrUpdateResponse struct {
	AutomationRule
}

AutomationRulesClientCreateOrUpdateResponse contains the response from method AutomationRulesClient.CreateOrUpdate.

type AutomationRulesClientDeleteOptions 

type AutomationRulesClientDeleteOptions struct {
}

AutomationRulesClientDeleteOptions contains the optional parameters for the AutomationRulesClient.Delete method.

type AutomationRulesClientDeleteResponse 

type AutomationRulesClientDeleteResponse struct {
	// Anything
	Interface any
}

AutomationRulesClientDeleteResponse contains the response from method AutomationRulesClient.Delete.

type AutomationRulesClientGetOptions 

type AutomationRulesClientGetOptions struct {
}

AutomationRulesClientGetOptions contains the optional parameters for the AutomationRulesClient.Get method.

type AutomationRulesClientGetResponse 

type AutomationRulesClientGetResponse struct {
	AutomationRule
}

AutomationRulesClientGetResponse contains the response from method AutomationRulesClient.Get.

type AutomationRulesClientListOptions 

type AutomationRulesClientListOptions struct {
}

AutomationRulesClientListOptions contains the optional parameters for the AutomationRulesClient.NewListPager method.

type AutomationRulesClientListResponse 

type AutomationRulesClientListResponse struct {
	AutomationRulesList
}

AutomationRulesClientListResponse contains the response from method AutomationRulesClient.NewListPager.

type AutomationRulesList 

type AutomationRulesList struct {
	NextLink *string
	Value    []*AutomationRule
}

func (AutomationRulesList) MarshalJSON 

func (a AutomationRulesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRulesList.

func (*AutomationRulesList) UnmarshalJSON added in v1.1.0 

func (a *AutomationRulesList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulesList.

type AwsCloudTrailDataConnector 

type AwsCloudTrailDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind

	// Etag of the azure resource
	Etag *string

	// Amazon Web Services CloudTrail data connector properties.
	Properties *AwsCloudTrailDataConnectorProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

AwsCloudTrailDataConnector - Represents Amazon Web Services CloudTrail data connector.

func (*AwsCloudTrailDataConnector) GetDataConnector 

func (a *AwsCloudTrailDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) MarshalJSON 

func (a AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnector.

func (*AwsCloudTrailDataConnector) UnmarshalJSON 

func (a *AwsCloudTrailDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnector.

type AwsCloudTrailDataConnectorDataTypes 

type AwsCloudTrailDataConnectorDataTypes struct {
	// Logs data type.
	Logs *AwsCloudTrailDataConnectorDataTypesLogs
}

AwsCloudTrailDataConnectorDataTypes - The available data types for Amazon Web Services CloudTrail data connector.

func (AwsCloudTrailDataConnectorDataTypes) MarshalJSON added in v1.1.0 

func (a AwsCloudTrailDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorDataTypes.

func (*AwsCloudTrailDataConnectorDataTypes) UnmarshalJSON added in v1.1.0 

func (a *AwsCloudTrailDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorDataTypes.

type AwsCloudTrailDataConnectorDataTypesLogs 

type AwsCloudTrailDataConnectorDataTypesLogs struct {
	// Describe whether this data type connection is enabled or not.
	State *DataTypeState
}

AwsCloudTrailDataConnectorDataTypesLogs - Logs data type.

func (AwsCloudTrailDataConnectorDataTypesLogs) MarshalJSON added in v1.1.0 

func (a AwsCloudTrailDataConnectorDataTypesLogs) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorDataTypesLogs.

func (*AwsCloudTrailDataConnectorDataTypesLogs) UnmarshalJSON added in v1.1.0 

func (a *AwsCloudTrailDataConnectorDataTypesLogs) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorDataTypesLogs.

type AwsCloudTrailDataConnectorProperties 

type AwsCloudTrailDataConnectorProperties struct {
	// The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
	AwsRoleArn *string

	// The available data types for the connector.
	DataTypes *AwsCloudTrailDataConnectorDataTypes
}

AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.

func (AwsCloudTrailDataConnectorProperties) MarshalJSON added in v1.1.0 

func (a AwsCloudTrailDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorProperties.

func (*AwsCloudTrailDataConnectorProperties) UnmarshalJSON added in v1.1.0 

func (a *AwsCloudTrailDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorProperties.

type AzureResourceEntity 

type AzureResourceEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// AzureResource entity properties
	Properties *AzureResourceEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

AzureResourceEntity - Represents an azure resource entity.

func (*AzureResourceEntity) GetEntity 

func (a *AzureResourceEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type AzureResourceEntity.

func (AzureResourceEntity) MarshalJSON 

func (a AzureResourceEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AzureResourceEntity.

func (*AzureResourceEntity) UnmarshalJSON 

func (a *AzureResourceEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntity.

type AzureResourceEntityProperties 

type AzureResourceEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The azure resource id of the resource
	ResourceID *string

	// READ-ONLY; The subscription id of the resource
	SubscriptionID *string
}

AzureResourceEntityProperties - AzureResource entity property bag.

func (AzureResourceEntityProperties) MarshalJSON 

func (a AzureResourceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AzureResourceEntityProperties.

func (*AzureResourceEntityProperties) UnmarshalJSON added in v1.1.0 

func (a *AzureResourceEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntityProperties.

type Bookmark 

type Bookmark struct {
	// Etag of the azure resource
	Etag *string

	// Bookmark properties
	Properties *BookmarkProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

Bookmark - Represents a bookmark in Azure Security Insights.

func (Bookmark) MarshalJSON added in v1.1.0 

func (b Bookmark) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Bookmark.

func (*Bookmark) UnmarshalJSON added in v1.1.0 

func (b *Bookmark) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Bookmark.

type BookmarkList 

type BookmarkList struct {
	// REQUIRED; Array of bookmarks.
	Value []*Bookmark

	// READ-ONLY; URL to fetch the next set of cases.
	NextLink *string
}

BookmarkList - List all the bookmarks.

func (BookmarkList) MarshalJSON 

func (b BookmarkList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkList.

func (*BookmarkList) UnmarshalJSON added in v1.1.0 

func (b *BookmarkList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkList.

type BookmarkProperties 

type BookmarkProperties struct {
	// REQUIRED; The display name of the bookmark
	DisplayName *string

	// REQUIRED; The query of the bookmark.
	Query *string

	// The time the bookmark was created
	Created *time.Time

	// Describes a user that created the bookmark
	CreatedBy *UserInfo

	// The bookmark event time
	EventTime *time.Time

	// Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo

	// List of labels relevant to this bookmark
	Labels []*string

	// The notes of the bookmark
	Notes *string

	// The end time for the query
	QueryEndTime *time.Time

	// The query result of the bookmark.
	QueryResult *string

	// The start time for the query
	QueryStartTime *time.Time

	// The last time the bookmark was updated
	Updated *time.Time

	// Describes a user that updated the bookmark
	UpdatedBy *UserInfo
}

BookmarkProperties - Describes bookmark properties

func (BookmarkProperties) MarshalJSON 

func (b BookmarkProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkProperties.

func (*BookmarkProperties) UnmarshalJSON 

func (b *BookmarkProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkProperties.

type BookmarksClient 

type BookmarksClient struct {
	// contains filtered or unexported fields
}

BookmarksClient contains the methods for the Bookmarks group. Don't use this type directly, use NewBookmarksClient() instead.

func NewBookmarksClient 

func NewBookmarksClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*BookmarksClient, error)

NewBookmarksClient creates a new instance of BookmarksClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*BookmarksClient) CreateOrUpdate 

func (client *BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark Bookmark, options *BookmarksClientCreateOrUpdateOptions) (BookmarksClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the bookmark. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • bookmark - The bookmark
  • options - BookmarksClientCreateOrUpdateOptions contains the optional parameters for the BookmarksClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/bookmarks/CreateBookmark.json 

package main

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewBookmarksClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", armsecurityinsights.Bookmark{
		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		Properties: &armsecurityinsights.BookmarkProperties{
			Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t }()),
			CreatedBy: &armsecurityinsights.UserInfo{
				ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
			},
			DisplayName: to.Ptr("My bookmark"),
			Labels: []*string{
				to.Ptr("Tag1"),
				to.Ptr("Tag2")},
			Notes:       to.Ptr("Found a suspicious activity"),
			Query:       to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"),
			QueryResult: to.Ptr("Security Event query result"),
			Updated:     to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t }()),
			UpdatedBy: &armsecurityinsights.UserInfo{
				ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Bookmark = armsecurityinsights.Bookmark{
	// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 	Properties: &armsecurityinsights.BookmarkProperties{
	// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 		CreatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		DisplayName: to.Ptr("My bookmark"),
	// 		Labels: []*string{
	// 			to.Ptr("Tag1"),
	// 			to.Ptr("Tag2")},
	// 			Notes: to.Ptr("Found a suspicious activity"),
	// 			Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"),
	// 			QueryResult: to.Ptr("Security Event query result"),
	// 			Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 			UpdatedBy: &armsecurityinsights.UserInfo{
	// 				Name: to.Ptr("john doe"),
	// 				Email: to.Ptr("john@contoso.com"),
	// 				ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 			},
	// 		},
	// 	}
}

Output:

func (*BookmarksClient) Delete 

func (client *BookmarksClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarksClientDeleteOptions) (BookmarksClientDeleteResponse, error)

Delete - Delete the bookmark. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • options - BookmarksClientDeleteOptions contains the optional parameters for the BookmarksClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/bookmarks/DeleteBookmark.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewBookmarksClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*BookmarksClient) Get 

func (client *BookmarksClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarksClientGetOptions) (BookmarksClientGetResponse, error)

Get - Gets a bookmark. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • options - BookmarksClientGetOptions contains the optional parameters for the BookmarksClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/bookmarks/GetBookmarkById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewBookmarksClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Bookmark = armsecurityinsights.Bookmark{
	// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 	Properties: &armsecurityinsights.BookmarkProperties{
	// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 		CreatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		DisplayName: to.Ptr("My bookmark"),
	// 		IncidentInfo: &armsecurityinsights.IncidentInfo{
	// 			IncidentID: to.Ptr("DDA55F97-170B-40B9-B8ED-CBFD05481E7D"),
	// 			RelationName: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018"),
	// 			Severity: to.Ptr(armsecurityinsights.IncidentSeverityLow),
	// 			Title: to.Ptr("New case 1"),
	// 		},
	// 		Labels: []*string{
	// 			to.Ptr("Tag1"),
	// 			to.Ptr("Tag2")},
	// 			Notes: to.Ptr("Found a suspicious activity"),
	// 			Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"),
	// 			QueryResult: to.Ptr("Security Event query result"),
	// 			Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 			UpdatedBy: &armsecurityinsights.UserInfo{
	// 				Name: to.Ptr("john doe"),
	// 				Email: to.Ptr("john@contoso.com"),
	// 				ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 			},
	// 		},
	// 	}
}

Output:

func (*BookmarksClient) NewListPager added in v0.3.0 

func (client *BookmarksClient) NewListPager(resourceGroupName string, workspaceName string, options *BookmarksClientListOptions) *runtime.Pager[BookmarksClientListResponse]

NewListPager - Gets all bookmarks.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - BookmarksClientListOptions contains the optional parameters for the BookmarksClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/bookmarks/GetBookmarks.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewBookmarksClient().NewListPager("myRg", "myWorkspace", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.BookmarkList = armsecurityinsights.BookmarkList{
		// 	Value: []*armsecurityinsights.Bookmark{
		// 		{
		// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Properties: &armsecurityinsights.BookmarkProperties{
		// 				Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
		// 				CreatedBy: &armsecurityinsights.UserInfo{
		// 					Name: to.Ptr("john doe"),
		// 					Email: to.Ptr("john@contoso.com"),
		// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		// 				},
		// 				DisplayName: to.Ptr("My bookmark"),
		// 				IncidentInfo: &armsecurityinsights.IncidentInfo{
		// 					IncidentID: to.Ptr("DDA55F97-170B-40B9-B8ED-CBFD05481E7D"),
		// 					RelationName: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018"),
		// 					Severity: to.Ptr(armsecurityinsights.IncidentSeverityLow),
		// 					Title: to.Ptr("New case 1"),
		// 				},
		// 				Labels: []*string{
		// 					to.Ptr("Tag1"),
		// 					to.Ptr("Tag2")},
		// 					Notes: to.Ptr("Found a suspicious activity"),
		// 					Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"),
		// 					QueryResult: to.Ptr("Security Event query result"),
		// 					Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
		// 					UpdatedBy: &armsecurityinsights.UserInfo{
		// 						Name: to.Ptr("john doe"),
		// 						Email: to.Ptr("john@contoso.com"),
		// 						ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		// 					},
		// 				},
		// 		}},
		// 	}
	}
}

Output:

type BookmarksClientCreateOrUpdateOptions 

type BookmarksClientCreateOrUpdateOptions struct {
}

BookmarksClientCreateOrUpdateOptions contains the optional parameters for the BookmarksClient.CreateOrUpdate method.

type BookmarksClientCreateOrUpdateResponse 

type BookmarksClientCreateOrUpdateResponse struct {
	// Represents a bookmark in Azure Security Insights.
	Bookmark
}

BookmarksClientCreateOrUpdateResponse contains the response from method BookmarksClient.CreateOrUpdate.

type BookmarksClientDeleteOptions 

type BookmarksClientDeleteOptions struct {
}

BookmarksClientDeleteOptions contains the optional parameters for the BookmarksClient.Delete method.

type BookmarksClientDeleteResponse 

type BookmarksClientDeleteResponse struct {
}

BookmarksClientDeleteResponse contains the response from method BookmarksClient.Delete.

type BookmarksClientGetOptions 

type BookmarksClientGetOptions struct {
}

BookmarksClientGetOptions contains the optional parameters for the BookmarksClient.Get method.

type BookmarksClientGetResponse 

type BookmarksClientGetResponse struct {
	// Represents a bookmark in Azure Security Insights.
	Bookmark
}

BookmarksClientGetResponse contains the response from method BookmarksClient.Get.

type BookmarksClientListOptions 

type BookmarksClientListOptions struct {
}

BookmarksClientListOptions contains the optional parameters for the BookmarksClient.NewListPager method.

type BookmarksClientListResponse 

type BookmarksClientListResponse struct {
	// List all the bookmarks.
	BookmarkList
}

BookmarksClientListResponse contains the response from method BookmarksClient.NewListPager.

type ClientFactory added in v1.1.0 

type ClientFactory struct {
	// contains filtered or unexported fields
}

ClientFactory is a client factory used to create any client in this module. Don't use this type directly, use NewClientFactory instead.

func NewClientFactory added in v1.1.0 

func NewClientFactory(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ClientFactory, error)

NewClientFactory creates a new instance of ClientFactory with the specified values. The parameter values will be propagated to any client created from this factory.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ClientFactory) NewActionsClient added in v1.1.0 

func (c *ClientFactory) NewActionsClient() *ActionsClient

NewActionsClient creates a new instance of ActionsClient.

func (*ClientFactory) NewAlertRuleTemplatesClient added in v1.1.0 

func (c *ClientFactory) NewAlertRuleTemplatesClient() *AlertRuleTemplatesClient

NewAlertRuleTemplatesClient creates a new instance of AlertRuleTemplatesClient.

func (*ClientFactory) NewAlertRulesClient added in v1.1.0 

func (c *ClientFactory) NewAlertRulesClient() *AlertRulesClient

NewAlertRulesClient creates a new instance of AlertRulesClient.

func (*ClientFactory) NewAutomationRulesClient added in v1.1.0 

func (c *ClientFactory) NewAutomationRulesClient() *AutomationRulesClient

NewAutomationRulesClient creates a new instance of AutomationRulesClient.

func (*ClientFactory) NewBookmarksClient added in v1.1.0 

func (c *ClientFactory) NewBookmarksClient() *BookmarksClient

NewBookmarksClient creates a new instance of BookmarksClient.

func (*ClientFactory) NewDataConnectorsClient added in v1.1.0 

func (c *ClientFactory) NewDataConnectorsClient() *DataConnectorsClient

NewDataConnectorsClient creates a new instance of DataConnectorsClient.

func (*ClientFactory) NewIncidentCommentsClient added in v1.1.0 

func (c *ClientFactory) NewIncidentCommentsClient() *IncidentCommentsClient

NewIncidentCommentsClient creates a new instance of IncidentCommentsClient.

func (*ClientFactory) NewIncidentRelationsClient added in v1.1.0 

func (c *ClientFactory) NewIncidentRelationsClient() *IncidentRelationsClient

NewIncidentRelationsClient creates a new instance of IncidentRelationsClient.

func (*ClientFactory) NewIncidentsClient added in v1.1.0 

func (c *ClientFactory) NewIncidentsClient() *IncidentsClient

NewIncidentsClient creates a new instance of IncidentsClient.

func (*ClientFactory) NewOperationsClient added in v1.1.0 

func (c *ClientFactory) NewOperationsClient() *OperationsClient

NewOperationsClient creates a new instance of OperationsClient.

func (*ClientFactory) NewSentinelOnboardingStatesClient added in v1.1.0 

func (c *ClientFactory) NewSentinelOnboardingStatesClient() *SentinelOnboardingStatesClient

NewSentinelOnboardingStatesClient creates a new instance of SentinelOnboardingStatesClient.

func (*ClientFactory) NewThreatIntelligenceIndicatorClient added in v1.1.0 

func (c *ClientFactory) NewThreatIntelligenceIndicatorClient() *ThreatIntelligenceIndicatorClient

NewThreatIntelligenceIndicatorClient creates a new instance of ThreatIntelligenceIndicatorClient.

func (*ClientFactory) NewThreatIntelligenceIndicatorMetricsClient added in v1.1.0 

func (c *ClientFactory) NewThreatIntelligenceIndicatorMetricsClient() *ThreatIntelligenceIndicatorMetricsClient

NewThreatIntelligenceIndicatorMetricsClient creates a new instance of ThreatIntelligenceIndicatorMetricsClient.

func (*ClientFactory) NewThreatIntelligenceIndicatorsClient added in v1.1.0 

func (c *ClientFactory) NewThreatIntelligenceIndicatorsClient() *ThreatIntelligenceIndicatorsClient

NewThreatIntelligenceIndicatorsClient creates a new instance of ThreatIntelligenceIndicatorsClient.

func (*ClientFactory) NewWatchlistItemsClient added in v1.1.0 

func (c *ClientFactory) NewWatchlistItemsClient() *WatchlistItemsClient

NewWatchlistItemsClient creates a new instance of WatchlistItemsClient.

func (*ClientFactory) NewWatchlistsClient added in v1.1.0 

func (c *ClientFactory) NewWatchlistsClient() *WatchlistsClient

NewWatchlistsClient creates a new instance of WatchlistsClient.

type ClientInfo 

type ClientInfo struct {
	// The email of the client.
	Email *string

	// The name of the client.
	Name *string

	// The object id of the client.
	ObjectID *string

	// The user principal name of the client.
	UserPrincipalName *string
}

ClientInfo - Information on the client (user or application) that made some action

func (ClientInfo) MarshalJSON added in v1.1.0 

func (c ClientInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ClientInfo.

func (*ClientInfo) UnmarshalJSON added in v1.1.0 

func (c *ClientInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ClientInfo.

type CloudApplicationEntity 

type CloudApplicationEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// CloudApplication entity properties
	Properties *CloudApplicationEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

CloudApplicationEntity - Represents a cloud application entity.

func (*CloudApplicationEntity) GetEntity 

func (c *CloudApplicationEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type CloudApplicationEntity.

func (CloudApplicationEntity) MarshalJSON 

func (c CloudApplicationEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntity.

func (*CloudApplicationEntity) UnmarshalJSON 

func (c *CloudApplicationEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntity.

type CloudApplicationEntityProperties 

type CloudApplicationEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The technical identifier of the application.
	AppID *int32

	// READ-ONLY; The name of the related cloud application.
	AppName *string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications
	// of the same type that a customer has.
	InstanceName *string
}

CloudApplicationEntityProperties - CloudApplication entity property bag.

func (CloudApplicationEntityProperties) MarshalJSON 

func (c CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntityProperties.

func (*CloudApplicationEntityProperties) UnmarshalJSON added in v1.1.0 

func (c *CloudApplicationEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntityProperties.

type ConditionType 

type ConditionType string
const (
	// ConditionTypeProperty - Evaluate an object property value
	ConditionTypeProperty ConditionType = "Property"
)

func PossibleConditionTypeValues 

func PossibleConditionTypeValues() []ConditionType

PossibleConditionTypeValues returns the possible values for the ConditionType const type.

type ConfidenceLevel 

type ConfidenceLevel string

ConfidenceLevel - The confidence level of this alert. 

const (
	// ConfidenceLevelHigh - High confidence that the alert is true positive malicious
	ConfidenceLevelHigh ConfidenceLevel = "High"
	// ConfidenceLevelLow - Low confidence, meaning we have some doubts this is indeed malicious or part of an attack
	ConfidenceLevelLow ConfidenceLevel = "Low"
	// ConfidenceLevelUnknown - Unknown confidence, the is the default value
	ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)

func PossibleConfidenceLevelValues 

func PossibleConfidenceLevelValues() []ConfidenceLevel

PossibleConfidenceLevelValues returns the possible values for the ConfidenceLevel const type.

type ConfidenceScoreStatus 

type ConfidenceScoreStatus string

ConfidenceScoreStatus - The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. 

const (
	// ConfidenceScoreStatusFinal - Final score was calculated and available
	ConfidenceScoreStatusFinal ConfidenceScoreStatus = "Final"
	// ConfidenceScoreStatusInProcess - No score was set yet and calculation is in progress
	ConfidenceScoreStatusInProcess ConfidenceScoreStatus = "InProcess"
	// ConfidenceScoreStatusNotApplicable - Score will not be calculated for this alert as it is not supported by virtual analyst
	ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable"
	// ConfidenceScoreStatusNotFinal - Score is calculated and shown as part of the alert, but may be updated again at a later
	// time following the processing of additional data
	ConfidenceScoreStatusNotFinal ConfidenceScoreStatus = "NotFinal"
)

func PossibleConfidenceScoreStatusValues 

func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus

PossibleConfidenceScoreStatusValues returns the possible values for the ConfidenceScoreStatus const type.

type CreatedByType 

type CreatedByType string

CreatedByType - The type of identity that created the resource. 

const (
	CreatedByTypeApplication     CreatedByType = "Application"
	CreatedByTypeKey             CreatedByType = "Key"
	CreatedByTypeManagedIdentity CreatedByType = "ManagedIdentity"
	CreatedByTypeUser            CreatedByType = "User"
)

func PossibleCreatedByTypeValues 

func PossibleCreatedByTypeValues() []CreatedByType

PossibleCreatedByTypeValues returns the possible values for the CreatedByType const type.

type DNSEntity 

type DNSEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// Dns entity properties
	Properties *DNSEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

DNSEntity - Represents a dns entity.

func (*DNSEntity) GetEntity 

func (d *DNSEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type DNSEntity.

func (DNSEntity) MarshalJSON 

func (d DNSEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DNSEntity.

func (*DNSEntity) UnmarshalJSON 

func (d *DNSEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntity.

type DNSEntityProperties 

type DNSEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; An ip entity id for the dns server resolving the request
	DNSServerIPEntityID *string

	// READ-ONLY; The name of the dns record associated with the alert
	DomainName *string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; An ip entity id for the dns request client
	HostIPAddressEntityID *string

	// READ-ONLY; Ip entity identifiers for the resolved ip address.
	IPAddressEntityIDs []*string
}

DNSEntityProperties - Dns entity property bag.

func (DNSEntityProperties) MarshalJSON 

func (d DNSEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DNSEntityProperties.

func (*DNSEntityProperties) UnmarshalJSON added in v1.1.0 

func (d *DNSEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntityProperties.

type DataConnector 

type DataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind

	// Etag of the azure resource
	Etag *string

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

DataConnector - Data connector.

func (*DataConnector) GetDataConnector 

func (d *DataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type DataConnector.

func (DataConnector) MarshalJSON added in v1.1.0 

func (d DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnector.

func (*DataConnector) UnmarshalJSON added in v1.1.0 

func (d *DataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnector.

type DataConnectorClassification 

type DataConnectorClassification interface {
	// GetDataConnector returns the DataConnector content of the underlying type.
	GetDataConnector() *DataConnector
}

DataConnectorClassification provides polymorphic access to related types. Call the interface's GetDataConnector() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AADDataConnector, *AATPDataConnector, *ASCDataConnector, *AwsCloudTrailDataConnector, *DataConnector, *MCASDataConnector, - *MDATPDataConnector, *OfficeDataConnector, *TIDataConnector

type DataConnectorDataTypeCommon 

type DataConnectorDataTypeCommon struct {
	// Describe whether this data type connection is enabled or not.
	State *DataTypeState
}

DataConnectorDataTypeCommon - Common field for data type in data connectors.

func (DataConnectorDataTypeCommon) MarshalJSON added in v1.1.0 

func (d DataConnectorDataTypeCommon) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnectorDataTypeCommon.

func (*DataConnectorDataTypeCommon) UnmarshalJSON added in v1.1.0 

func (d *DataConnectorDataTypeCommon) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorDataTypeCommon.

type DataConnectorKind 

type DataConnectorKind string

DataConnectorKind - The kind of the data connector 

const (
	DataConnectorKindAmazonWebServicesCloudTrail               DataConnectorKind = "AmazonWebServicesCloudTrail"
	DataConnectorKindAzureActiveDirectory                      DataConnectorKind = "AzureActiveDirectory"
	DataConnectorKindAzureAdvancedThreatProtection             DataConnectorKind = "AzureAdvancedThreatProtection"
	DataConnectorKindAzureSecurityCenter                       DataConnectorKind = "AzureSecurityCenter"
	DataConnectorKindMicrosoftCloudAppSecurity                 DataConnectorKind = "MicrosoftCloudAppSecurity"
	DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
	DataConnectorKindOffice365                                 DataConnectorKind = "Office365"
	DataConnectorKindThreatIntelligence                        DataConnectorKind = "ThreatIntelligence"
)

func PossibleDataConnectorKindValues 

func PossibleDataConnectorKindValues() []DataConnectorKind

PossibleDataConnectorKindValues returns the possible values for the DataConnectorKind const type.

type DataConnectorList 

type DataConnectorList struct {
	// REQUIRED; Array of data connectors.
	Value []DataConnectorClassification

	// READ-ONLY; URL to fetch the next set of data connectors.
	NextLink *string
}

DataConnectorList - List all the data connectors.

func (DataConnectorList) MarshalJSON 

func (d DataConnectorList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnectorList.

func (*DataConnectorList) UnmarshalJSON 

func (d *DataConnectorList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorList.

type DataConnectorsClient 

type DataConnectorsClient struct {
	// contains filtered or unexported fields
}

DataConnectorsClient contains the methods for the DataConnectors group. Don't use this type directly, use NewDataConnectorsClient() instead.

func NewDataConnectorsClient 

func NewDataConnectorsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DataConnectorsClient, error)

NewDataConnectorsClient creates a new instance of DataConnectorsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*DataConnectorsClient) CreateOrUpdate 

func (client *DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector DataConnectorClassification, options *DataConnectorsClientCreateOrUpdateOptions) (DataConnectorsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the data connector. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • dataConnectorID - Connector ID
  • dataConnector - The data connector
  • options - DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate method.
Example (CreatesOrUpdatesAnOffice365DataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/CreateOfficeDataConnetor.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.OfficeDataConnector{
		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365),
		Properties: &armsecurityinsights.OfficeDataConnectorProperties{
			DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{
				Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{
					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
				},
				SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{
					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
				},
				Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{
					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
				},
			},
			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{
	// 	                            DataConnectorClassification: &armsecurityinsights.OfficeDataConnector{
	// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365),
	// 		Properties: &armsecurityinsights.OfficeDataConnectorProperties{
	// 			DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{
	// 				Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 				SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 				Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 			},
	// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 		},
	// 	},
	// 	                        }
}

Output:
Example (CreatesOrUpdatesAnThreatIntelligencePlatformDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json 

package main

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.TIDataConnector{
		Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence),
		Properties: &armsecurityinsights.TIDataConnectorProperties{
			DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{
				Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{
					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
				},
			},
			TenantID:          to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
			TipLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t }()),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{
	// 	                            DataConnectorClassification: &armsecurityinsights.TIDataConnector{
	// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence),
	// 		Properties: &armsecurityinsights.TIDataConnectorProperties{
	// 			DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{
	// 				Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 			},
	// 			TenantID: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
	// 			TipLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t}()),
	// 		},
	// 	},
	// 	                        }
}

Output:

func (*DataConnectorsClient) Delete 

func (client *DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDeleteOptions) (DataConnectorsClientDeleteResponse, error)

Delete - Delete the data connector. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • dataConnectorID - Connector ID
  • options - DataConnectorsClientDeleteOptions contains the optional parameters for the DataConnectorsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/DeleteOfficeDataConnetor.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*DataConnectorsClient) Get 

func (client *DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientGetOptions) (DataConnectorsClientGetResponse, error)

Get - Gets a data connector. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • dataConnectorID - Connector ID
  • options - DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method.
Example (GetAAscDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetAzureSecurityCenterById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.DataConnectorsClientGetResponse{
	// 	                            DataConnectorClassification: &armsecurityinsights.ASCDataConnector{
	// 		Name: to.Ptr("763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureSecurityCenter),
	// 		Properties: &armsecurityinsights.ASCDataConnectorProperties{
	// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
	// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 			},
	// 			SubscriptionID: to.Ptr("c0688291-89d7-4bed-87a2-a7b1bff43f4c"),
	// 		},
	// 	},
	// 	                        }
}

Output:
Example (GetAMcasDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "b96d014d-b5c2-4a01-9aba-a8058f629d42", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.DataConnectorsClientGetResponse{
	// 	                            DataConnectorClassification: &armsecurityinsights.MCASDataConnector{
	// 		Name: to.Ptr("b96d014d-b5c2-4a01-9aba-a8058f629d42"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity),
	// 		Properties: &armsecurityinsights.MCASDataConnectorProperties{
	// 			DataTypes: &armsecurityinsights.MCASDataConnectorDataTypes{
	// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 				DiscoveryLogs: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 			},
	// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 		},
	// 	},
	// 	                        }
}

Output:
Example (GetAMdatpDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "06b3ccb8-1384-4bcc-aec7-852f6d57161b", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.DataConnectorsClientGetResponse{
	// 	                            DataConnectorClassification: &armsecurityinsights.MDATPDataConnector{
	// 		Name: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection),
	// 		Properties: &armsecurityinsights.MDATPDataConnectorProperties{
	// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
	// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 			},
	// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 		},
	// 	},
	// 	                        }
}

Output:
Example (GetATiDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetThreatIntelligenceById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c345bf40-8509-4ed2-b947-50cb773aaf04", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.DataConnectorsClientGetResponse{
	// 	                            DataConnectorClassification: &armsecurityinsights.TIDataConnector{
	// 		Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence),
	// 		Properties: &armsecurityinsights.TIDataConnectorProperties{
	// 			DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{
	// 				Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 			},
	// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 			TipLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t}()),
	// 		},
	// 	},
	// 	                        }
}

Output:
Example (GetAnAadDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetAzureActiveDirectoryById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.DataConnectorsClientGetResponse{
	// 	                            DataConnectorClassification: &armsecurityinsights.AADDataConnector{
	// 		Name: to.Ptr("f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory),
	// 		Properties: &armsecurityinsights.AADDataConnectorProperties{
	// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
	// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 			},
	// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 		},
	// 	},
	// 	                        }
}

Output:
Example (GetAnAatpDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "07e42cb3-e658-4e90-801c-efa0f29d3d44", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.DataConnectorsClientGetResponse{
	// 	                            DataConnectorClassification: &armsecurityinsights.AATPDataConnector{
	// 		Name: to.Ptr("07e42cb3-e658-4e90-801c-efa0f29d3d44"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureAdvancedThreatProtection),
	// 		Properties: &armsecurityinsights.AATPDataConnectorProperties{
	// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
	// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 			},
	// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 		},
	// 	},
	// 	                        }
}

Output:
Example (GetAnAwsCloudTrailDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c345bf40-8509-4ed2-b947-50cb773aaf04", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.DataConnectorsClientGetResponse{
	// 	                            DataConnectorClassification: &armsecurityinsights.AwsCloudTrailDataConnector{
	// 		Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAmazonWebServicesCloudTrail),
	// 		Properties: &armsecurityinsights.AwsCloudTrailDataConnectorProperties{
	// 			AwsRoleArn: to.Ptr("myAwsRoleArn"),
	// 			DataTypes: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypes{
	// 				Logs: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypesLogs{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 			},
	// 		},
	// 	},
	// 	                        }
}

Output:
Example (GetAnOffice365DataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetOfficeDataConnetorById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.DataConnectorsClientGetResponse{
	// 	                            DataConnectorClassification: &armsecurityinsights.OfficeDataConnector{
	// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365),
	// 		Properties: &armsecurityinsights.OfficeDataConnectorProperties{
	// 			DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{
	// 				Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 				SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 				Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{
	// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 				},
	// 			},
	// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 		},
	// 	},
	// 	                        }
}

Output:

func (*DataConnectorsClient) NewListPager added in v0.3.0 

func (client *DataConnectorsClient) NewListPager(resourceGroupName string, workspaceName string, options *DataConnectorsClientListOptions) *runtime.Pager[DataConnectorsClientListResponse]

NewListPager - Gets all data connectors.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/dataConnectors/GetDataConnectors.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewDataConnectorsClient().NewListPager("myRg", "myWorkspace", nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.DataConnectorList = armsecurityinsights.DataConnectorList{
		// 	Value: []armsecurityinsights.DataConnectorClassification{
		// 		&armsecurityinsights.ASCDataConnector{
		// 			Name: to.Ptr("763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureSecurityCenter),
		// 			Properties: &armsecurityinsights.ASCDataConnectorProperties{
		// 				DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
		// 					Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
		// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
		// 					},
		// 				},
		// 				SubscriptionID: to.Ptr("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"),
		// 			},
		// 		},
		// 		&armsecurityinsights.TIDataConnector{
		// 			Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence),
		// 			Properties: &armsecurityinsights.TIDataConnectorProperties{
		// 				DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{
		// 					Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{
		// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
		// 					},
		// 				},
		// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		// 			},
		// 		},
		// 		&armsecurityinsights.AADDataConnector{
		// 			Name: to.Ptr("f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory),
		// 			Properties: &armsecurityinsights.AADDataConnectorProperties{
		// 				DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
		// 					Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
		// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
		// 					},
		// 				},
		// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		// 			},
		// 		},
		// 		&armsecurityinsights.OfficeDataConnector{
		// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365),
		// 			Properties: &armsecurityinsights.OfficeDataConnectorProperties{
		// 				DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{
		// 					Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{
		// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
		// 					},
		// 					SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{
		// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
		// 					},
		// 				},
		// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		// 			},
		// 		},
		// 		&armsecurityinsights.MCASDataConnector{
		// 			Name: to.Ptr("b96d014d-b5c2-4a01-9aba-a8058f629d42"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity),
		// 			Properties: &armsecurityinsights.MCASDataConnectorProperties{
		// 				DataTypes: &armsecurityinsights.MCASDataConnectorDataTypes{
		// 					Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
		// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
		// 					},
		// 					DiscoveryLogs: &armsecurityinsights.DataConnectorDataTypeCommon{
		// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
		// 					},
		// 				},
		// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		// 			},
		// 		},
		// 		&armsecurityinsights.AATPDataConnector{
		// 			Name: to.Ptr("07e42cb3-e658-4e90-801c-efa0f29d3d44"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureAdvancedThreatProtection),
		// 			Properties: &armsecurityinsights.AATPDataConnectorProperties{
		// 				DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
		// 					Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
		// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
		// 					},
		// 				},
		// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		// 			},
		// 		},
		// 		&armsecurityinsights.AwsCloudTrailDataConnector{
		// 			Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindAmazonWebServicesCloudTrail),
		// 			Properties: &armsecurityinsights.AwsCloudTrailDataConnectorProperties{
		// 				AwsRoleArn: to.Ptr("myAwsRoleArn"),
		// 				DataTypes: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypes{
		// 					Logs: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypesLogs{
		// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
		// 					},
		// 				},
		// 			},
		// 		},
		// 		&armsecurityinsights.MDATPDataConnector{
		// 			Name: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection),
		// 			Properties: &armsecurityinsights.MDATPDataConnectorProperties{
		// 				DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
		// 					Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
		// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
		// 					},
		// 				},
		// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		// 			},
		// 	}},
		// }
	}
}

Output:

type DataConnectorsClientCreateOrUpdateOptions 

type DataConnectorsClientCreateOrUpdateOptions struct {
}

DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate method.

type DataConnectorsClientCreateOrUpdateResponse 

type DataConnectorsClientCreateOrUpdateResponse struct {
	// Data connector.
	DataConnectorClassification
}

DataConnectorsClientCreateOrUpdateResponse contains the response from method DataConnectorsClient.CreateOrUpdate.

func (*DataConnectorsClientCreateOrUpdateResponse) UnmarshalJSON added in v0.2.0 

func (d *DataConnectorsClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientCreateOrUpdateResponse.

type DataConnectorsClientDeleteOptions 

type DataConnectorsClientDeleteOptions struct {
}

DataConnectorsClientDeleteOptions contains the optional parameters for the DataConnectorsClient.Delete method.

type DataConnectorsClientDeleteResponse 

type DataConnectorsClientDeleteResponse struct {
}

DataConnectorsClientDeleteResponse contains the response from method DataConnectorsClient.Delete.

type DataConnectorsClientGetOptions 

type DataConnectorsClientGetOptions struct {
}

DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method.

type DataConnectorsClientGetResponse 

type DataConnectorsClientGetResponse struct {
	// Data connector.
	DataConnectorClassification
}

DataConnectorsClientGetResponse contains the response from method DataConnectorsClient.Get.

func (*DataConnectorsClientGetResponse) UnmarshalJSON added in v0.2.0 

func (d *DataConnectorsClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientGetResponse.

type DataConnectorsClientListOptions 

type DataConnectorsClientListOptions struct {
}

DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.NewListPager method.

type DataConnectorsClientListResponse 

type DataConnectorsClientListResponse struct {
	// List all the data connectors.
	DataConnectorList
}

DataConnectorsClientListResponse contains the response from method DataConnectorsClient.NewListPager.

type DataTypeState 

type DataTypeState string

DataTypeState - Describe whether this data type connection is enabled or not. 

const (
	DataTypeStateDisabled DataTypeState = "Disabled"
	DataTypeStateEnabled  DataTypeState = "Enabled"
)

func PossibleDataTypeStateValues 

func PossibleDataTypeStateValues() []DataTypeState

PossibleDataTypeStateValues returns the possible values for the DataTypeState const type.

type DeliveryAction 

type DeliveryAction string

DeliveryAction - The delivery action of this mail message like Delivered, Blocked, Replaced etc 

const (
	// DeliveryActionBlocked - Blocked
	DeliveryActionBlocked DeliveryAction = "Blocked"
	// DeliveryActionDelivered - Delivered
	DeliveryActionDelivered DeliveryAction = "Delivered"
	// DeliveryActionDeliveredAsSpam - DeliveredAsSpam
	DeliveryActionDeliveredAsSpam DeliveryAction = "DeliveredAsSpam"
	// DeliveryActionReplaced - Replaced
	DeliveryActionReplaced DeliveryAction = "Replaced"
	// DeliveryActionUnknown - Unknown
	DeliveryActionUnknown DeliveryAction = "Unknown"
)

func PossibleDeliveryActionValues 

func PossibleDeliveryActionValues() []DeliveryAction

PossibleDeliveryActionValues returns the possible values for the DeliveryAction const type.

type DeliveryLocation 

type DeliveryLocation string

DeliveryLocation - The delivery location of this mail message like Inbox, JunkFolder etc 

const (
	// DeliveryLocationDeletedFolder - DeletedFolder
	DeliveryLocationDeletedFolder DeliveryLocation = "DeletedFolder"
	// DeliveryLocationDropped - Dropped
	DeliveryLocationDropped DeliveryLocation = "Dropped"
	// DeliveryLocationExternal - External
	DeliveryLocationExternal DeliveryLocation = "External"
	// DeliveryLocationFailed - Failed
	DeliveryLocationFailed DeliveryLocation = "Failed"
	// DeliveryLocationForwarded - Forwarded
	DeliveryLocationForwarded DeliveryLocation = "Forwarded"
	// DeliveryLocationInbox - Inbox
	DeliveryLocationInbox DeliveryLocation = "Inbox"
	// DeliveryLocationJunkFolder - JunkFolder
	DeliveryLocationJunkFolder DeliveryLocation = "JunkFolder"
	// DeliveryLocationQuarantine - Quarantine
	DeliveryLocationQuarantine DeliveryLocation = "Quarantine"
	// DeliveryLocationUnknown - Unknown
	DeliveryLocationUnknown DeliveryLocation = "Unknown"
)

func PossibleDeliveryLocationValues 

func PossibleDeliveryLocationValues() []DeliveryLocation

PossibleDeliveryLocationValues returns the possible values for the DeliveryLocation const type.

type ElevationToken 

type ElevationToken string

ElevationToken - The elevation token associated with the process. 

const (
	// ElevationTokenDefault - Default elevation token
	ElevationTokenDefault ElevationToken = "Default"
	// ElevationTokenFull - Full elevation token
	ElevationTokenFull ElevationToken = "Full"
	// ElevationTokenLimited - Limited elevation token
	ElevationTokenLimited ElevationToken = "Limited"
)

func PossibleElevationTokenValues 

func PossibleElevationTokenValues() []ElevationToken

PossibleElevationTokenValues returns the possible values for the ElevationToken const type.

type Entity 

type Entity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

Entity - Specific entity.

func (*Entity) GetEntity 

func (e *Entity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type Entity.

func (Entity) MarshalJSON added in v1.1.0 

func (e Entity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Entity.

func (*Entity) UnmarshalJSON added in v1.1.0 

func (e *Entity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Entity.

type EntityClassification 

type EntityClassification interface {
	// GetEntity returns the Entity content of the underlying type.
	GetEntity() *Entity
}

EntityClassification provides polymorphic access to related types. Call the interface's GetEntity() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AccountEntity, *AzureResourceEntity, *CloudApplicationEntity, *DNSEntity, *Entity, *FileEntity, *FileHashEntity, *HostEntity, - *HuntingBookmark, *IPEntity, *IoTDeviceEntity, *MailClusterEntity, *MailMessageEntity, *MailboxEntity, *MalwareEntity, - *ProcessEntity, *RegistryKeyEntity, *RegistryValueEntity, *SecurityAlert, *SecurityGroupEntity, *SubmissionMailEntity, - *URLEntity

type EntityKindEnum added in v1.0.0 

type EntityKindEnum string

EntityKindEnum - The kind of the entity 

const (
	// EntityKindEnumAccount - Entity represents account in the system.
	EntityKindEnumAccount EntityKindEnum = "Account"
	// EntityKindEnumAzureResource - Entity represents azure resource in the system.
	EntityKindEnumAzureResource EntityKindEnum = "AzureResource"
	// EntityKindEnumBookmark - Entity represents bookmark in the system.
	EntityKindEnumBookmark EntityKindEnum = "Bookmark"
	// EntityKindEnumCloudApplication - Entity represents cloud application in the system.
	EntityKindEnumCloudApplication EntityKindEnum = "CloudApplication"
	// EntityKindEnumDNSResolution - Entity represents dns resolution in the system.
	EntityKindEnumDNSResolution EntityKindEnum = "DnsResolution"
	// EntityKindEnumFile - Entity represents file in the system.
	EntityKindEnumFile EntityKindEnum = "File"
	// EntityKindEnumFileHash - Entity represents file hash in the system.
	EntityKindEnumFileHash EntityKindEnum = "FileHash"
	// EntityKindEnumHost - Entity represents host in the system.
	EntityKindEnumHost EntityKindEnum = "Host"
	// EntityKindEnumIP - Entity represents ip in the system.
	EntityKindEnumIP EntityKindEnum = "Ip"
	// EntityKindEnumIoTDevice - Entity represents IoT device in the system.
	EntityKindEnumIoTDevice EntityKindEnum = "IoTDevice"
	// EntityKindEnumMailCluster - Entity represents mail cluster in the system.
	EntityKindEnumMailCluster EntityKindEnum = "MailCluster"
	// EntityKindEnumMailMessage - Entity represents mail message in the system.
	EntityKindEnumMailMessage EntityKindEnum = "MailMessage"
	// EntityKindEnumMailbox - Entity represents mailbox in the system.
	EntityKindEnumMailbox EntityKindEnum = "Mailbox"
	// EntityKindEnumMalware - Entity represents malware in the system.
	EntityKindEnumMalware EntityKindEnum = "Malware"
	// EntityKindEnumProcess - Entity represents process in the system.
	EntityKindEnumProcess EntityKindEnum = "Process"
	// EntityKindEnumRegistryKey - Entity represents registry key in the system.
	EntityKindEnumRegistryKey EntityKindEnum = "RegistryKey"
	// EntityKindEnumRegistryValue - Entity represents registry value in the system.
	EntityKindEnumRegistryValue EntityKindEnum = "RegistryValue"
	// EntityKindEnumSecurityAlert - Entity represents security alert in the system.
	EntityKindEnumSecurityAlert EntityKindEnum = "SecurityAlert"
	// EntityKindEnumSecurityGroup - Entity represents security group in the system.
	EntityKindEnumSecurityGroup EntityKindEnum = "SecurityGroup"
	// EntityKindEnumSubmissionMail - Entity represents submission mail in the system.
	EntityKindEnumSubmissionMail EntityKindEnum = "SubmissionMail"
	// EntityKindEnumURL - Entity represents url in the system.
	EntityKindEnumURL EntityKindEnum = "Url"
)

func PossibleEntityKindEnumValues added in v1.0.0 

func PossibleEntityKindEnumValues() []EntityKindEnum

PossibleEntityKindEnumValues returns the possible values for the EntityKindEnum const type.

type EntityMapping 

type EntityMapping struct {
	// The V3 type of the mapped entity
	EntityType *EntityMappingType

	// array of field mappings for the given entity mapping
	FieldMappings []*FieldMapping
}

EntityMapping - Single entity mapping for the alert rule

func (EntityMapping) MarshalJSON 

func (e EntityMapping) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityMapping.

func (*EntityMapping) UnmarshalJSON added in v1.1.0 

func (e *EntityMapping) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityMapping.

type EntityMappingType 

type EntityMappingType string

EntityMappingType - The V3 type of the mapped entity 

const (
	// EntityMappingTypeAccount - User account entity type
	EntityMappingTypeAccount EntityMappingType = "Account"
	// EntityMappingTypeAzureResource - Azure resource entity type
	EntityMappingTypeAzureResource EntityMappingType = "AzureResource"
	// EntityMappingTypeCloudApplication - Cloud app entity type
	EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication"
	// EntityMappingTypeDNS - DNS entity type
	EntityMappingTypeDNS EntityMappingType = "DNS"
	// EntityMappingTypeFile - System file entity type
	EntityMappingTypeFile EntityMappingType = "File"
	// EntityMappingTypeFileHash - File-hash entity type
	EntityMappingTypeFileHash EntityMappingType = "FileHash"
	// EntityMappingTypeHost - Host entity type
	EntityMappingTypeHost EntityMappingType = "Host"
	// EntityMappingTypeIP - IP address entity type
	EntityMappingTypeIP EntityMappingType = "IP"
	// EntityMappingTypeMailCluster - Mail cluster entity type
	EntityMappingTypeMailCluster EntityMappingType = "MailCluster"
	// EntityMappingTypeMailMessage - Mail message entity type
	EntityMappingTypeMailMessage EntityMappingType = "MailMessage"
	// EntityMappingTypeMailbox - Mailbox entity type
	EntityMappingTypeMailbox EntityMappingType = "Mailbox"
	// EntityMappingTypeMalware - Malware entity type
	EntityMappingTypeMalware EntityMappingType = "Malware"
	// EntityMappingTypeProcess - Process entity type
	EntityMappingTypeProcess EntityMappingType = "Process"
	// EntityMappingTypeRegistryKey - Registry key entity type
	EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey"
	// EntityMappingTypeRegistryValue - Registry value entity type
	EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue"
	// EntityMappingTypeSecurityGroup - Security group entity type
	EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup"
	// EntityMappingTypeSubmissionMail - Submission mail entity type
	EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail"
	// EntityMappingTypeURL - URL entity type
	EntityMappingTypeURL EntityMappingType = "URL"
)

func PossibleEntityMappingTypeValues 

func PossibleEntityMappingTypeValues() []EntityMappingType

PossibleEntityMappingTypeValues returns the possible values for the EntityMappingType const type.

type EventGroupingAggregationKind 

type EventGroupingAggregationKind string

EventGroupingAggregationKind - The event grouping aggregation kinds 

const (
	EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult"
	EventGroupingAggregationKindSingleAlert    EventGroupingAggregationKind = "SingleAlert"
)

func PossibleEventGroupingAggregationKindValues 

func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind

PossibleEventGroupingAggregationKindValues returns the possible values for the EventGroupingAggregationKind const type.

type EventGroupingSettings 

type EventGroupingSettings struct {
	// The event grouping aggregation kinds
	AggregationKind *EventGroupingAggregationKind
}

EventGroupingSettings - Event grouping settings property bag.

func (EventGroupingSettings) MarshalJSON added in v1.1.0 

func (e EventGroupingSettings) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EventGroupingSettings.

func (*EventGroupingSettings) UnmarshalJSON added in v1.1.0 

func (e *EventGroupingSettings) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EventGroupingSettings.

type FieldMapping 

type FieldMapping struct {
	// the column name to be mapped to the identifier
	ColumnName *string

	// the V3 identifier of the entity
	Identifier *string
}

FieldMapping - A single field mapping of the mapped entity

func (FieldMapping) MarshalJSON added in v1.1.0 

func (f FieldMapping) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FieldMapping.

func (*FieldMapping) UnmarshalJSON added in v1.1.0 

func (f *FieldMapping) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FieldMapping.

type FileEntity 

type FileEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// File entity properties
	Properties *FileEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

FileEntity - Represents a file entity.

func (*FileEntity) GetEntity 

func (f *FileEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type FileEntity.

func (FileEntity) MarshalJSON 

func (f FileEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileEntity.

func (*FileEntity) UnmarshalJSON 

func (f *FileEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileEntity.

type FileEntityProperties 

type FileEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The full path to the file.
	Directory *string

	// READ-ONLY; The file hash entity identifiers associated with this file
	FileHashEntityIDs []*string

	// READ-ONLY; The file name without path (some alerts might not include path).
	FileName *string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The Host entity id which the file belongs to
	HostEntityID *string
}

FileEntityProperties - File entity property bag.

func (FileEntityProperties) MarshalJSON 

func (f FileEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileEntityProperties.

func (*FileEntityProperties) UnmarshalJSON added in v1.1.0 

func (f *FileEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileEntityProperties.

type FileHashAlgorithm 

type FileHashAlgorithm string

FileHashAlgorithm - The hash algorithm type. 

const (
	// FileHashAlgorithmMD5 - MD5 hash type
	FileHashAlgorithmMD5 FileHashAlgorithm = "MD5"
	// FileHashAlgorithmSHA1 - SHA1 hash type
	FileHashAlgorithmSHA1 FileHashAlgorithm = "SHA1"
	// FileHashAlgorithmSHA256 - SHA256 hash type
	FileHashAlgorithmSHA256 FileHashAlgorithm = "SHA256"
	// FileHashAlgorithmSHA256AC - SHA256 Authenticode hash type
	FileHashAlgorithmSHA256AC FileHashAlgorithm = "SHA256AC"
	// FileHashAlgorithmUnknown - Unknown hash algorithm
	FileHashAlgorithmUnknown FileHashAlgorithm = "Unknown"
)

func PossibleFileHashAlgorithmValues 

func PossibleFileHashAlgorithmValues() []FileHashAlgorithm

PossibleFileHashAlgorithmValues returns the possible values for the FileHashAlgorithm const type.

type FileHashEntity 

type FileHashEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// FileHash entity properties
	Properties *FileHashEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

FileHashEntity - Represents a file hash entity.

func (*FileHashEntity) GetEntity 

func (f *FileHashEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type FileHashEntity.

func (FileHashEntity) MarshalJSON 

func (f FileHashEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileHashEntity.

func (*FileHashEntity) UnmarshalJSON 

func (f *FileHashEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntity.

type FileHashEntityProperties 

type FileHashEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The hash algorithm type.
	Algorithm *FileHashAlgorithm

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The file hash value.
	HashValue *string
}

FileHashEntityProperties - FileHash entity property bag.

func (FileHashEntityProperties) MarshalJSON 

func (f FileHashEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileHashEntityProperties.

func (*FileHashEntityProperties) UnmarshalJSON added in v1.1.0 

func (f *FileHashEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntityProperties.

type FusionAlertRule 

type FusionAlertRule struct {
	// REQUIRED; The alert rule kind
	Kind *AlertRuleKind

	// Etag of the azure resource
	Etag *string

	// Fusion alert rule properties
	Properties *FusionAlertRuleProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

FusionAlertRule - Represents Fusion alert rule.

func (*FusionAlertRule) GetAlertRule 

func (f *FusionAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type FusionAlertRule.

func (FusionAlertRule) MarshalJSON 

func (f FusionAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRule.

func (*FusionAlertRule) UnmarshalJSON 

func (f *FusionAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRule.

type FusionAlertRuleProperties 

type FusionAlertRuleProperties struct {
	// REQUIRED; The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool

	// READ-ONLY; The description of the alert rule.
	Description *string

	// READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string

	// READ-ONLY; The last time that this alert has been modified.
	LastModifiedUTC *time.Time

	// READ-ONLY; The severity for alerts created by this alert rule.
	Severity *AlertSeverity

	// READ-ONLY; The tactics of the alert rule
	Tactics []*AttackTactic
}

FusionAlertRuleProperties - Fusion alert rule base property bag.

func (FusionAlertRuleProperties) MarshalJSON 

func (f FusionAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleProperties.

func (*FusionAlertRuleProperties) UnmarshalJSON 

func (f *FusionAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleProperties.

type FusionAlertRuleTemplate 

type FusionAlertRuleTemplate struct {
	// REQUIRED; The alert rule kind
	Kind *AlertRuleKind

	// Fusion alert rule template properties
	Properties *FusionAlertRuleTemplateProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

FusionAlertRuleTemplate - Represents Fusion alert rule template.

func (*FusionAlertRuleTemplate) GetAlertRuleTemplate 

func (f *FusionAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) MarshalJSON 

func (f FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplate.

func (*FusionAlertRuleTemplate) UnmarshalJSON 

func (f *FusionAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplate.

type FusionAlertRuleTemplateProperties 

type FusionAlertRuleTemplateProperties struct {
	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32

	// The description of the alert rule template.
	Description *string

	// The display name for alert rule template.
	DisplayName *string

	// The required data connectors for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity

	// The alert rule template status.
	Status *TemplateStatus

	// The tactics of the alert rule template
	Tactics []*AttackTactic

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time

	// READ-ONLY; The time that this alert rule template was last updated.
	LastUpdatedDateUTC *time.Time
}

FusionAlertRuleTemplateProperties - Represents Fusion alert rule template properties

func (FusionAlertRuleTemplateProperties) MarshalJSON 

func (f FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplateProperties.

func (*FusionAlertRuleTemplateProperties) UnmarshalJSON 

func (f *FusionAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplateProperties.

type GeoLocation 

type GeoLocation struct {
	// READ-ONLY; Autonomous System Number
	Asn *int32

	// READ-ONLY; City name
	City *string

	// READ-ONLY; The country code according to ISO 3166 format
	CountryCode *string

	// READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name
	CountryName *string

	// READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with
	// positive numbers representing East and negative numbers representing West. Latitude and
	// longitude are derived from the city or postal code.
	Latitude *float64

	// READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with
	// positive numbers representing North and negative numbers representing South. Latitude and
	// longitude are derived from the city or postal code.
	Longitude *float64

	// READ-ONLY; State name
	State *string
}

GeoLocation - The geo-location context attached to the ip entity

func (GeoLocation) MarshalJSON added in v1.1.0 

func (g GeoLocation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GeoLocation.

func (*GeoLocation) UnmarshalJSON added in v1.1.0 

func (g *GeoLocation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type GeoLocation.

type GroupingConfiguration 

type GroupingConfiguration struct {
	// REQUIRED; Grouping enabled
	Enabled *bool

	// REQUIRED; Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
	LookbackDuration *string

	// REQUIRED; Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails
	// must be provided and not empty.
	MatchingMethod *MatchingMethod

	// REQUIRED; Re-open closed matching incidents
	ReopenClosedIncident *bool

	// A list of alert details to group by (when matchingMethod is Selected)
	GroupByAlertDetails []*AlertDetail

	// A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule
	// may be used.
	GroupByCustomDetails []*string

	// A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may
	// be used.
	GroupByEntities []*EntityMappingType
}

GroupingConfiguration - Grouping configuration property bag.

func (GroupingConfiguration) MarshalJSON 

func (g GroupingConfiguration) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GroupingConfiguration.

func (*GroupingConfiguration) UnmarshalJSON added in v1.1.0 

func (g *GroupingConfiguration) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type GroupingConfiguration.

type HostEntity 

type HostEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// Host entity properties
	Properties *HostEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

HostEntity - Represents a host entity.

func (*HostEntity) GetEntity 

func (h *HostEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type HostEntity.

func (HostEntity) MarshalJSON 

func (h HostEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HostEntity.

func (*HostEntity) UnmarshalJSON 

func (h *HostEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HostEntity.

type HostEntityProperties 

type HostEntityProperties struct {
	// The operating system type.
	OSFamily *OSFamily

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The azure resource id of the VM.
	AzureID *string

	// READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain
	DNSDomain *string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The hostname without the domain suffix.
	HostName *string

	// READ-ONLY; Determines whether this host belongs to a domain.
	IsDomainJoined *bool

	// READ-ONLY; The host name (pre-windows2000).
	NetBiosName *string

	// READ-ONLY; The NT domain that this host belongs to.
	NtDomain *string

	// READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more
	// fine grained than OSFamily or future values not supported by OSFamily enumeration
	OSVersion *string

	// READ-ONLY; The OMS agent id, if the host has OMS agent installed.
	OmsAgentID *string
}

HostEntityProperties - Host entity property bag.

func (HostEntityProperties) MarshalJSON 

func (h HostEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HostEntityProperties.

func (*HostEntityProperties) UnmarshalJSON added in v1.1.0 

func (h *HostEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HostEntityProperties.

type HuntingBookmark 

type HuntingBookmark struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// HuntingBookmark entity properties
	Properties *HuntingBookmarkProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

HuntingBookmark - Represents a Hunting bookmark entity.

func (*HuntingBookmark) GetEntity 

func (h *HuntingBookmark) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type HuntingBookmark.

func (HuntingBookmark) MarshalJSON 

func (h HuntingBookmark) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HuntingBookmark.

func (*HuntingBookmark) UnmarshalJSON 

func (h *HuntingBookmark) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmark.

type HuntingBookmarkProperties 

type HuntingBookmarkProperties struct {
	// REQUIRED; The display name of the bookmark
	DisplayName *string

	// REQUIRED; The query of the bookmark.
	Query *string

	// The time the bookmark was created
	Created *time.Time

	// Describes a user that created the bookmark
	CreatedBy *UserInfo

	// The time of the event
	EventTime *time.Time

	// Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo

	// List of labels relevant to this bookmark
	Labels []*string

	// The notes of the bookmark
	Notes *string

	// The query result of the bookmark.
	QueryResult *string

	// The last time the bookmark was updated
	Updated *time.Time

	// Describes a user that updated the bookmark
	UpdatedBy *UserInfo

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string
}

HuntingBookmarkProperties - Describes bookmark properties

func (HuntingBookmarkProperties) MarshalJSON 

func (h HuntingBookmarkProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HuntingBookmarkProperties.

func (*HuntingBookmarkProperties) UnmarshalJSON 

func (h *HuntingBookmarkProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmarkProperties.

type IPEntity 

type IPEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// Ip entity properties
	Properties *IPEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

IPEntity - Represents an ip entity.

func (*IPEntity) GetEntity 

func (i *IPEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type IPEntity.

func (IPEntity) MarshalJSON 

func (i IPEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IPEntity.

func (*IPEntity) UnmarshalJSON 

func (i *IPEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IPEntity.

type IPEntityProperties 

type IPEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
	Address *string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The geo-location context attached to the ip entity
	Location *GeoLocation

	// READ-ONLY; A list of TI contexts attached to the ip entity.
	ThreatIntelligence []*ThreatIntelligence
}

IPEntityProperties - Ip entity property bag.

func (IPEntityProperties) MarshalJSON 

func (i IPEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IPEntityProperties.

func (*IPEntityProperties) UnmarshalJSON added in v1.1.0 

func (i *IPEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IPEntityProperties.

type Incident 

type Incident struct {
	// Etag of the azure resource
	Etag *string

	// Incident properties
	Properties *IncidentProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

Incident - Represents an incident in Azure Security Insights.

func (Incident) MarshalJSON added in v1.1.0 

func (i Incident) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Incident.

func (*Incident) UnmarshalJSON added in v1.1.0 

func (i *Incident) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Incident.

type IncidentAdditionalData 

type IncidentAdditionalData struct {
	// READ-ONLY; List of product names of alerts in the incident
	AlertProductNames []*string

	// READ-ONLY; The number of alerts in the incident
	AlertsCount *int32

	// READ-ONLY; The number of bookmarks in the incident
	BookmarksCount *int32

	// READ-ONLY; The number of comments in the incident
	CommentsCount *int32

	// READ-ONLY; The tactics associated with incident
	Tactics []*AttackTactic
}

IncidentAdditionalData - Incident additional data property bag.

func (IncidentAdditionalData) MarshalJSON 

func (i IncidentAdditionalData) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentAdditionalData.

func (*IncidentAdditionalData) UnmarshalJSON added in v1.1.0 

func (i *IncidentAdditionalData) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentAdditionalData.

type IncidentAlertList 

type IncidentAlertList struct {
	// REQUIRED; Array of incident alerts.
	Value []*SecurityAlert
}

IncidentAlertList - List of incident alerts.

func (IncidentAlertList) MarshalJSON 

func (i IncidentAlertList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentAlertList.

func (*IncidentAlertList) UnmarshalJSON added in v1.1.0 

func (i *IncidentAlertList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentAlertList.

type IncidentBookmarkList 

type IncidentBookmarkList struct {
	// REQUIRED; Array of incident bookmarks.
	Value []*HuntingBookmark
}

IncidentBookmarkList - List of incident bookmarks.

func (IncidentBookmarkList) MarshalJSON 

func (i IncidentBookmarkList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentBookmarkList.

func (*IncidentBookmarkList) UnmarshalJSON added in v1.1.0 

func (i *IncidentBookmarkList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentBookmarkList.

type IncidentClassification 

type IncidentClassification string

IncidentClassification - The reason the incident was closed 

const (
	// IncidentClassificationBenignPositive - Incident was benign positive
	IncidentClassificationBenignPositive IncidentClassification = "BenignPositive"
	// IncidentClassificationFalsePositive - Incident was false positive
	IncidentClassificationFalsePositive IncidentClassification = "FalsePositive"
	// IncidentClassificationTruePositive - Incident was true positive
	IncidentClassificationTruePositive IncidentClassification = "TruePositive"
	// IncidentClassificationUndetermined - Incident classification was undetermined
	IncidentClassificationUndetermined IncidentClassification = "Undetermined"
)

func PossibleIncidentClassificationValues 

func PossibleIncidentClassificationValues() []IncidentClassification

PossibleIncidentClassificationValues returns the possible values for the IncidentClassification const type.

type IncidentClassificationReason 

type IncidentClassificationReason string

IncidentClassificationReason - The classification reason the incident was closed with 

const (
	// IncidentClassificationReasonInaccurateData - Classification reason was inaccurate data
	IncidentClassificationReasonInaccurateData IncidentClassificationReason = "InaccurateData"
	// IncidentClassificationReasonIncorrectAlertLogic - Classification reason was incorrect alert logic
	IncidentClassificationReasonIncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic"
	// IncidentClassificationReasonSuspiciousActivity - Classification reason was suspicious activity
	IncidentClassificationReasonSuspiciousActivity IncidentClassificationReason = "SuspiciousActivity"
	// IncidentClassificationReasonSuspiciousButExpected - Classification reason was suspicious but expected
	IncidentClassificationReasonSuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected"
)

func PossibleIncidentClassificationReasonValues 

func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason

PossibleIncidentClassificationReasonValues returns the possible values for the IncidentClassificationReason const type.

type IncidentComment 

type IncidentComment struct {
	// Etag of the azure resource
	Etag *string

	// Incident comment properties
	Properties *IncidentCommentProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

IncidentComment - Represents an incident comment

func (IncidentComment) MarshalJSON added in v1.1.0 

func (i IncidentComment) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentComment.

func (*IncidentComment) UnmarshalJSON added in v1.1.0 

func (i *IncidentComment) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentComment.

type IncidentCommentList 

type IncidentCommentList struct {
	// REQUIRED; Array of comments.
	Value []*IncidentComment

	// READ-ONLY; URL to fetch the next set of comments.
	NextLink *string
}

IncidentCommentList - List of incident comments.

func (IncidentCommentList) MarshalJSON 

func (i IncidentCommentList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentCommentList.

func (*IncidentCommentList) UnmarshalJSON added in v1.1.0 

func (i *IncidentCommentList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentList.

type IncidentCommentProperties 

type IncidentCommentProperties struct {
	// REQUIRED; The comment message
	Message *string

	// READ-ONLY; Describes the client that created the comment
	Author *ClientInfo

	// READ-ONLY; The time the comment was created
	CreatedTimeUTC *time.Time

	// READ-ONLY; The time the comment was updated
	LastModifiedTimeUTC *time.Time
}

IncidentCommentProperties - Incident comment property bag.

func (IncidentCommentProperties) MarshalJSON 

func (i IncidentCommentProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentCommentProperties.

func (*IncidentCommentProperties) UnmarshalJSON 

func (i *IncidentCommentProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentProperties.

type IncidentCommentsClient 

type IncidentCommentsClient struct {
	// contains filtered or unexported fields
}

IncidentCommentsClient contains the methods for the IncidentComments group. Don't use this type directly, use NewIncidentCommentsClient() instead.

func NewIncidentCommentsClient 

func NewIncidentCommentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IncidentCommentsClient, error)

NewIncidentCommentsClient creates a new instance of IncidentCommentsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*IncidentCommentsClient) CreateOrUpdate 

func (client *IncidentCommentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment, options *IncidentCommentsClientCreateOrUpdateOptions) (IncidentCommentsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates a comment for a given incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • incidentCommentID - Incident comment ID
  • incidentComment - The incident comment
  • options - IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/comments/CreateIncidentComment.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIncidentCommentsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", armsecurityinsights.IncidentComment{
		Properties: &armsecurityinsights.IncidentCommentProperties{
			Message: to.Ptr("Some message"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.IncidentComment = armsecurityinsights.IncidentComment{
	// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents/comments"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 	Etag: to.Ptr("0300bf09-0000-0000-0000-5c37296e0000"),
	// 	Properties: &armsecurityinsights.IncidentCommentProperties{
	// 		Author: &armsecurityinsights.ClientInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john.doe@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 			UserPrincipalName: to.Ptr("john@contoso.com"),
	// 		},
	// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 		LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-04T13:15:30.000Z"); return t}()),
	// 		Message: to.Ptr("Some message"),
	// 	},
	// }
}

Output:

func (*IncidentCommentsClient) Delete 

func (client *IncidentCommentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, options *IncidentCommentsClientDeleteOptions) (IncidentCommentsClientDeleteResponse, error)

Delete - Deletes a comment for a given incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • incidentCommentID - Incident comment ID
  • options - IncidentCommentsClientDeleteOptions contains the optional parameters for the IncidentCommentsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/comments/DeleteIncidentComment.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewIncidentCommentsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*IncidentCommentsClient) Get 

func (client *IncidentCommentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, options *IncidentCommentsClientGetOptions) (IncidentCommentsClientGetResponse, error)

Get - Gets a comment for a given incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • incidentCommentID - Incident comment ID
  • options - IncidentCommentsClientGetOptions contains the optional parameters for the IncidentCommentsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/comments/GetIncidentCommentById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIncidentCommentsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.IncidentComment = armsecurityinsights.IncidentComment{
	// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents/comments"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 	Etag: to.Ptr("0300bf09-0000-0000-0000-5c37296e0000"),
	// 	Properties: &armsecurityinsights.IncidentCommentProperties{
	// 		Author: &armsecurityinsights.ClientInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john.doe@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 			UserPrincipalName: to.Ptr("john@contoso.com"),
	// 		},
	// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 		LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 		Message: to.Ptr("Some message"),
	// 	},
	// }
}

Output:

func (*IncidentCommentsClient) NewListPager added in v0.3.0 

func (client *IncidentCommentsClient) NewListPager(resourceGroupName string, workspaceName string, incidentID string, options *IncidentCommentsClientListOptions) *runtime.Pager[IncidentCommentsClientListResponse]

NewListPager - Gets all comments for a given incident.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentCommentsClientListOptions contains the optional parameters for the IncidentCommentsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/comments/GetAllIncidentComments.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewIncidentCommentsClient().NewListPager("myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.IncidentCommentsClientListOptions{Filter: nil,
		Orderby:   nil,
		Top:       nil,
		SkipToken: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.IncidentCommentList = armsecurityinsights.IncidentCommentList{
		// 	Value: []*armsecurityinsights.IncidentComment{
		// 		{
		// 			Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/incidents/comments"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
		// 			Etag: to.Ptr("0300bf09-0000-0000-0000-5c37296e0000"),
		// 			Properties: &armsecurityinsights.IncidentCommentProperties{
		// 				Author: &armsecurityinsights.ClientInfo{
		// 					Name: to.Ptr("john doe"),
		// 					Email: to.Ptr("john.doe@contoso.com"),
		// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		// 					UserPrincipalName: to.Ptr("john@contoso.com"),
		// 				},
		// 				CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
		// 				LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
		// 				Message: to.Ptr("Some message"),
		// 			},
		// 	}},
		// }
	}
}

Output:

type IncidentCommentsClientCreateOrUpdateOptions 

type IncidentCommentsClientCreateOrUpdateOptions struct {
}

IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate method.

type IncidentCommentsClientCreateOrUpdateResponse 

type IncidentCommentsClientCreateOrUpdateResponse struct {
	// Represents an incident comment
	IncidentComment
}

IncidentCommentsClientCreateOrUpdateResponse contains the response from method IncidentCommentsClient.CreateOrUpdate.

type IncidentCommentsClientDeleteOptions 

type IncidentCommentsClientDeleteOptions struct {
}

IncidentCommentsClientDeleteOptions contains the optional parameters for the IncidentCommentsClient.Delete method.

type IncidentCommentsClientDeleteResponse 

type IncidentCommentsClientDeleteResponse struct {
}

IncidentCommentsClientDeleteResponse contains the response from method IncidentCommentsClient.Delete.

type IncidentCommentsClientGetOptions 

type IncidentCommentsClientGetOptions struct {
}

IncidentCommentsClientGetOptions contains the optional parameters for the IncidentCommentsClient.Get method.

type IncidentCommentsClientGetResponse 

type IncidentCommentsClientGetResponse struct {
	// Represents an incident comment
	IncidentComment
}

IncidentCommentsClientGetResponse contains the response from method IncidentCommentsClient.Get.

type IncidentCommentsClientListOptions 

type IncidentCommentsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string

	// Sorts the results. Optional.
	Orderby *string

	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string

	// Returns only the first n results. Optional.
	Top *int32
}

IncidentCommentsClientListOptions contains the optional parameters for the IncidentCommentsClient.NewListPager method.

type IncidentCommentsClientListResponse 

type IncidentCommentsClientListResponse struct {
	// List of incident comments.
	IncidentCommentList
}

IncidentCommentsClientListResponse contains the response from method IncidentCommentsClient.NewListPager.

type IncidentConfiguration 

type IncidentConfiguration struct {
	// REQUIRED; Create incidents from alerts triggered by this analytics rule
	CreateIncident *bool

	// Set how the alerts that are triggered by this analytics rule, are grouped into incidents
	GroupingConfiguration *GroupingConfiguration
}

IncidentConfiguration - Incident Configuration property bag.

func (IncidentConfiguration) MarshalJSON added in v1.1.0 

func (i IncidentConfiguration) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentConfiguration.

func (*IncidentConfiguration) UnmarshalJSON added in v1.1.0 

func (i *IncidentConfiguration) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentConfiguration.

type IncidentEntitiesResponse 

type IncidentEntitiesResponse struct {
	// Array of the incident related entities.
	Entities []EntityClassification

	// The metadata from the incident related entities results.
	MetaData []*IncidentEntitiesResultsMetadata
}

IncidentEntitiesResponse - The incident related entities response.

func (IncidentEntitiesResponse) MarshalJSON 

func (i IncidentEntitiesResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentEntitiesResponse.

func (*IncidentEntitiesResponse) UnmarshalJSON 

func (i *IncidentEntitiesResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResponse.

type IncidentEntitiesResultsMetadata 

type IncidentEntitiesResultsMetadata struct {
	// REQUIRED; Total number of aggregations of the given kind in the incident related entities result.
	Count *int32

	// REQUIRED; The kind of the aggregated entity.
	EntityKind *EntityKindEnum
}

IncidentEntitiesResultsMetadata - Information of a specific aggregation in the incident related entities result.

func (IncidentEntitiesResultsMetadata) MarshalJSON added in v1.1.0 

func (i IncidentEntitiesResultsMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentEntitiesResultsMetadata.

func (*IncidentEntitiesResultsMetadata) UnmarshalJSON added in v1.1.0 

func (i *IncidentEntitiesResultsMetadata) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResultsMetadata.

type IncidentInfo 

type IncidentInfo struct {
	// Incident Id
	IncidentID *string

	// Relation Name
	RelationName *string

	// The severity of the incident
	Severity *IncidentSeverity

	// The title of the incident
	Title *string
}

IncidentInfo - Describes related incident information for the bookmark

func (IncidentInfo) MarshalJSON added in v1.1.0 

func (i IncidentInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentInfo.

func (*IncidentInfo) UnmarshalJSON added in v1.1.0 

func (i *IncidentInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentInfo.

type IncidentLabel 

type IncidentLabel struct {
	// REQUIRED; The name of the label
	LabelName *string

	// READ-ONLY; The type of the label
	LabelType *IncidentLabelType
}

IncidentLabel - Represents an incident label

func (IncidentLabel) MarshalJSON added in v1.1.0 

func (i IncidentLabel) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentLabel.

func (*IncidentLabel) UnmarshalJSON added in v1.1.0 

func (i *IncidentLabel) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentLabel.

type IncidentLabelType 

type IncidentLabelType string

IncidentLabelType - The type of the label 

const (
	// IncidentLabelTypeAutoAssigned - Label automatically created by the system
	IncidentLabelTypeAutoAssigned IncidentLabelType = "AutoAssigned"
	// IncidentLabelTypeUser - Label manually created by a user
	IncidentLabelTypeUser IncidentLabelType = "User"
)

func PossibleIncidentLabelTypeValues 

func PossibleIncidentLabelTypeValues() []IncidentLabelType

PossibleIncidentLabelTypeValues returns the possible values for the IncidentLabelType const type.

type IncidentList 

type IncidentList struct {
	// REQUIRED; Array of incidents.
	Value []*Incident

	// READ-ONLY; URL to fetch the next set of incidents.
	NextLink *string
}

IncidentList - List all the incidents.

func (IncidentList) MarshalJSON 

func (i IncidentList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentList.

func (*IncidentList) UnmarshalJSON added in v1.1.0 

func (i *IncidentList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentList.

type IncidentOwnerInfo 

type IncidentOwnerInfo struct {
	// The name of the user the incident is assigned to.
	AssignedTo *string

	// The email of the user the incident is assigned to.
	Email *string

	// The object id of the user the incident is assigned to.
	ObjectID *string

	// The user principal name of the user the incident is assigned to.
	UserPrincipalName *string
}

IncidentOwnerInfo - Information on the user an incident is assigned to

func (IncidentOwnerInfo) MarshalJSON added in v1.1.0 

func (i IncidentOwnerInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentOwnerInfo.

func (*IncidentOwnerInfo) UnmarshalJSON added in v1.1.0 

func (i *IncidentOwnerInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentOwnerInfo.

type IncidentOwnerInfoAutoGenerated added in v1.0.0 

type IncidentOwnerInfoAutoGenerated struct {
	// The name of the user the incident is assigned to.
	AssignedTo *string

	// The email of the user the incident is assigned to.
	Email *string

	// The object id of the user the incident is assigned to.
	ObjectID *string

	// The type of the owner the incident is assigned to.
	OwnerType *OwnerType

	// The user principal name of the user the incident is assigned to.
	UserPrincipalName *string
}

IncidentOwnerInfoAutoGenerated - Information on the user an incident is assigned to

func (IncidentOwnerInfoAutoGenerated) MarshalJSON added in v1.1.0 

func (i IncidentOwnerInfoAutoGenerated) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentOwnerInfoAutoGenerated.

func (*IncidentOwnerInfoAutoGenerated) UnmarshalJSON added in v1.1.0 

func (i *IncidentOwnerInfoAutoGenerated) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentOwnerInfoAutoGenerated.

type IncidentProperties 

type IncidentProperties struct {
	// REQUIRED; The severity of the incident
	Severity *IncidentSeverity

	// REQUIRED; The status of the incident
	Status *IncidentStatus

	// REQUIRED; The title of the incident
	Title *string

	// The reason the incident was closed
	Classification *IncidentClassification

	// Describes the reason the incident was closed
	ClassificationComment *string

	// The classification reason the incident was closed with
	ClassificationReason *IncidentClassificationReason

	// The description of the incident
	Description *string

	// The time of the first activity in the incident
	FirstActivityTimeUTC *time.Time

	// List of labels relevant to this incident
	Labels []*IncidentLabel

	// The time of the last activity in the incident
	LastActivityTimeUTC *time.Time

	// Describes a user that the incident is assigned to
	Owner *IncidentOwnerInfo

	// READ-ONLY; Additional data on the incident
	AdditionalData *IncidentAdditionalData

	// READ-ONLY; The time the incident was created
	CreatedTimeUTC *time.Time

	// READ-ONLY; A sequential number
	IncidentNumber *int32

	// READ-ONLY; The deep-link url to the incident in Azure portal
	IncidentURL *string

	// READ-ONLY; The last time the incident was updated
	LastModifiedTimeUTC *time.Time

	// READ-ONLY; List of resource ids of Analytic rules related to the incident
	RelatedAnalyticRuleIDs []*string
}

IncidentProperties - Describes incident properties

func (IncidentProperties) MarshalJSON 

func (i IncidentProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentProperties.

func (*IncidentProperties) UnmarshalJSON 

func (i *IncidentProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentProperties.

type IncidentPropertiesAction 

type IncidentPropertiesAction struct {
	// The reason the incident was closed
	Classification *IncidentClassification

	// Describes the reason the incident was closed
	ClassificationComment *string

	// The classification reason the incident was closed with
	ClassificationReason *IncidentClassificationReason

	// List of labels to add to the incident
	Labels []*IncidentLabel

	// Information on the user an incident is assigned to
	Owner *IncidentOwnerInfoAutoGenerated

	// The severity of the incident
	Severity *IncidentSeverity

	// The status of the incident
	Status *IncidentStatus
}

func (IncidentPropertiesAction) MarshalJSON 

func (i IncidentPropertiesAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentPropertiesAction.

func (*IncidentPropertiesAction) UnmarshalJSON added in v1.1.0 

func (i *IncidentPropertiesAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentPropertiesAction.

type IncidentRelationsClient 

type IncidentRelationsClient struct {
	// contains filtered or unexported fields
}

IncidentRelationsClient contains the methods for the IncidentRelations group. Don't use this type directly, use NewIncidentRelationsClient() instead.

func NewIncidentRelationsClient 

func NewIncidentRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IncidentRelationsClient, error)

NewIncidentRelationsClient creates a new instance of IncidentRelationsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*IncidentRelationsClient) CreateOrUpdate 

func (client *IncidentRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, relation Relation, options *IncidentRelationsClientCreateOrUpdateOptions) (IncidentRelationsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates a relation for a given incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • relationName - Relation Name
  • relation - The relation model
  • options - IncidentRelationsClientCreateOrUpdateOptions contains the optional parameters for the IncidentRelationsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/relations/CreateIncidentRelation.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIncidentRelationsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", armsecurityinsights.Relation{
		Properties: &armsecurityinsights.RelationProperties{
			RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Relation = armsecurityinsights.Relation{
	// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 	Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
	// 	Properties: &armsecurityinsights.RelationProperties{
	// 		RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"),
	// 		RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"),
	// 		RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
	// 	},
	// }
}

Output:

func (*IncidentRelationsClient) Delete 

func (client *IncidentRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, options *IncidentRelationsClientDeleteOptions) (IncidentRelationsClientDeleteResponse, error)

Delete - Deletes a relation for a given incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • relationName - Relation Name
  • options - IncidentRelationsClientDeleteOptions contains the optional parameters for the IncidentRelationsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/relations/DeleteIncidentRelation.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewIncidentRelationsClient().Delete(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*IncidentRelationsClient) Get 

func (client *IncidentRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, options *IncidentRelationsClientGetOptions) (IncidentRelationsClientGetResponse, error)

Get - Gets a relation for a given incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • relationName - Relation Name
  • options - IncidentRelationsClientGetOptions contains the optional parameters for the IncidentRelationsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/relations/GetIncidentRelationByName.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIncidentRelationsClient().Get(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Relation = armsecurityinsights.Relation{
	// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 	Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
	// 	Properties: &armsecurityinsights.RelationProperties{
	// 		RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"),
	// 		RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"),
	// 		RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
	// 	},
	// }
}

Output:

func (*IncidentRelationsClient) NewListPager added in v0.3.0 

func (client *IncidentRelationsClient) NewListPager(resourceGroupName string, workspaceName string, incidentID string, options *IncidentRelationsClientListOptions) *runtime.Pager[IncidentRelationsClientListResponse]

NewListPager - Gets all relations for a given incident.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentRelationsClientListOptions contains the optional parameters for the IncidentRelationsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/relations/GetAllIncidentRelations.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewIncidentRelationsClient().NewListPager("myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", &armsecurityinsights.IncidentRelationsClientListOptions{Filter: nil,
		Orderby:   nil,
		Top:       nil,
		SkipToken: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.RelationList = armsecurityinsights.RelationList{
		// 	Value: []*armsecurityinsights.Relation{
		// 		{
		// 			Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
		// 			Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
		// 			Properties: &armsecurityinsights.RelationProperties{
		// 				RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"),
		// 				RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"),
		// 				RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("9673a17d-8bc7-4ca6-88ee-38a4f3efc032"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032"),
		// 			Etag: to.Ptr("6f714025-dd7c-46aa-b5d0-b9857488d060"),
		// 			Properties: &armsecurityinsights.RelationProperties{
		// 				RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af"),
		// 				RelatedResourceKind: to.Ptr("SecurityAlert"),
		// 				RelatedResourceName: to.Ptr("1dd267cd-8a1f-4f6f-b92c-da43ac8819af"),
		// 				RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/entities"),
		// 			},
		// 	}},
		// }
	}
}

Output:

type IncidentRelationsClientCreateOrUpdateOptions 

type IncidentRelationsClientCreateOrUpdateOptions struct {
}

IncidentRelationsClientCreateOrUpdateOptions contains the optional parameters for the IncidentRelationsClient.CreateOrUpdate method.

type IncidentRelationsClientCreateOrUpdateResponse 

type IncidentRelationsClientCreateOrUpdateResponse struct {
	// Represents a relation between two resources
	Relation
}

IncidentRelationsClientCreateOrUpdateResponse contains the response from method IncidentRelationsClient.CreateOrUpdate.

type IncidentRelationsClientDeleteOptions 

type IncidentRelationsClientDeleteOptions struct {
}

IncidentRelationsClientDeleteOptions contains the optional parameters for the IncidentRelationsClient.Delete method.

type IncidentRelationsClientDeleteResponse 

type IncidentRelationsClientDeleteResponse struct {
}

IncidentRelationsClientDeleteResponse contains the response from method IncidentRelationsClient.Delete.

type IncidentRelationsClientGetOptions 

type IncidentRelationsClientGetOptions struct {
}

IncidentRelationsClientGetOptions contains the optional parameters for the IncidentRelationsClient.Get method.

type IncidentRelationsClientGetResponse 

type IncidentRelationsClientGetResponse struct {
	// Represents a relation between two resources
	Relation
}

IncidentRelationsClientGetResponse contains the response from method IncidentRelationsClient.Get.

type IncidentRelationsClientListOptions 

type IncidentRelationsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string

	// Sorts the results. Optional.
	Orderby *string

	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string

	// Returns only the first n results. Optional.
	Top *int32
}

IncidentRelationsClientListOptions contains the optional parameters for the IncidentRelationsClient.NewListPager method.

type IncidentRelationsClientListResponse 

type IncidentRelationsClientListResponse struct {
	// List of relations.
	RelationList
}

IncidentRelationsClientListResponse contains the response from method IncidentRelationsClient.NewListPager.

type IncidentSeverity 

type IncidentSeverity string

IncidentSeverity - The severity of the incident 

const (
	// IncidentSeverityHigh - High severity
	IncidentSeverityHigh IncidentSeverity = "High"
	// IncidentSeverityInformational - Informational severity
	IncidentSeverityInformational IncidentSeverity = "Informational"
	// IncidentSeverityLow - Low severity
	IncidentSeverityLow IncidentSeverity = "Low"
	// IncidentSeverityMedium - Medium severity
	IncidentSeverityMedium IncidentSeverity = "Medium"
)

func PossibleIncidentSeverityValues 

func PossibleIncidentSeverityValues() []IncidentSeverity

PossibleIncidentSeverityValues returns the possible values for the IncidentSeverity const type.

type IncidentStatus 

type IncidentStatus string

IncidentStatus - The status of the incident 

const (
	// IncidentStatusActive - An active incident which is being handled
	IncidentStatusActive IncidentStatus = "Active"
	// IncidentStatusClosed - A non-active incident
	IncidentStatusClosed IncidentStatus = "Closed"
	// IncidentStatusNew - An active incident which isn't being handled currently
	IncidentStatusNew IncidentStatus = "New"
)

func PossibleIncidentStatusValues 

func PossibleIncidentStatusValues() []IncidentStatus

PossibleIncidentStatusValues returns the possible values for the IncidentStatus const type.

type IncidentsClient 

type IncidentsClient struct {
	// contains filtered or unexported fields
}

IncidentsClient contains the methods for the Incidents group. Don't use this type directly, use NewIncidentsClient() instead.

func NewIncidentsClient 

func NewIncidentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IncidentsClient, error)

NewIncidentsClient creates a new instance of IncidentsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*IncidentsClient) CreateOrUpdate 

func (client *IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident Incident, options *IncidentsClientCreateOrUpdateOptions) (IncidentsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates an incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • incident - The incident
  • options - IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/CreateIncident.json 

package main

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIncidentsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", armsecurityinsights.Incident{
		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		Properties: &armsecurityinsights.IncidentProperties{
			Description:           to.Ptr("This is a demo incident"),
			Classification:        to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive),
			ClassificationComment: to.Ptr("Not a malicious activity"),
			ClassificationReason:  to.Ptr(armsecurityinsights.IncidentClassificationReasonIncorrectAlertLogic),
			FirstActivityTimeUTC:  to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t }()),
			LastActivityTimeUTC:   to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30.000Z"); return t }()),
			Owner: &armsecurityinsights.IncidentOwnerInfo{
				ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
			},
			Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
			Status:   to.Ptr(armsecurityinsights.IncidentStatusClosed),
			Title:    to.Ptr("My incident"),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Incident = armsecurityinsights.Incident{
	// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0001\""),
	// 	Properties: &armsecurityinsights.IncidentProperties{
	// 		Description: to.Ptr("This is a demo incident"),
	// 		AdditionalData: &armsecurityinsights.IncidentAdditionalData{
	// 			AlertProductNames: []*string{
	// 			},
	// 			AlertsCount: to.Ptr[int32](0),
	// 			BookmarksCount: to.Ptr[int32](0),
	// 			CommentsCount: to.Ptr[int32](3),
	// 			Tactics: []*armsecurityinsights.AttackTactic{
	// 			},
	// 		},
	// 		Classification: to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive),
	// 		ClassificationComment: to.Ptr("Not a malicious activity"),
	// 		ClassificationReason: to.Ptr(armsecurityinsights.IncidentClassificationReasonIncorrectAlertLogic),
	// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 		FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()),
	// 		IncidentNumber: to.Ptr[int32](3177),
	// 		IncidentURL: to.Ptr("https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 		Labels: []*armsecurityinsights.IncidentLabel{
	// 		},
	// 		LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30.000Z"); return t}()),
	// 		LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 		Owner: &armsecurityinsights.IncidentOwnerInfo{
	// 			AssignedTo: to.Ptr("john doe"),
	// 			Email: to.Ptr("john.doe@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 			UserPrincipalName: to.Ptr("john@contoso.com"),
	// 		},
	// 		RelatedAnalyticRuleIDs: []*string{
	// 		},
	// 		Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
	// 		Status: to.Ptr(armsecurityinsights.IncidentStatusClosed),
	// 		Title: to.Ptr("My incident"),
	// 	},
	// }
}

Output:

func (*IncidentsClient) Delete 

func (client *IncidentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientDeleteOptions) (IncidentsClientDeleteResponse, error)

Delete - Deletes a given incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentsClientDeleteOptions contains the optional parameters for the IncidentsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/DeleteIncident.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewIncidentsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*IncidentsClient) Get 

func (client *IncidentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientGetOptions) (IncidentsClientGetResponse, error)

Get - Gets a given incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentsClientGetOptions contains the optional parameters for the IncidentsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/GetIncidentById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIncidentsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Incident = armsecurityinsights.Incident{
	// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 	Properties: &armsecurityinsights.IncidentProperties{
	// 		Description: to.Ptr("This is a demo incident"),
	// 		AdditionalData: &armsecurityinsights.IncidentAdditionalData{
	// 			AlertProductNames: []*string{
	// 			},
	// 			AlertsCount: to.Ptr[int32](0),
	// 			BookmarksCount: to.Ptr[int32](0),
	// 			CommentsCount: to.Ptr[int32](3),
	// 			Tactics: []*armsecurityinsights.AttackTactic{
	// 				to.Ptr(armsecurityinsights.AttackTacticInitialAccess),
	// 				to.Ptr(armsecurityinsights.AttackTacticPersistence)},
	// 			},
	// 			Classification: to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive),
	// 			ClassificationComment: to.Ptr("Not a malicious activity"),
	// 			ClassificationReason: to.Ptr(armsecurityinsights.IncidentClassificationReasonInaccurateData),
	// 			CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 			FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()),
	// 			IncidentNumber: to.Ptr[int32](3177),
	// 			IncidentURL: to.Ptr("https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Labels: []*armsecurityinsights.IncidentLabel{
	// 			},
	// 			LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30.000Z"); return t}()),
	// 			LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
	// 			Owner: &armsecurityinsights.IncidentOwnerInfo{
	// 				AssignedTo: to.Ptr("john doe"),
	// 				Email: to.Ptr("john.doe@contoso.com"),
	// 				ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 				UserPrincipalName: to.Ptr("john@contoso.com"),
	// 			},
	// 			RelatedAnalyticRuleIDs: []*string{
	// 				to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7")},
	// 				Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
	// 				Status: to.Ptr(armsecurityinsights.IncidentStatusClosed),
	// 				Title: to.Ptr("My incident"),
	// 			},
	// 		}
}

Output:

func (*IncidentsClient) ListAlerts 

func (client *IncidentsClient) ListAlerts(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListAlertsOptions) (IncidentsClientListAlertsResponse, error)

ListAlerts - Gets all alerts for an incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentsClientListAlertsOptions contains the optional parameters for the IncidentsClient.ListAlerts method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/GetAllIncidentAlerts.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIncidentsClient().ListAlerts(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.IncidentAlertList = armsecurityinsights.IncidentAlertList{
	// 	Value: []*armsecurityinsights.SecurityAlert{
	// 		{
	// 			Name: to.Ptr("baa8a239-6fde-4ab7-a093-d09f7b75c58c"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/Entities"),
	// 			ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c"),
	// 			Kind: to.Ptr(armsecurityinsights.EntityKindEnumSecurityAlert),
	// 			Properties: &armsecurityinsights.SecurityAlertProperties{
	// 				AdditionalData: map[string]any{
	// 					"AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z",
	// 				},
	// 				FriendlyName: to.Ptr("myAlert"),
	// 				AlertDisplayName: to.Ptr("myAlert"),
	// 				AlertType: to.Ptr("myAlert"),
	// 				ConfidenceLevel: to.Ptr(armsecurityinsights.ConfidenceLevelUnknown),
	// 				EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.615Z"); return t}()),
	// 				ProcessingEndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.615Z"); return t}()),
	// 				ProductName: to.Ptr("Azure Security Center"),
	// 				ResourceIdentifiers: []any{
	// 					map[string]any{
	// 						"type": "LogAnalytics",
	// 						"resourceGroup": "myRG",
	// 						"subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a",
	// 						"workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b",
	// 				}},
	// 				Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 				StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.615Z"); return t}()),
	// 				Status: to.Ptr(armsecurityinsights.AlertStatusNew),
	// 				SystemAlertID: to.Ptr("baa8a239-6fde-4ab7-a093-d09f7b75c58c"),
	// 				Tactics: []*armsecurityinsights.AttackTactic{
	// 				},
	// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.615Z"); return t}()),
	// 				VendorName: to.Ptr("Microsoft"),
	// 			},
	// 	}},
	// }
}

Output:

func (*IncidentsClient) ListBookmarks 

func (client *IncidentsClient) ListBookmarks(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListBookmarksOptions) (IncidentsClientListBookmarksResponse, error)

ListBookmarks - Gets all bookmarks for an incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentsClientListBookmarksOptions contains the optional parameters for the IncidentsClient.ListBookmarks method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/GetAllIncidentBookmarks.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIncidentsClient().ListBookmarks(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.IncidentBookmarkList = armsecurityinsights.IncidentBookmarkList{
	// 	Value: []*armsecurityinsights.HuntingBookmark{
	// 		{
	// 			Name: to.Ptr("afbd324f-6c48-459c-8710-8d1e1cd03812"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/Entities"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812"),
	// 			Kind: to.Ptr(armsecurityinsights.EntityKindEnumBookmark),
	// 			Properties: &armsecurityinsights.HuntingBookmarkProperties{
	// 				AdditionalData: map[string]any{
	// 					"ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"",
	// 					"EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812",
	// 				},
	// 				FriendlyName: to.Ptr("SecurityEvent - 868f40f4698d"),
	// 				Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()),
	// 				CreatedBy: &armsecurityinsights.UserInfo{
	// 					Name: to.Ptr("user"),
	// 					Email: to.Ptr("user@microsoft.com"),
	// 					ObjectID: to.Ptr("b03ca914-5eb6-45e5-9417-fe0797c372fd"),
	// 				},
	// 				DisplayName: to.Ptr("SecurityEvent - 868f40f4698d"),
	// 				EventTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()),
	// 				Labels: []*string{
	// 				},
	// 				Query: to.Ptr("SecurityEvent\r\n| take 1\n"),
	// 				QueryResult: to.Ptr("{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}"),
	// 				Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()),
	// 				UpdatedBy: &armsecurityinsights.UserInfo{
	// 					Name: to.Ptr("user"),
	// 					Email: to.Ptr("user@microsoft.com"),
	// 					ObjectID: to.Ptr("b03ca914-5eb6-45e5-9417-fe0797c372fd"),
	// 				},
	// 			},
	// 		},
	// 		{
	// 			Name: to.Ptr("bbbd324f-6c48-459c-8710-8d1e1cd03812"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/Entities"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812"),
	// 			Kind: to.Ptr(armsecurityinsights.EntityKindEnumBookmark),
	// 			Properties: &armsecurityinsights.HuntingBookmarkProperties{
	// 				AdditionalData: map[string]any{
	// 					"ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"",
	// 					"EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812",
	// 				},
	// 				FriendlyName: to.Ptr("SecurityEvent - 868f40f4698d"),
	// 				Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()),
	// 				CreatedBy: &armsecurityinsights.UserInfo{
	// 					Name: to.Ptr("user"),
	// 					Email: to.Ptr("user@microsoft.com"),
	// 					ObjectID: to.Ptr("303ca914-5eb6-45e5-9417-fe0797c372fd"),
	// 				},
	// 				DisplayName: to.Ptr("SecurityEvent - 868f40f4698d"),
	// 				EventTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()),
	// 				Labels: []*string{
	// 				},
	// 				Query: to.Ptr("SecurityEvent\r\n| take 1\n"),
	// 				QueryResult: to.Ptr("{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}"),
	// 				Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.426Z"); return t}()),
	// 				UpdatedBy: &armsecurityinsights.UserInfo{
	// 					Name: to.Ptr("user"),
	// 					Email: to.Ptr("user@microsoft.com"),
	// 					ObjectID: to.Ptr("b03ca914-5eb6-45e5-9417-fe0797c372fd"),
	// 				},
	// 			},
	// 	}},
	// }
}

Output:

func (*IncidentsClient) ListEntities 

func (client *IncidentsClient) ListEntities(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListEntitiesOptions) (IncidentsClientListEntitiesResponse, error)

ListEntities - Gets all entities for an incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentsClientListEntitiesOptions contains the optional parameters for the IncidentsClient.ListEntities method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/GetAllIncidentEntities.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIncidentsClient().ListEntities(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.IncidentEntitiesResponse = armsecurityinsights.IncidentEntitiesResponse{
	// 	Entities: []armsecurityinsights.EntityClassification{
	// 		&armsecurityinsights.AccountEntity{
	// 			Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/Entities"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
	// 			Kind: to.Ptr(armsecurityinsights.EntityKindEnumAccount),
	// 			Properties: &armsecurityinsights.AccountEntityProperties{
	// 				FriendlyName: to.Ptr("administrator"),
	// 				AccountName: to.Ptr("administrator"),
	// 				NtDomain: to.Ptr("domain"),
	// 			},
	// 	}},
	// 	MetaData: []*armsecurityinsights.IncidentEntitiesResultsMetadata{
	// 		{
	// 			Count: to.Ptr[int32](1),
	// 			EntityKind: to.Ptr(armsecurityinsights.EntityKindEnumAccount),
	// 	}},
	// }
}

Output:

func (*IncidentsClient) NewListPager added in v0.3.0 

func (client *IncidentsClient) NewListPager(resourceGroupName string, workspaceName string, options *IncidentsClientListOptions) *runtime.Pager[IncidentsClientListResponse]

NewListPager - Gets all incidents.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - IncidentsClientListOptions contains the optional parameters for the IncidentsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/incidents/GetIncidents.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewIncidentsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.IncidentsClientListOptions{Filter: nil,
		Orderby:   to.Ptr("properties/createdTimeUtc desc"),
		Top:       to.Ptr[int32](1),
		SkipToken: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.IncidentList = armsecurityinsights.IncidentList{
		// 	Value: []*armsecurityinsights.Incident{
		// 		{
		// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/incidents"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Properties: &armsecurityinsights.IncidentProperties{
		// 				Description: to.Ptr("This is a demo incident"),
		// 				AdditionalData: &armsecurityinsights.IncidentAdditionalData{
		// 					AlertProductNames: []*string{
		// 					},
		// 					AlertsCount: to.Ptr[int32](0),
		// 					BookmarksCount: to.Ptr[int32](0),
		// 					CommentsCount: to.Ptr[int32](3),
		// 					Tactics: []*armsecurityinsights.AttackTactic{
		// 						to.Ptr(armsecurityinsights.AttackTacticPersistence)},
		// 					},
		// 					Classification: to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive),
		// 					ClassificationComment: to.Ptr("Not a malicious activity"),
		// 					ClassificationReason: to.Ptr(armsecurityinsights.IncidentClassificationReasonIncorrectAlertLogic),
		// 					CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
		// 					FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30.000Z"); return t}()),
		// 					IncidentNumber: to.Ptr[int32](3177),
		// 					IncidentURL: to.Ptr("https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
		// 					Labels: []*armsecurityinsights.IncidentLabel{
		// 					},
		// 					LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30.000Z"); return t}()),
		// 					LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30.000Z"); return t}()),
		// 					Owner: &armsecurityinsights.IncidentOwnerInfo{
		// 						AssignedTo: to.Ptr("john doe"),
		// 						Email: to.Ptr("john.doe@contoso.com"),
		// 						ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		// 						UserPrincipalName: to.Ptr("john@contoso.com"),
		// 					},
		// 					RelatedAnalyticRuleIDs: []*string{
		// 						to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
		// 						to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")},
		// 						Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
		// 						Status: to.Ptr(armsecurityinsights.IncidentStatusClosed),
		// 						Title: to.Ptr("My incident"),
		// 					},
		// 			}},
		// 		}
	}
}

Output:

type IncidentsClientCreateOrUpdateOptions 

type IncidentsClientCreateOrUpdateOptions struct {
}

IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method.

type IncidentsClientCreateOrUpdateResponse 

type IncidentsClientCreateOrUpdateResponse struct {
	// Represents an incident in Azure Security Insights.
	Incident
}

IncidentsClientCreateOrUpdateResponse contains the response from method IncidentsClient.CreateOrUpdate.

type IncidentsClientDeleteOptions 

type IncidentsClientDeleteOptions struct {
}

IncidentsClientDeleteOptions contains the optional parameters for the IncidentsClient.Delete method.

type IncidentsClientDeleteResponse 

type IncidentsClientDeleteResponse struct {
}

IncidentsClientDeleteResponse contains the response from method IncidentsClient.Delete.

type IncidentsClientGetOptions 

type IncidentsClientGetOptions struct {
}

IncidentsClientGetOptions contains the optional parameters for the IncidentsClient.Get method.

type IncidentsClientGetResponse 

type IncidentsClientGetResponse struct {
	// Represents an incident in Azure Security Insights.
	Incident
}

IncidentsClientGetResponse contains the response from method IncidentsClient.Get.

type IncidentsClientListAlertsOptions 

type IncidentsClientListAlertsOptions struct {
}

IncidentsClientListAlertsOptions contains the optional parameters for the IncidentsClient.ListAlerts method.

type IncidentsClientListAlertsResponse 

type IncidentsClientListAlertsResponse struct {
	// List of incident alerts.
	IncidentAlertList
}

IncidentsClientListAlertsResponse contains the response from method IncidentsClient.ListAlerts.

type IncidentsClientListBookmarksOptions 

type IncidentsClientListBookmarksOptions struct {
}

IncidentsClientListBookmarksOptions contains the optional parameters for the IncidentsClient.ListBookmarks method.

type IncidentsClientListBookmarksResponse 

type IncidentsClientListBookmarksResponse struct {
	// List of incident bookmarks.
	IncidentBookmarkList
}

IncidentsClientListBookmarksResponse contains the response from method IncidentsClient.ListBookmarks.

type IncidentsClientListEntitiesOptions 

type IncidentsClientListEntitiesOptions struct {
}

IncidentsClientListEntitiesOptions contains the optional parameters for the IncidentsClient.ListEntities method.

type IncidentsClientListEntitiesResponse 

type IncidentsClientListEntitiesResponse struct {
	// The incident related entities response.
	IncidentEntitiesResponse
}

IncidentsClientListEntitiesResponse contains the response from method IncidentsClient.ListEntities.

type IncidentsClientListOptions 

type IncidentsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string

	// Sorts the results. Optional.
	Orderby *string

	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string

	// Returns only the first n results. Optional.
	Top *int32
}

IncidentsClientListOptions contains the optional parameters for the IncidentsClient.NewListPager method.

type IncidentsClientListResponse 

type IncidentsClientListResponse struct {
	// List all the incidents.
	IncidentList
}

IncidentsClientListResponse contains the response from method IncidentsClient.NewListPager.

type IoTDeviceEntity 

type IoTDeviceEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// IoTDevice entity properties
	Properties *IoTDeviceEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

IoTDeviceEntity - Represents an IoT device entity.

func (*IoTDeviceEntity) GetEntity 

func (i *IoTDeviceEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type IoTDeviceEntity.

func (IoTDeviceEntity) MarshalJSON 

func (i IoTDeviceEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntity.

func (*IoTDeviceEntity) UnmarshalJSON 

func (i *IoTDeviceEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntity.

type IoTDeviceEntityProperties 

type IoTDeviceEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The ID of the IoT Device in the IoT Hub
	DeviceID *string

	// READ-ONLY; The friendly name of the device
	DeviceName *string

	// READ-ONLY; The type of the device
	DeviceType *string

	// READ-ONLY; The ID of the edge device
	EdgeID *string

	// READ-ONLY; The firmware version of the device
	FirmwareVersion *string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The Host entity id of this device
	HostEntityID *string

	// READ-ONLY; The IP entity if of this device
	IPAddressEntityID *string

	// READ-ONLY; The AzureResource entity id of the IoT Hub
	IotHubEntityID *string

	// READ-ONLY; The ID of the security agent running on the device
	IotSecurityAgentID *string

	// READ-ONLY; The MAC address of the device
	MacAddress *string

	// READ-ONLY; The model of the device
	Model *string

	// READ-ONLY; The operating system of the device
	OperatingSystem *string

	// READ-ONLY; A list of protocols of the IoTDevice entity.
	Protocols []*string

	// READ-ONLY; The serial number of the device
	SerialNumber *string

	// READ-ONLY; The source of the device
	Source *string

	// READ-ONLY; A list of TI contexts attached to the IoTDevice entity.
	ThreatIntelligence []*ThreatIntelligence

	// READ-ONLY; The vendor of the device
	Vendor *string
}

IoTDeviceEntityProperties - IoTDevice entity property bag.

func (IoTDeviceEntityProperties) MarshalJSON 

func (i IoTDeviceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntityProperties.

func (*IoTDeviceEntityProperties) UnmarshalJSON added in v1.1.0 

func (i *IoTDeviceEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntityProperties.

type KillChainIntent 

type KillChainIntent string

KillChainIntent - Holds the alert intent stage(s) mapping for this alert. 

const (
	// KillChainIntentCollection - Collection consists of techniques used to identify and gather information, such as sensitive
	// files, from a target network prior to exfiltration. This category also covers locations on a system or network where the
	// adversary may look for information to exfiltrate.
	KillChainIntentCollection KillChainIntent = "Collection"
	// KillChainIntentCommandAndControl - The command and control tactic represents how adversaries communicate with systems under
	// their control within a target network.
	KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl"
	// KillChainIntentCredentialAccess - Credential access represents techniques resulting in access to or control over system,
	// domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain
	// legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator
	// access) to use within the network. With sufficient access within a network, an adversary can create accounts for later
	// use within the environment.
	KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess"
	// KillChainIntentDefenseEvasion - Defense evasion consists of techniques an adversary may use to evade detection or avoid
	// other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added
	// benefit of subverting a particular defense or mitigation.
	KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion"
	// KillChainIntentDiscovery - Discovery consists of techniques that allow the adversary to gain knowledge about the system
	// and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control
	// of and what benefits operating from that system give to their current objective or overall goals during the intrusion.
	// The operating system provides many native tools that aid in this post-compromise information-gathering phase.
	KillChainIntentDiscovery KillChainIntent = "Discovery"
	// KillChainIntentExecution - The execution tactic represents techniques that result in execution of adversary-controlled
	// code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote
	// systems on a network.
	KillChainIntentExecution KillChainIntent = "Execution"
	// KillChainIntentExfiltration - Exfiltration refers to techniques and attributes that result or aid in the adversary removing
	// files and information from a target network. This category also covers locations on a system or network where the adversary
	// may look for information to exfiltrate.
	KillChainIntentExfiltration KillChainIntent = "Exfiltration"
	// KillChainIntentExploitation - Exploitation is the stage where an attacker manage to get foothold on the attacked resource.
	// This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries
	// will often be able to control the resource after this stage.
	KillChainIntentExploitation KillChainIntent = "Exploitation"
	// KillChainIntentImpact - The impact intent primary objective is to directly reduce the availability or integrity of a system,
	// service, or network; including manipulation of data to impact a business or operational process. This would often refer
	// to techniques such as ransom-ware, defacement, data manipulation and others.
	KillChainIntentImpact KillChainIntent = "Impact"
	// KillChainIntentLateralMovement - Lateral movement consists of techniques that enable an adversary to access and control
	// remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral
	// movement techniques could allow an adversary to gather information from a system without needing additional tools, such
	// as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools,
	// pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause
	// an effect.
	KillChainIntentLateralMovement KillChainIntent = "LateralMovement"
	// KillChainIntentPersistence - Persistence is any access, action, or configuration change to a system that gives an adversary
	// a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such
	// as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate
	// backdoor for them to regain access.
	KillChainIntentPersistence KillChainIntent = "Persistence"
	// KillChainIntentPrivilegeEscalation - Privilege escalation is the result of actions that allow an adversary to obtain a
	// higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work
	// and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems
	// or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation
	// of privilege.
	KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
	// KillChainIntentProbing - Probing could be an attempt to access a certain resource regardless of a malicious intent or a
	// failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected
	// as an attempt originating from outside the network in attempt to scan the target system and find a way in.
	KillChainIntentProbing KillChainIntent = "Probing"
	// KillChainIntentUnknown - The default value.
	KillChainIntentUnknown KillChainIntent = "Unknown"
)

func PossibleKillChainIntentValues 

func PossibleKillChainIntentValues() []KillChainIntent

PossibleKillChainIntentValues returns the possible values for the KillChainIntent const type.

type MCASDataConnector 

type MCASDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind

	// Etag of the azure resource
	Etag *string

	// MCAS (Microsoft Cloud App Security) data connector properties.
	Properties *MCASDataConnectorProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

MCASDataConnector - Represents MCAS (Microsoft Cloud App Security) data connector.

func (*MCASDataConnector) GetDataConnector 

func (m *MCASDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type MCASDataConnector.

func (MCASDataConnector) MarshalJSON 

func (m MCASDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MCASDataConnector.

func (*MCASDataConnector) UnmarshalJSON 

func (m *MCASDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnector.

type MCASDataConnectorDataTypes 

type MCASDataConnectorDataTypes struct {
	// Alerts data type connection.
	Alerts *DataConnectorDataTypeCommon

	// Discovery log data type connection.
	DiscoveryLogs *DataConnectorDataTypeCommon
}

MCASDataConnectorDataTypes - The available data types for MCAS (Microsoft Cloud App Security) data connector.

func (MCASDataConnectorDataTypes) MarshalJSON added in v1.1.0 

func (m MCASDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MCASDataConnectorDataTypes.

func (*MCASDataConnectorDataTypes) UnmarshalJSON added in v1.1.0 

func (m *MCASDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnectorDataTypes.

type MCASDataConnectorProperties 

type MCASDataConnectorProperties struct {
	// The available data types for the connector.
	DataTypes *MCASDataConnectorDataTypes

	// The tenant id to connect to, and get the data from.
	TenantID *string
}

MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties.

func (MCASDataConnectorProperties) MarshalJSON added in v1.1.0 

func (m MCASDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MCASDataConnectorProperties.

func (*MCASDataConnectorProperties) UnmarshalJSON added in v1.1.0 

func (m *MCASDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnectorProperties.

type MDATPDataConnector 

type MDATPDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind

	// Etag of the azure resource
	Etag *string

	// MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
	Properties *MDATPDataConnectorProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

MDATPDataConnector - Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

func (*MDATPDataConnector) GetDataConnector 

func (m *MDATPDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type MDATPDataConnector.

func (MDATPDataConnector) MarshalJSON 

func (m MDATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MDATPDataConnector.

func (*MDATPDataConnector) UnmarshalJSON 

func (m *MDATPDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnector.

type MDATPDataConnectorProperties 

type MDATPDataConnectorProperties struct {
	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector

	// The tenant id to connect to, and get the data from.
	TenantID *string
}

MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.

func (MDATPDataConnectorProperties) MarshalJSON added in v1.1.0 

func (m MDATPDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MDATPDataConnectorProperties.

func (*MDATPDataConnectorProperties) UnmarshalJSON added in v1.1.0 

func (m *MDATPDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnectorProperties.

type MailClusterEntity 

type MailClusterEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// Mail cluster entity properties
	Properties *MailClusterEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

MailClusterEntity - Represents a mail cluster entity.

func (*MailClusterEntity) GetEntity 

func (m *MailClusterEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MailClusterEntity.

func (MailClusterEntity) MarshalJSON 

func (m MailClusterEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailClusterEntity.

func (*MailClusterEntity) UnmarshalJSON 

func (m *MailClusterEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntity.

type MailClusterEntityProperties 

type MailClusterEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The cluster group
	ClusterGroup *string

	// READ-ONLY; The cluster query end time
	ClusterQueryEndTime *time.Time

	// READ-ONLY; The cluster query start time
	ClusterQueryStartTime *time.Time

	// READ-ONLY; The id of the cluster source
	ClusterSourceIdentifier *string

	// READ-ONLY; The type of the cluster source
	ClusterSourceType *string

	// READ-ONLY; Count of mail messages by DeliveryStatus string representation
	CountByDeliveryStatus any

	// READ-ONLY; Count of mail messages by ProtectionStatus string representation
	CountByProtectionStatus any

	// READ-ONLY; Count of mail messages by ThreatType string representation
	CountByThreatType any

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; Is this a volume anomaly mail cluster
	IsVolumeAnomaly *bool

	// READ-ONLY; The number of mail messages that are part of the mail cluster
	MailCount *int32

	// READ-ONLY; The mail message IDs that are part of the mail cluster
	NetworkMessageIDs []*string

	// READ-ONLY; The query that was used to identify the messages of the mail cluster
	Query *string

	// READ-ONLY; The query time
	QueryTime *time.Time

	// READ-ONLY; The source of the mail cluster (default is 'O365 ATP')
	Source *string

	// READ-ONLY; The threats of mail messages that are part of the mail cluster
	Threats []*string
}

MailClusterEntityProperties - Mail cluster entity property bag.

func (MailClusterEntityProperties) MarshalJSON 

func (m MailClusterEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailClusterEntityProperties.

func (*MailClusterEntityProperties) UnmarshalJSON 

func (m *MailClusterEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntityProperties.

type MailMessageEntity 

type MailMessageEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// Mail message entity properties
	Properties *MailMessageEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

MailMessageEntity - Represents a mail message entity.

func (*MailMessageEntity) GetEntity 

func (m *MailMessageEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MailMessageEntity.

func (MailMessageEntity) MarshalJSON 

func (m MailMessageEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailMessageEntity.

func (*MailMessageEntity) UnmarshalJSON 

func (m *MailMessageEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntity.

type MailMessageEntityProperties 

type MailMessageEntityProperties struct {
	// The directionality of this mail message
	AntispamDirection *AntispamMailDirection

	// The bodyFingerprintBin1
	BodyFingerprintBin1 *int32

	// The bodyFingerprintBin2
	BodyFingerprintBin2 *int32

	// The bodyFingerprintBin3
	BodyFingerprintBin3 *int32

	// The bodyFingerprintBin4
	BodyFingerprintBin4 *int32

	// The bodyFingerprintBin5
	BodyFingerprintBin5 *int32

	// The delivery action of this mail message like Delivered, Blocked, Replaced etc
	DeliveryAction *DeliveryAction

	// The delivery location of this mail message like Inbox, JunkFolder etc
	DeliveryLocation *DeliveryLocation

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The File entity ids of this mail message's attachments
	FileEntityIDs []*string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The internet message id of this mail message
	InternetMessageID *string

	// READ-ONLY; The language of this mail message
	Language *string

	// READ-ONLY; The network message id of this mail message
	NetworkMessageID *string

	// READ-ONLY; The p1 sender's email address
	P1Sender *string

	// READ-ONLY; The p1 sender's display name
	P1SenderDisplayName *string

	// READ-ONLY; The p1 sender's domain
	P1SenderDomain *string

	// READ-ONLY; The p2 sender's email address
	P2Sender *string

	// READ-ONLY; The p2 sender's display name
	P2SenderDisplayName *string

	// READ-ONLY; The p2 sender's domain
	P2SenderDomain *string

	// READ-ONLY; The receive date of this message
	ReceiveDate *time.Time

	// READ-ONLY; The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and
	// each copy has one recipient
	Recipient *string

	// READ-ONLY; The sender's IP address
	SenderIP *string

	// READ-ONLY; The subject of this mail message
	Subject *string

	// READ-ONLY; The threat detection methods
	ThreatDetectionMethods []*string

	// READ-ONLY; The threats of this mail message
	Threats []*string

	// READ-ONLY; The Urls contained in this mail message
	Urls []*string
}

MailMessageEntityProperties - Mail message entity property bag.

func (MailMessageEntityProperties) MarshalJSON 

func (m MailMessageEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailMessageEntityProperties.

func (*MailMessageEntityProperties) UnmarshalJSON 

func (m *MailMessageEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntityProperties.

type MailboxEntity 

type MailboxEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// Mailbox entity properties
	Properties *MailboxEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

MailboxEntity - Represents a mailbox entity.

func (*MailboxEntity) GetEntity 

func (m *MailboxEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MailboxEntity.

func (MailboxEntity) MarshalJSON 

func (m MailboxEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailboxEntity.

func (*MailboxEntity) UnmarshalJSON 

func (m *MailboxEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntity.

type MailboxEntityProperties 

type MailboxEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The mailbox's display name
	DisplayName *string

	// READ-ONLY; The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox
	// object on office side
	ExternalDirectoryObjectID *string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The mailbox's primary address
	MailboxPrimaryAddress *string

	// READ-ONLY; The mailbox's UPN
	Upn *string
}

MailboxEntityProperties - Mailbox entity property bag.

func (MailboxEntityProperties) MarshalJSON 

func (m MailboxEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailboxEntityProperties.

func (*MailboxEntityProperties) UnmarshalJSON added in v1.1.0 

func (m *MailboxEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntityProperties.

type MalwareEntity 

type MalwareEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// File entity properties
	Properties *MalwareEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

MalwareEntity - Represents a malware entity.

func (*MalwareEntity) GetEntity 

func (m *MalwareEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MalwareEntity.

func (MalwareEntity) MarshalJSON 

func (m MalwareEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MalwareEntity.

func (*MalwareEntity) UnmarshalJSON 

func (m *MalwareEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntity.

type MalwareEntityProperties 

type MalwareEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The malware category by the vendor, e.g. Trojan
	Category *string

	// READ-ONLY; List of linked file entity identifiers on which the malware was found
	FileEntityIDs []*string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn
	MalwareName *string

	// READ-ONLY; List of linked process entity identifiers on which the malware was found.
	ProcessEntityIDs []*string
}

MalwareEntityProperties - Malware entity property bag.

func (MalwareEntityProperties) MarshalJSON 

func (m MalwareEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MalwareEntityProperties.

func (*MalwareEntityProperties) UnmarshalJSON added in v1.1.0 

func (m *MalwareEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntityProperties.

type MatchingMethod 

type MatchingMethod string

MatchingMethod - Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. 

const (
	// MatchingMethodAllEntities - Grouping alerts into a single incident if all the entities match
	MatchingMethodAllEntities MatchingMethod = "AllEntities"
	// MatchingMethodAnyAlert - Grouping any alerts triggered by this rule into a single incident
	MatchingMethodAnyAlert MatchingMethod = "AnyAlert"
	// MatchingMethodSelected - Grouping alerts into a single incident if the selected entities, custom details and alert details
	// match
	MatchingMethodSelected MatchingMethod = "Selected"
)

func PossibleMatchingMethodValues 

func PossibleMatchingMethodValues() []MatchingMethod

PossibleMatchingMethodValues returns the possible values for the MatchingMethod const type.

type MicrosoftSecurityIncidentCreationAlertRule 

type MicrosoftSecurityIncidentCreationAlertRule struct {
	// REQUIRED; The alert rule kind
	Kind *AlertRuleKind

	// Etag of the azure resource
	Etag *string

	// MicrosoftSecurityIncidentCreation rule properties
	Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

MicrosoftSecurityIncidentCreationAlertRule - Represents MicrosoftSecurityIncidentCreation rule.

func (*MicrosoftSecurityIncidentCreationAlertRule) GetAlertRule 

func (m *MicrosoftSecurityIncidentCreationAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRule.

func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRule.

type MicrosoftSecurityIncidentCreationAlertRuleProperties 

type MicrosoftSecurityIncidentCreationAlertRuleProperties struct {
	// REQUIRED; The display name for alerts created by this alert rule.
	DisplayName *string

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool

	// REQUIRED; The alerts' productName on which the cases will be generated
	ProductFilter *MicrosoftSecurityProductName

	// The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string

	// The description of the alert rule.
	Description *string

	// the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter []*string

	// the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter []*string

	// the alerts' severities on which the cases will be generated
	SeveritiesFilter []*AlertSeverity

	// READ-ONLY; The last time that this alert has been modified.
	LastModifiedUTC *time.Time
}

MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule property bag.

func (MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties.

func (*MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties.

type MicrosoftSecurityIncidentCreationAlertRuleTemplate 

type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct {
	// REQUIRED; The alert rule kind
	Kind *AlertRuleKind

	// MicrosoftSecurityIncidentCreation rule template properties
	Properties *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

MicrosoftSecurityIncidentCreationAlertRuleTemplate - Represents MicrosoftSecurityIncidentCreation rule template.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) GetAlertRuleTemplate 

func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties 

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct {
	// REQUIRED; The alerts' productName on which the cases will be generated
	ProductFilter *MicrosoftSecurityProductName

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32

	// The description of the alert rule template.
	Description *string

	// The display name for alert rule template.
	DisplayName *string

	// the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter []*string

	// the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter []*string

	// The required data connectors for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource

	// the alerts' severities on which the cases will be generated
	SeveritiesFilter []*AlertSeverity

	// The alert rule template status.
	Status *TemplateStatus

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time

	// READ-ONLY; The time that this alert rule template was last updated.
	LastUpdatedDateUTC *time.Time
}

MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties

func (MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.

type MicrosoftSecurityProductName 

type MicrosoftSecurityProductName string

MicrosoftSecurityProductName - The alerts' productName on which the cases will be generated 

const (
	MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection"
	MicrosoftSecurityProductNameAzureAdvancedThreatProtection          MicrosoftSecurityProductName = "Azure Advanced Threat Protection"
	MicrosoftSecurityProductNameAzureSecurityCenter                    MicrosoftSecurityProductName = "Azure Security Center"
	MicrosoftSecurityProductNameAzureSecurityCenterForIoT              MicrosoftSecurityProductName = "Azure Security Center for IoT"
	MicrosoftSecurityProductNameMicrosoftCloudAppSecurity              MicrosoftSecurityProductName = "Microsoft Cloud App Security"
)

func PossibleMicrosoftSecurityProductNameValues 

func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName

PossibleMicrosoftSecurityProductNameValues returns the possible values for the MicrosoftSecurityProductName const type.

type OSFamily 

type OSFamily string

OSFamily - The operating system type. 

const (
	// OSFamilyAndroid - Host with Android operating system.
	OSFamilyAndroid OSFamily = "Android"
	// OSFamilyIOS - Host with IOS operating system.
	OSFamilyIOS OSFamily = "IOS"
	// OSFamilyLinux - Host with Linux operating system.
	OSFamilyLinux OSFamily = "Linux"
	// OSFamilyUnknown - Host with Unknown operating system.
	OSFamilyUnknown OSFamily = "Unknown"
	// OSFamilyWindows - Host with Windows operating system.
	OSFamilyWindows OSFamily = "Windows"
)

func PossibleOSFamilyValues 

func PossibleOSFamilyValues() []OSFamily

PossibleOSFamilyValues returns the possible values for the OSFamily const type.

type OfficeDataConnector 

type OfficeDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind

	// Etag of the azure resource
	Etag *string

	// Office data connector properties.
	Properties *OfficeDataConnectorProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

OfficeDataConnector - Represents office data connector.

func (*OfficeDataConnector) GetDataConnector 

func (o *OfficeDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type OfficeDataConnector.

func (OfficeDataConnector) MarshalJSON 

func (o OfficeDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnector.

func (*OfficeDataConnector) UnmarshalJSON 

func (o *OfficeDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnector.

type OfficeDataConnectorDataTypes 

type OfficeDataConnectorDataTypes struct {
	// Exchange data type connection.
	Exchange *OfficeDataConnectorDataTypesExchange

	// SharePoint data type connection.
	SharePoint *OfficeDataConnectorDataTypesSharePoint

	// Teams data type connection.
	Teams *OfficeDataConnectorDataTypesTeams
}

OfficeDataConnectorDataTypes - The available data types for office data connector.

func (OfficeDataConnectorDataTypes) MarshalJSON added in v1.1.0 

func (o OfficeDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypes.

func (*OfficeDataConnectorDataTypes) UnmarshalJSON added in v1.1.0 

func (o *OfficeDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypes.

type OfficeDataConnectorDataTypesExchange 

type OfficeDataConnectorDataTypesExchange struct {
	// Describe whether this data type connection is enabled or not.
	State *DataTypeState
}

OfficeDataConnectorDataTypesExchange - Exchange data type connection.

func (OfficeDataConnectorDataTypesExchange) MarshalJSON added in v1.1.0 

func (o OfficeDataConnectorDataTypesExchange) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesExchange.

func (*OfficeDataConnectorDataTypesExchange) UnmarshalJSON added in v1.1.0 

func (o *OfficeDataConnectorDataTypesExchange) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesExchange.

type OfficeDataConnectorDataTypesSharePoint 

type OfficeDataConnectorDataTypesSharePoint struct {
	// Describe whether this data type connection is enabled or not.
	State *DataTypeState
}

OfficeDataConnectorDataTypesSharePoint - SharePoint data type connection.

func (OfficeDataConnectorDataTypesSharePoint) MarshalJSON added in v1.1.0 

func (o OfficeDataConnectorDataTypesSharePoint) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesSharePoint.

func (*OfficeDataConnectorDataTypesSharePoint) UnmarshalJSON added in v1.1.0 

func (o *OfficeDataConnectorDataTypesSharePoint) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesSharePoint.

type OfficeDataConnectorDataTypesTeams 

type OfficeDataConnectorDataTypesTeams struct {
	// Describe whether this data type connection is enabled or not.
	State *DataTypeState
}

OfficeDataConnectorDataTypesTeams - Teams data type connection.

func (OfficeDataConnectorDataTypesTeams) MarshalJSON added in v1.1.0 

func (o OfficeDataConnectorDataTypesTeams) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesTeams.

func (*OfficeDataConnectorDataTypesTeams) UnmarshalJSON added in v1.1.0 

func (o *OfficeDataConnectorDataTypesTeams) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesTeams.

type OfficeDataConnectorProperties 

type OfficeDataConnectorProperties struct {
	// The available data types for the connector.
	DataTypes *OfficeDataConnectorDataTypes

	// The tenant id to connect to, and get the data from.
	TenantID *string
}

OfficeDataConnectorProperties - Office data connector properties.

func (OfficeDataConnectorProperties) MarshalJSON added in v1.1.0 

func (o OfficeDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorProperties.

func (*OfficeDataConnectorProperties) UnmarshalJSON added in v1.1.0 

func (o *OfficeDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorProperties.

type Operation 

type Operation struct {
	// Properties of the operation
	Display *OperationDisplay

	// Indicates whether the operation is a data action
	IsDataAction *bool

	// Name of the operation
	Name *string

	// The origin of the operation
	Origin *string
}

Operation provided by provider

func (Operation) MarshalJSON added in v1.1.0 

func (o Operation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Operation.

func (*Operation) UnmarshalJSON added in v1.1.0 

func (o *Operation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Operation.

type OperationDisplay 

type OperationDisplay struct {
	// Description of the operation
	Description *string

	// Operation name
	Operation *string

	// Provider name
	Provider *string

	// Resource name
	Resource *string
}

OperationDisplay - Properties of the operation

func (OperationDisplay) MarshalJSON added in v1.1.0 

func (o OperationDisplay) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OperationDisplay.

func (*OperationDisplay) UnmarshalJSON added in v1.1.0 

func (o *OperationDisplay) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OperationDisplay.

type OperationsClient 

type OperationsClient struct {
	// contains filtered or unexported fields
}

OperationsClient contains the methods for the Operations group. Don't use this type directly, use NewOperationsClient() instead.

func NewOperationsClient 

func NewOperationsClient(credential azcore.TokenCredential, options *arm.ClientOptions) (*OperationsClient, error)

NewOperationsClient creates a new instance of OperationsClient with the specified values.

  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*OperationsClient) NewListPager added in v0.3.0 

func (client *OperationsClient) NewListPager(options *OperationsClientListOptions) *runtime.Pager[OperationsClientListResponse]

NewListPager - Lists all operations available Azure Security Insights Resource Provider.

Generated from API version 2021-10-01

  • options - OperationsClientListOptions contains the optional parameters for the OperationsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/operations/ListOperations.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewOperationsClient().NewListPager(nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.OperationsList = armsecurityinsights.OperationsList{
		// 	Value: []*armsecurityinsights.Operation{
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/operations/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets operations"),
		// 				Operation: to.Ptr("Get Operations"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Operations"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/automationRules/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets an automation rule"),
		// 				Operation: to.Ptr("Get Automation Rules"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("AutomationRules"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/automationRules/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates an automation rule"),
		// 				Operation: to.Ptr("Update Automation Rules"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("AutomationRules"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/automationRules/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes an automation rule"),
		// 				Operation: to.Ptr("Delete Automation Rules"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("AutomationRules"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets bookmarks"),
		// 				Operation: to.Ptr("Get Bookmarks"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Bookmarks"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates bookmarks"),
		// 				Operation: to.Ptr("Update Bookmarks"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Bookmarks"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes bookmarks"),
		// 				Operation: to.Ptr("Delete Bookmarks"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Bookmarks"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/expand/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets related entities of an entity by a specific expansion"),
		// 				Operation: to.Ptr("Expand on entity"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Bookmarks"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets a bookmark relation"),
		// 				Operation: to.Ptr("Get Bookmark Relations"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Bookmark Relations"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates a bookmark relation"),
		// 				Operation: to.Ptr("Update Bookmark Relations"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Bookmark Relations"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes a bookmark relation"),
		// 				Operation: to.Ptr("Delete Bookmark Relations"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Bookmark Relations"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets the alert rules"),
		// 				Operation: to.Ptr("Get Alert Rules"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Alert Rules"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates alert rules"),
		// 				Operation: to.Ptr("Update Alert Rules"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Alert Rules"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes alert rules"),
		// 				Operation: to.Ptr("Delete Alert Rules"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Alert Rules"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/actions/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets the response actions of an alert rule"),
		// 				Operation: to.Ptr("Get Alert Rule Response Actions"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Alert Rules Actions"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/actions/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates the response actions of an alert rule"),
		// 				Operation: to.Ptr("Update Alert Rule Response Actions"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Alert Rules Actions"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/actions/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes the response actions of an alert rule"),
		// 				Operation: to.Ptr("Delete Alert Rule Response Actions"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Alert Rules Actions"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/dataConnectors/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets the data connectors"),
		// 				Operation: to.Ptr("Get Data Connectors"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("DataConnectors"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/dataConnectors/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates a data connector"),
		// 				Operation: to.Ptr("Update Data Connectors"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("DataConnectors"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/dataConnectors/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes a data connector"),
		// 				Operation: to.Ptr("Delete a Data Connector"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("DataConnectors"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Check user authorization and license"),
		// 				Operation: to.Ptr("Check user authorization and license"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("DataConnectorsCheckRequirements"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets an incident"),
		// 				Operation: to.Ptr("Get Incidents"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Incidents"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates an incident"),
		// 				Operation: to.Ptr("Update Incidents"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Incidents"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes an incident"),
		// 				Operation: to.Ptr("Delete Incidents"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Incidents"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/comments/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets the incident comments"),
		// 				Operation: to.Ptr("Get Incident Comments"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Incident Comments"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/comments/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Creates a comment on the incident"),
		// 				Operation: to.Ptr("Create Incident Comments"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Incident Comments"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/comments/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes a comment on the incident"),
		// 				Operation: to.Ptr("Delete Incident Comment"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Incident Comments"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/relations/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets a relation between the incident and related resources"),
		// 				Operation: to.Ptr("Get Incident Relations"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Incident Relations"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/relations/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates a relation between the incident and related resources"),
		// 				Operation: to.Ptr("Update Incident Relations"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Incident Relations"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/relations/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes a relation between the incident and related resources"),
		// 				Operation: to.Ptr("Delete Incident Relations"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Incident Relations"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets Threat Intelligence"),
		// 				Operation: to.Ptr("Get Threat Intelligence"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates Threat Intelligence"),
		// 				Operation: to.Ptr("Update Threat Intelligence"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes Threat Intelligence"),
		// 				Operation: to.Ptr("Delete Threat Intelligence"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/query/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Query Threat Intelligence"),
		// 				Operation: to.Ptr("Query Threat Intelligence"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/metrics/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Collect Threat Intelligence Metrics"),
		// 				Operation: to.Ptr("Collect Threat Intelligence Metrics"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/bulkDelete/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Bulk Delete Threat Intelligence"),
		// 				Operation: to.Ptr("Bulk Delete Threat Intelligence"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/bulkTag/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Bulk Tags Threat Intelligence"),
		// 				Operation: to.Ptr("Bulk Tags Threat Intelligence"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates Threat Intelligence Indicators"),
		// 				Operation: to.Ptr("Update Threat Intelligence Indicators"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes Threat Intelligence Indicators"),
		// 				Operation: to.Ptr("Delete Threat Intelligence Indicators"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/query/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Query Threat Intelligence Indicators"),
		// 				Operation: to.Ptr("Query Threat Intelligence Indicators"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Get Threat Intelligence Indicator Metrics"),
		// 				Operation: to.Ptr("Get Threat Intelligence Indicator Metrics"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Bulk Delete Threat Intelligence Indicators"),
		// 				Operation: to.Ptr("Bulk Delete Threat Intelligence Indicators"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Bulk Tags Threat Intelligence Indicators"),
		// 				Operation: to.Ptr("Bulk Tags Threat Intelligence Indicators"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets Threat Intelligence Indicators"),
		// 				Operation: to.Ptr("Get Threat Intelligence Indicators"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/metrics/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Collect Threat Intelligence Metrics"),
		// 				Operation: to.Ptr("Collect Threat Intelligence Metrics"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/createIndicator/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Create Threat Intelligence Indicator"),
		// 				Operation: to.Ptr("Create Threat Intelligence Indicator"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Append tags to Threat Intelligence Indicator"),
		// 				Operation: to.Ptr("Append tags to Threat Intelligence Indicator"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Replace Tags of Threat Intelligence Indicator"),
		// 				Operation: to.Ptr("Replace Tags of Threat Intelligence Indicator"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/queryIndicators/action"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Query Threat Intelligence Indicators"),
		// 				Operation: to.Ptr("Query Threat Intelligence Indicators"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("ThreatIntelligence"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/Watchlists/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets Watchlists"),
		// 				Operation: to.Ptr("Get Watchlists"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Watchlists"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/Watchlists/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Create Watchlists"),
		// 				Operation: to.Ptr("Create Watchlists"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Watchlists"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/Watchlists/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes Watchlists"),
		// 				Operation: to.Ptr("Delete Watchlists"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Watchlists"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/onboardingStates/read"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Gets an onboarding state"),
		// 				Operation: to.Ptr("Get Onboarding States"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Onboarding States"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/onboardingStates/write"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Updates an onboarding state"),
		// 				Operation: to.Ptr("Update Onboarding States"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Onboarding States"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 		},
		// 		{
		// 			Name: to.Ptr("Microsoft.SecurityInsights/onboardingStates/delete"),
		// 			Display: &armsecurityinsights.OperationDisplay{
		// 				Description: to.Ptr("Deletes an onboarding state"),
		// 				Operation: to.Ptr("Delete Onboarding States"),
		// 				Provider: to.Ptr("Microsoft Security Insights"),
		// 				Resource: to.Ptr("Onboarding States"),
		// 			},
		// 			Origin: to.Ptr("user"),
		// 	}},
		// }
	}
}

Output:

type OperationsClientListOptions 

type OperationsClientListOptions struct {
}

OperationsClientListOptions contains the optional parameters for the OperationsClient.NewListPager method.

type OperationsClientListResponse 

type OperationsClientListResponse struct {
	// Lists the operations available in the SecurityInsights RP.
	OperationsList
}

OperationsClientListResponse contains the response from method OperationsClient.NewListPager.

type OperationsList 

type OperationsList struct {
	// REQUIRED; Array of operations
	Value []*Operation

	// READ-ONLY; URL to fetch the next set of operations.
	NextLink *string
}

OperationsList - Lists the operations available in the SecurityInsights RP.

func (OperationsList) MarshalJSON 

func (o OperationsList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OperationsList.

func (*OperationsList) UnmarshalJSON added in v1.1.0 

func (o *OperationsList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OperationsList.

type OwnerType 

type OwnerType string

OwnerType - The type of the owner the incident is assigned to. 

const (
	// OwnerTypeGroup - The incident owner type is an AAD group
	OwnerTypeGroup OwnerType = "Group"
	// OwnerTypeUnknown - The incident owner type is unknown
	OwnerTypeUnknown OwnerType = "Unknown"
	// OwnerTypeUser - The incident owner type is an AAD user
	OwnerTypeUser OwnerType = "User"
)

func PossibleOwnerTypeValues 

func PossibleOwnerTypeValues() []OwnerType

PossibleOwnerTypeValues returns the possible values for the OwnerType const type.

type PlaybookActionProperties 

type PlaybookActionProperties struct {
	// REQUIRED; The resource id of the playbook resource
	LogicAppResourceID *string

	// The tenant id of the playbook resource
	TenantID *string
}

func (PlaybookActionProperties) MarshalJSON added in v1.1.0 

func (p PlaybookActionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type PlaybookActionProperties.

func (*PlaybookActionProperties) UnmarshalJSON added in v1.1.0 

func (p *PlaybookActionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type PlaybookActionProperties.

type ProcessEntity 

type ProcessEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// Process entity properties
	Properties *ProcessEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

ProcessEntity - Represents a process entity.

func (*ProcessEntity) GetEntity 

func (p *ProcessEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type ProcessEntity.

func (ProcessEntity) MarshalJSON 

func (p ProcessEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ProcessEntity.

func (*ProcessEntity) UnmarshalJSON 

func (p *ProcessEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntity.

type ProcessEntityProperties 

type ProcessEntityProperties struct {
	// The elevation token associated with the process.
	ElevationToken *ElevationToken

	// READ-ONLY; The account entity id running the processes.
	AccountEntityID *string

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The command line used to create the process
	CommandLine *string

	// READ-ONLY; The time when the process started to run
	CreationTimeUTC *time.Time

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The host entity id on which the process was running
	HostEntityID *string

	// READ-ONLY; The session entity id in which the process was running
	HostLogonSessionEntityID *string

	// READ-ONLY; Image file entity id
	ImageFileEntityID *string

	// READ-ONLY; The parent process entity id.
	ParentProcessEntityID *string

	// READ-ONLY; The process ID
	ProcessID *string
}

ProcessEntityProperties - Process entity property bag.

func (ProcessEntityProperties) MarshalJSON 

func (p ProcessEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ProcessEntityProperties.

func (*ProcessEntityProperties) UnmarshalJSON 

func (p *ProcessEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntityProperties.

type PropertyConditionProperties 

type PropertyConditionProperties struct {
	// REQUIRED
	ConditionType       *ConditionType
	ConditionProperties *AutomationRulePropertyValuesCondition
}

PropertyConditionProperties - Describes an automation rule condition that evaluates a property's value

func (*PropertyConditionProperties) GetAutomationRuleCondition 

func (p *PropertyConditionProperties) GetAutomationRuleCondition() *AutomationRuleCondition

GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type PropertyConditionProperties.

func (PropertyConditionProperties) MarshalJSON 

func (p PropertyConditionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type PropertyConditionProperties.

func (*PropertyConditionProperties) UnmarshalJSON 

func (p *PropertyConditionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type PropertyConditionProperties.

type RegistryHive 

type RegistryHive string

RegistryHive - the hive that holds the registry key. 

const (
	// RegistryHiveHKEYA - HKEY_A
	RegistryHiveHKEYA RegistryHive = "HKEY_A"
	// RegistryHiveHKEYCLASSESROOT - HKEY_CLASSES_ROOT
	RegistryHiveHKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT"
	// RegistryHiveHKEYCURRENTCONFIG - HKEY_CURRENT_CONFIG
	RegistryHiveHKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG"
	// RegistryHiveHKEYCURRENTUSER - HKEY_CURRENT_USER
	RegistryHiveHKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER"
	// RegistryHiveHKEYCURRENTUSERLOCALSETTINGS - HKEY_CURRENT_USER_LOCAL_SETTINGS
	RegistryHiveHKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS"
	// RegistryHiveHKEYLOCALMACHINE - HKEY_LOCAL_MACHINE
	RegistryHiveHKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE"
	// RegistryHiveHKEYPERFORMANCEDATA - HKEY_PERFORMANCE_DATA
	RegistryHiveHKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA"
	// RegistryHiveHKEYPERFORMANCENLSTEXT - HKEY_PERFORMANCE_NLSTEXT
	RegistryHiveHKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT"
	// RegistryHiveHKEYPERFORMANCETEXT - HKEY_PERFORMANCE_TEXT
	RegistryHiveHKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT"
	// RegistryHiveHKEYUSERS - HKEY_USERS
	RegistryHiveHKEYUSERS RegistryHive = "HKEY_USERS"
)

func PossibleRegistryHiveValues 

func PossibleRegistryHiveValues() []RegistryHive

PossibleRegistryHiveValues returns the possible values for the RegistryHive const type.

type RegistryKeyEntity 

type RegistryKeyEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// RegistryKey entity properties
	Properties *RegistryKeyEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

RegistryKeyEntity - Represents a registry key entity.

func (*RegistryKeyEntity) GetEntity 

func (r *RegistryKeyEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type RegistryKeyEntity.

func (RegistryKeyEntity) MarshalJSON 

func (r RegistryKeyEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntity.

func (*RegistryKeyEntity) UnmarshalJSON 

func (r *RegistryKeyEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RegistryKeyEntity.

type RegistryKeyEntityProperties 

type RegistryKeyEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; the hive that holds the registry key.
	Hive *RegistryHive

	// READ-ONLY; The registry key path.
	Key *string
}

RegistryKeyEntityProperties - RegistryKey entity property bag.

func (RegistryKeyEntityProperties) MarshalJSON 

func (r RegistryKeyEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntityProperties.

func (*RegistryKeyEntityProperties) UnmarshalJSON added in v1.1.0 

func (r *RegistryKeyEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RegistryKeyEntityProperties.

type RegistryValueEntity 

type RegistryValueEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// RegistryKey entity properties
	Properties *RegistryValueEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

RegistryValueEntity - Represents a registry value entity.

func (*RegistryValueEntity) GetEntity 

func (r *RegistryValueEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type RegistryValueEntity.

func (RegistryValueEntity) MarshalJSON 

func (r RegistryValueEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryValueEntity.

func (*RegistryValueEntity) UnmarshalJSON 

func (r *RegistryValueEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RegistryValueEntity.

type RegistryValueEntityProperties 

type RegistryValueEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The registry key entity id.
	KeyEntityID *string

	// READ-ONLY; String formatted representation of the value data.
	ValueData *string

	// READ-ONLY; The registry value name.
	ValueName *string

	// READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value
	// in the registry.
	ValueType *RegistryValueKind
}

RegistryValueEntityProperties - RegistryValue entity property bag.

func (RegistryValueEntityProperties) MarshalJSON 

func (r RegistryValueEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryValueEntityProperties.

func (*RegistryValueEntityProperties) UnmarshalJSON added in v1.1.0 

func (r *RegistryValueEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RegistryValueEntityProperties.

type RegistryValueKind 

type RegistryValueKind string

RegistryValueKind - Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. 

const (
	// RegistryValueKindBinary - Binary value type
	RegistryValueKindBinary RegistryValueKind = "Binary"
	// RegistryValueKindDWord - DWord value type
	RegistryValueKindDWord RegistryValueKind = "DWord"
	// RegistryValueKindExpandString - ExpandString value type
	RegistryValueKindExpandString RegistryValueKind = "ExpandString"
	// RegistryValueKindMultiString - MultiString value type
	RegistryValueKindMultiString RegistryValueKind = "MultiString"
	// RegistryValueKindNone - None
	RegistryValueKindNone RegistryValueKind = "None"
	// RegistryValueKindQWord - QWord value type
	RegistryValueKindQWord RegistryValueKind = "QWord"
	// RegistryValueKindString - String value type
	RegistryValueKindString RegistryValueKind = "String"
	// RegistryValueKindUnknown - Unknown value type
	RegistryValueKindUnknown RegistryValueKind = "Unknown"
)

func PossibleRegistryValueKindValues 

func PossibleRegistryValueKindValues() []RegistryValueKind

PossibleRegistryValueKindValues returns the possible values for the RegistryValueKind const type.

type Relation 

type Relation struct {
	// Etag of the azure resource
	Etag *string

	// Relation properties
	Properties *RelationProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

Relation - Represents a relation between two resources

func (Relation) MarshalJSON added in v1.1.0 

func (r Relation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Relation.

func (*Relation) UnmarshalJSON added in v1.1.0 

func (r *Relation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Relation.

type RelationList 

type RelationList struct {
	// REQUIRED; Array of relations.
	Value []*Relation

	// READ-ONLY; URL to fetch the next set of relations.
	NextLink *string
}

RelationList - List of relations.

func (RelationList) MarshalJSON 

func (r RelationList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RelationList.

func (*RelationList) UnmarshalJSON added in v1.1.0 

func (r *RelationList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RelationList.

type RelationProperties 

type RelationProperties struct {
	// REQUIRED; The resource ID of the related resource
	RelatedResourceID *string

	// READ-ONLY; The resource kind of the related resource
	RelatedResourceKind *string

	// READ-ONLY; The name of the related resource
	RelatedResourceName *string

	// READ-ONLY; The resource type of the related resource
	RelatedResourceType *string
}

RelationProperties - Relation property bag.

func (RelationProperties) MarshalJSON added in v1.1.0 

func (r RelationProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RelationProperties.

func (*RelationProperties) UnmarshalJSON added in v1.1.0 

func (r *RelationProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RelationProperties.

type ScheduledAlertRule 

type ScheduledAlertRule struct {
	// REQUIRED; The alert rule kind
	Kind *AlertRuleKind

	// Etag of the azure resource
	Etag *string

	// Scheduled alert rule properties
	Properties *ScheduledAlertRuleProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

ScheduledAlertRule - Represents scheduled alert rule.

func (*ScheduledAlertRule) GetAlertRule 

func (s *ScheduledAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type ScheduledAlertRule.

func (ScheduledAlertRule) MarshalJSON 

func (s ScheduledAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRule.

func (*ScheduledAlertRule) UnmarshalJSON 

func (s *ScheduledAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRule.

type ScheduledAlertRuleProperties 

type ScheduledAlertRuleProperties struct {
	// REQUIRED; The display name for alerts created by this alert rule.
	DisplayName *string

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool

	// REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string

	// REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool

	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride

	// The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string

	// The description of the alert rule.
	Description *string

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping

	// The event grouping settings.
	EventGroupingSettings *EventGroupingSettings

	// The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration

	// The query that creates alerts for this rule.
	Query *string

	// The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string

	// The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity

	// The tactics of the alert rule
	Tactics []*AttackTactic

	// The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0
	TemplateVersion *string

	// The operation against the threshold that triggers alert rule.
	TriggerOperator *TriggerOperator

	// The threshold triggers this alert rule.
	TriggerThreshold *int32

	// READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUTC *time.Time
}

ScheduledAlertRuleProperties - Scheduled alert rule base property bag.

func (ScheduledAlertRuleProperties) MarshalJSON 

func (s ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleProperties.

func (*ScheduledAlertRuleProperties) UnmarshalJSON 

func (s *ScheduledAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleProperties.

type ScheduledAlertRuleTemplate 

type ScheduledAlertRuleTemplate struct {
	// REQUIRED; The alert rule kind
	Kind *AlertRuleKind

	// Scheduled alert rule template properties
	Properties *ScheduledAlertRuleTemplateProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

ScheduledAlertRuleTemplate - Represents scheduled alert rule template.

func (*ScheduledAlertRuleTemplate) GetAlertRuleTemplate 

func (s *ScheduledAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) MarshalJSON 

func (s ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplate.

func (*ScheduledAlertRuleTemplate) UnmarshalJSON 

func (s *ScheduledAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplate.

type ScheduledAlertRuleTemplateProperties 

type ScheduledAlertRuleTemplateProperties struct {
	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string

	// The description of the alert rule template.
	Description *string

	// The display name for alert rule template.
	DisplayName *string

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping

	// The event grouping settings.
	EventGroupingSettings *EventGroupingSettings

	// The query that creates alerts for this rule.
	Query *string

	// The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string

	// The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string

	// The required data connectors for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity

	// The alert rule template status.
	Status *TemplateStatus

	// The tactics of the alert rule template
	Tactics []*AttackTactic

	// The operation against the threshold that triggers alert rule.
	TriggerOperator *TriggerOperator

	// The threshold triggers this alert rule.
	TriggerThreshold *int32

	// The version of this template - in format , where all are numbers. For example .
	Version *string

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time

	// READ-ONLY; The time that this alert rule template was last updated.
	LastUpdatedDateUTC *time.Time
}

ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties

func (ScheduledAlertRuleTemplateProperties) MarshalJSON 

func (s ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplateProperties.

func (*ScheduledAlertRuleTemplateProperties) UnmarshalJSON 

func (s *ScheduledAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplateProperties.

type SecurityAlert 

type SecurityAlert struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// SecurityAlert entity properties
	Properties *SecurityAlertProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

SecurityAlert - Represents a security alert entity.

func (*SecurityAlert) GetEntity 

func (s *SecurityAlert) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type SecurityAlert.

func (SecurityAlert) MarshalJSON 

func (s SecurityAlert) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityAlert.

func (*SecurityAlert) UnmarshalJSON 

func (s *SecurityAlert) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlert.

type SecurityAlertProperties 

type SecurityAlertProperties struct {
	// The severity of the alert
	Severity *AlertSeverity

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The display name of the alert.
	AlertDisplayName *string

	// READ-ONLY; The uri link of the alert.
	AlertLink *string

	// READ-ONLY; The type name of the alert.
	AlertType *string

	// READ-ONLY; Display name of the main entity being reported on.
	CompromisedEntity *string

	// READ-ONLY; The confidence level of this alert.
	ConfidenceLevel *ConfidenceLevel

	// READ-ONLY; The confidence reasons
	ConfidenceReasons []*SecurityAlertPropertiesConfidenceReasonsItem

	// READ-ONLY; The confidence score of the alert.
	ConfidenceScore *float64

	// READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not
	// applicable or final.
	ConfidenceScoreStatus *ConfidenceScoreStatus

	// READ-ONLY; Alert description.
	Description *string

	// READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert).
	EndTimeUTC *time.Time

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; Holds the alert intent stage(s) mapping for this alert.
	Intent *KillChainIntent

	// READ-ONLY; The time the alert was made available for consumption.
	ProcessingEndTime *time.Time

	// READ-ONLY; The name of a component inside the product which generated the alert.
	ProductComponentName *string

	// READ-ONLY; The name of the product which published this alert.
	ProductName *string

	// READ-ONLY; The version of the product generating the alert.
	ProductVersion *string

	// READ-ONLY; The identifier of the alert inside the product which generated the alert.
	ProviderAlertID *string

	// READ-ONLY; Manual action items to take to remediate the alert.
	RemediationSteps []*string

	// READ-ONLY; The list of resource identifiers of the alert.
	ResourceIdentifiers []any

	// READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert).
	StartTimeUTC *time.Time

	// READ-ONLY; The lifecycle status of the alert.
	Status *AlertStatus

	// READ-ONLY; Holds the product identifier of the alert for the product.
	SystemAlertID *string

	// READ-ONLY; The tactics of the alert
	Tactics []*AttackTactic

	// READ-ONLY; The time the alert was generated.
	TimeGenerated *time.Time

	// READ-ONLY; The name of the vendor that raise the alert.
	VendorName *string
}

SecurityAlertProperties - SecurityAlert entity property bag.

func (SecurityAlertProperties) MarshalJSON 

func (s SecurityAlertProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityAlertProperties.

func (*SecurityAlertProperties) UnmarshalJSON 

func (s *SecurityAlertProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertProperties.

type SecurityAlertPropertiesConfidenceReasonsItem 

type SecurityAlertPropertiesConfidenceReasonsItem struct {
	// READ-ONLY; The reason's description
	Reason *string

	// READ-ONLY; The type (category) of the reason
	ReasonType *string
}

SecurityAlertPropertiesConfidenceReasonsItem - confidence reason item

func (SecurityAlertPropertiesConfidenceReasonsItem) MarshalJSON added in v1.1.0 

func (s SecurityAlertPropertiesConfidenceReasonsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityAlertPropertiesConfidenceReasonsItem.

func (*SecurityAlertPropertiesConfidenceReasonsItem) UnmarshalJSON added in v1.1.0 

func (s *SecurityAlertPropertiesConfidenceReasonsItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertPropertiesConfidenceReasonsItem.

type SecurityGroupEntity 

type SecurityGroupEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// SecurityGroup entity properties
	Properties *SecurityGroupEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

SecurityGroupEntity - Represents a security group entity.

func (*SecurityGroupEntity) GetEntity 

func (s *SecurityGroupEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type SecurityGroupEntity.

func (SecurityGroupEntity) MarshalJSON 

func (s SecurityGroupEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntity.

func (*SecurityGroupEntity) UnmarshalJSON 

func (s *SecurityGroupEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityGroupEntity.

type SecurityGroupEntityProperties 

type SecurityGroupEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The group distinguished name
	DistinguishedName *string

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *string

	// READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group
	Sid *string
}

SecurityGroupEntityProperties - SecurityGroup entity property bag.

func (SecurityGroupEntityProperties) MarshalJSON 

func (s SecurityGroupEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntityProperties.

func (*SecurityGroupEntityProperties) UnmarshalJSON added in v1.1.0 

func (s *SecurityGroupEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityGroupEntityProperties.

type SentinelOnboardingState 

type SentinelOnboardingState struct {
	// Etag of the azure resource
	Etag *string

	// The Sentinel onboarding state object
	Properties *SentinelOnboardingStateProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

SentinelOnboardingState - Sentinel onboarding state

func (SentinelOnboardingState) MarshalJSON added in v1.1.0 

func (s SentinelOnboardingState) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingState.

func (*SentinelOnboardingState) UnmarshalJSON added in v1.1.0 

func (s *SentinelOnboardingState) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingState.

type SentinelOnboardingStateProperties 

type SentinelOnboardingStateProperties struct {
	// Flag that indicates the status of the CMK setting
	CustomerManagedKey *bool
}

SentinelOnboardingStateProperties - The Sentinel onboarding state properties

func (SentinelOnboardingStateProperties) MarshalJSON added in v1.1.0 

func (s SentinelOnboardingStateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingStateProperties.

func (*SentinelOnboardingStateProperties) UnmarshalJSON added in v1.1.0 

func (s *SentinelOnboardingStateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingStateProperties.

type SentinelOnboardingStatesClient 

type SentinelOnboardingStatesClient struct {
	// contains filtered or unexported fields
}

SentinelOnboardingStatesClient contains the methods for the SentinelOnboardingStates group. Don't use this type directly, use NewSentinelOnboardingStatesClient() instead.

func NewSentinelOnboardingStatesClient 

func NewSentinelOnboardingStatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SentinelOnboardingStatesClient, error)

NewSentinelOnboardingStatesClient creates a new instance of SentinelOnboardingStatesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*SentinelOnboardingStatesClient) Create 

func (client *SentinelOnboardingStatesClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientCreateOptions) (SentinelOnboardingStatesClientCreateResponse, error)

Create - Create Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default
  • options - SentinelOnboardingStatesClientCreateOptions contains the optional parameters for the SentinelOnboardingStatesClient.Create method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/onboardingStates/CreateSentinelOnboardingState.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSentinelOnboardingStatesClient().Create(ctx, "myRg", "myWorkspace", "default", &armsecurityinsights.SentinelOnboardingStatesClientCreateOptions{SentinelOnboardingStateParameter: &armsecurityinsights.SentinelOnboardingState{
		Properties: &armsecurityinsights.SentinelOnboardingStateProperties{
			CustomerManagedKey: to.Ptr(false),
		},
	},
	})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SentinelOnboardingState = armsecurityinsights.SentinelOnboardingState{
	// 	Name: to.Ptr("default"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/onboardingStates"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default"),
	// 	Properties: &armsecurityinsights.SentinelOnboardingStateProperties{
	// 		CustomerManagedKey: to.Ptr(false),
	// 	},
	// }
}

Output:

func (*SentinelOnboardingStatesClient) Delete 

func (client *SentinelOnboardingStatesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientDeleteOptions) (SentinelOnboardingStatesClientDeleteResponse, error)

Delete - Delete Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default
  • options - SentinelOnboardingStatesClientDeleteOptions contains the optional parameters for the SentinelOnboardingStatesClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/onboardingStates/DeleteSentinelOnboardingState.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewSentinelOnboardingStatesClient().Delete(ctx, "myRg", "myWorkspace", "default", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*SentinelOnboardingStatesClient) Get 

func (client *SentinelOnboardingStatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientGetOptions) (SentinelOnboardingStatesClientGetResponse, error)

Get - Get Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default
  • options - SentinelOnboardingStatesClientGetOptions contains the optional parameters for the SentinelOnboardingStatesClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/onboardingStates/GetSentinelOnboardingState.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSentinelOnboardingStatesClient().Get(ctx, "myRg", "myWorkspace", "default", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SentinelOnboardingState = armsecurityinsights.SentinelOnboardingState{
	// 	Name: to.Ptr("default"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/onboardingStates"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default"),
	// 	Properties: &armsecurityinsights.SentinelOnboardingStateProperties{
	// 		CustomerManagedKey: to.Ptr(false),
	// 	},
	// }
}

Output:

func (*SentinelOnboardingStatesClient) List 

func (client *SentinelOnboardingStatesClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *SentinelOnboardingStatesClientListOptions) (SentinelOnboardingStatesClientListResponse, error)

List - Gets all Sentinel onboarding states If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/onboardingStates/GetAllSentinelOnboardingStates.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewSentinelOnboardingStatesClient().List(ctx, "myRg", "myWorkspace", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.SentinelOnboardingStatesList = armsecurityinsights.SentinelOnboardingStatesList{
	// 	Value: []*armsecurityinsights.SentinelOnboardingState{
	// 		{
	// 			Name: to.Ptr("default"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/onboardingStates"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default"),
	// 			Properties: &armsecurityinsights.SentinelOnboardingStateProperties{
	// 				CustomerManagedKey: to.Ptr(false),
	// 			},
	// 	}},
	// }
}

Output:

type SentinelOnboardingStatesClientCreateOptions 

type SentinelOnboardingStatesClientCreateOptions struct {
	// The Sentinel onboarding state parameter
	SentinelOnboardingStateParameter *SentinelOnboardingState
}

SentinelOnboardingStatesClientCreateOptions contains the optional parameters for the SentinelOnboardingStatesClient.Create method.

type SentinelOnboardingStatesClientCreateResponse 

type SentinelOnboardingStatesClientCreateResponse struct {
	// Sentinel onboarding state
	SentinelOnboardingState
}

SentinelOnboardingStatesClientCreateResponse contains the response from method SentinelOnboardingStatesClient.Create.

type SentinelOnboardingStatesClientDeleteOptions 

type SentinelOnboardingStatesClientDeleteOptions struct {
}

SentinelOnboardingStatesClientDeleteOptions contains the optional parameters for the SentinelOnboardingStatesClient.Delete method.

type SentinelOnboardingStatesClientDeleteResponse 

type SentinelOnboardingStatesClientDeleteResponse struct {
}

SentinelOnboardingStatesClientDeleteResponse contains the response from method SentinelOnboardingStatesClient.Delete.

type SentinelOnboardingStatesClientGetOptions 

type SentinelOnboardingStatesClientGetOptions struct {
}

SentinelOnboardingStatesClientGetOptions contains the optional parameters for the SentinelOnboardingStatesClient.Get method.

type SentinelOnboardingStatesClientGetResponse 

type SentinelOnboardingStatesClientGetResponse struct {
	// Sentinel onboarding state
	SentinelOnboardingState
}

SentinelOnboardingStatesClientGetResponse contains the response from method SentinelOnboardingStatesClient.Get.

type SentinelOnboardingStatesClientListOptions 

type SentinelOnboardingStatesClientListOptions struct {
}

SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List method.

type SentinelOnboardingStatesClientListResponse 

type SentinelOnboardingStatesClientListResponse struct {
	// List of the Sentinel onboarding states
	SentinelOnboardingStatesList
}

SentinelOnboardingStatesClientListResponse contains the response from method SentinelOnboardingStatesClient.List.

type SentinelOnboardingStatesList 

type SentinelOnboardingStatesList struct {
	// REQUIRED; Array of Sentinel onboarding states
	Value []*SentinelOnboardingState
}

SentinelOnboardingStatesList - List of the Sentinel onboarding states

func (SentinelOnboardingStatesList) MarshalJSON 

func (s SentinelOnboardingStatesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingStatesList.

func (*SentinelOnboardingStatesList) UnmarshalJSON added in v1.1.0 

func (s *SentinelOnboardingStatesList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingStatesList.

type Source 

type Source string

Source - The source of the watchlist 

const (
	SourceLocalFile     Source = "Local file"
	SourceRemoteStorage Source = "Remote storage"
)

func PossibleSourceValues 

func PossibleSourceValues() []Source

PossibleSourceValues returns the possible values for the Source const type.

type SubmissionMailEntity 

type SubmissionMailEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// Submission mail entity properties
	Properties *SubmissionMailEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

SubmissionMailEntity - Represents a submission mail entity.

func (*SubmissionMailEntity) GetEntity 

func (s *SubmissionMailEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type SubmissionMailEntity.

func (SubmissionMailEntity) MarshalJSON 

func (s SubmissionMailEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntity.

func (*SubmissionMailEntity) UnmarshalJSON 

func (s *SubmissionMailEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntity.

type SubmissionMailEntityProperties 

type SubmissionMailEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; The network message id of email to which submission belongs
	NetworkMessageID *string

	// READ-ONLY; The recipient of the mail
	Recipient *string

	// READ-ONLY; The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.
	ReportType *string

	// READ-ONLY; The sender of the mail
	Sender *string

	// READ-ONLY; The sender's IP
	SenderIP *string

	// READ-ONLY; The subject of submission mail
	Subject *string

	// READ-ONLY; The submission date
	SubmissionDate *time.Time

	// READ-ONLY; The submission id
	SubmissionID *string

	// READ-ONLY; The submitter
	Submitter *string

	// READ-ONLY; The Time stamp when the message is received (Mail)
	Timestamp *time.Time
}

SubmissionMailEntityProperties - Submission mail entity property bag.

func (SubmissionMailEntityProperties) MarshalJSON 

func (s SubmissionMailEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntityProperties.

func (*SubmissionMailEntityProperties) UnmarshalJSON 

func (s *SubmissionMailEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntityProperties.

type SystemData 

type SystemData struct {
	// The timestamp of resource creation (UTC).
	CreatedAt *time.Time

	// The identity that created the resource.
	CreatedBy *string

	// The type of identity that created the resource.
	CreatedByType *CreatedByType

	// The timestamp of resource last modification (UTC)
	LastModifiedAt *time.Time

	// The identity that last modified the resource.
	LastModifiedBy *string

	// The type of identity that last modified the resource.
	LastModifiedByType *CreatedByType
}

SystemData - Metadata pertaining to creation and last modification of the resource.

func (SystemData) MarshalJSON 

func (s SystemData) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SystemData.

func (*SystemData) UnmarshalJSON 

func (s *SystemData) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SystemData.

type TIDataConnector 

type TIDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind

	// Etag of the azure resource
	Etag *string

	// TI (Threat Intelligence) data connector properties.
	Properties *TIDataConnectorProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

TIDataConnector - Represents threat intelligence data connector.

func (*TIDataConnector) GetDataConnector 

func (t *TIDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type TIDataConnector.

func (TIDataConnector) MarshalJSON 

func (t TIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TIDataConnector.

func (*TIDataConnector) UnmarshalJSON 

func (t *TIDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnector.

type TIDataConnectorDataTypes 

type TIDataConnectorDataTypes struct {
	// Data type for indicators connection.
	Indicators *TIDataConnectorDataTypesIndicators
}

TIDataConnectorDataTypes - The available data types for TI (Threat Intelligence) data connector.

func (TIDataConnectorDataTypes) MarshalJSON added in v1.1.0 

func (t TIDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TIDataConnectorDataTypes.

func (*TIDataConnectorDataTypes) UnmarshalJSON added in v1.1.0 

func (t *TIDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorDataTypes.

type TIDataConnectorDataTypesIndicators 

type TIDataConnectorDataTypesIndicators struct {
	// Describe whether this data type connection is enabled or not.
	State *DataTypeState
}

TIDataConnectorDataTypesIndicators - Data type for indicators connection.

func (TIDataConnectorDataTypesIndicators) MarshalJSON added in v1.1.0 

func (t TIDataConnectorDataTypesIndicators) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TIDataConnectorDataTypesIndicators.

func (*TIDataConnectorDataTypesIndicators) UnmarshalJSON added in v1.1.0 

func (t *TIDataConnectorDataTypesIndicators) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorDataTypesIndicators.

type TIDataConnectorProperties 

type TIDataConnectorProperties struct {
	// The available data types for the connector.
	DataTypes *TIDataConnectorDataTypes

	// The tenant id to connect to, and get the data from.
	TenantID *string

	// The lookback period for the feed to be imported.
	TipLookbackPeriod *time.Time
}

TIDataConnectorProperties - TI (Threat Intelligence) data connector properties.

func (TIDataConnectorProperties) MarshalJSON 

func (t TIDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TIDataConnectorProperties.

func (*TIDataConnectorProperties) UnmarshalJSON 

func (t *TIDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorProperties.

type TemplateStatus 

type TemplateStatus string

TemplateStatus - The alert rule template status. 

const (
	// TemplateStatusAvailable - Alert rule template is available.
	TemplateStatusAvailable TemplateStatus = "Available"
	// TemplateStatusInstalled - Alert rule template installed. and can not use more then once
	TemplateStatusInstalled TemplateStatus = "Installed"
	// TemplateStatusNotAvailable - Alert rule template is not available
	TemplateStatusNotAvailable TemplateStatus = "NotAvailable"
)

func PossibleTemplateStatusValues 

func PossibleTemplateStatusValues() []TemplateStatus

PossibleTemplateStatusValues returns the possible values for the TemplateStatus const type.

type ThreatIntelligence 

type ThreatIntelligence struct {
	// READ-ONLY; Confidence (must be between 0 and 1)
	Confidence *float64

	// READ-ONLY; Name of the provider from whom this Threat Intelligence information was received
	ProviderName *string

	// READ-ONLY; Report link
	ReportLink *string

	// READ-ONLY; Threat description (free text)
	ThreatDescription *string

	// READ-ONLY; Threat name (e.g. "Jedobot malware")
	ThreatName *string

	// READ-ONLY; Threat type (e.g. "Botnet")
	ThreatType *string
}

ThreatIntelligence property bag.

func (ThreatIntelligence) MarshalJSON added in v1.1.0 

func (t ThreatIntelligence) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligence.

func (*ThreatIntelligence) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligence) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligence.

type ThreatIntelligenceAppendTags 

type ThreatIntelligenceAppendTags struct {
	// List of tags to be appended.
	ThreatIntelligenceTags []*string
}

ThreatIntelligenceAppendTags - Array of tags to be appended to the threat intelligence indicator.

func (ThreatIntelligenceAppendTags) MarshalJSON 

func (t ThreatIntelligenceAppendTags) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAppendTags.

func (*ThreatIntelligenceAppendTags) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceAppendTags) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAppendTags.

type ThreatIntelligenceExternalReference 

type ThreatIntelligenceExternalReference struct {
	// External reference description
	Description *string

	// External reference ID
	ExternalID *string

	// External reference hashes
	Hashes map[string]*string

	// External reference source name
	SourceName *string

	// External reference URL
	URL *string
}

ThreatIntelligenceExternalReference - Describes external reference

func (ThreatIntelligenceExternalReference) MarshalJSON 

func (t ThreatIntelligenceExternalReference) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceExternalReference.

func (*ThreatIntelligenceExternalReference) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceExternalReference) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceExternalReference.

type ThreatIntelligenceFilteringCriteria 

type ThreatIntelligenceFilteringCriteria struct {
	// Ids of threat intelligence indicators
	IDs []*string

	// Parameter to include/exclude disabled indicators.
	IncludeDisabled *bool

	// Keywords for searching threat intelligence indicators
	Keywords []*string

	// Maximum confidence.
	MaxConfidence *int32

	// End time for ValidUntil filter.
	MaxValidUntil *string

	// Minimum confidence.
	MinConfidence *int32

	// Start time for ValidUntil filter.
	MinValidUntil *string

	// Page size
	PageSize *int32

	// Pattern types
	PatternTypes []*string

	// Skip token.
	SkipToken *string

	// Columns to sort by and sorting order
	SortBy []*ThreatIntelligenceSortingCriteria

	// Sources of threat intelligence indicators
	Sources []*string

	// Threat types of threat intelligence indicators
	ThreatTypes []*string
}

ThreatIntelligenceFilteringCriteria - Filtering criteria for querying threat intelligence indicators.

func (ThreatIntelligenceFilteringCriteria) MarshalJSON 

func (t ThreatIntelligenceFilteringCriteria) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceFilteringCriteria.

func (*ThreatIntelligenceFilteringCriteria) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceFilteringCriteria) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceFilteringCriteria.

type ThreatIntelligenceGranularMarkingModel 

type ThreatIntelligenceGranularMarkingModel struct {
	// Language granular marking model
	Language *string

	// marking reference granular marking model
	MarkingRef *int32

	// granular marking model selectors
	Selectors []*string
}

ThreatIntelligenceGranularMarkingModel - Describes threat granular marking model entity

func (ThreatIntelligenceGranularMarkingModel) MarshalJSON 

func (t ThreatIntelligenceGranularMarkingModel) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceGranularMarkingModel.

func (*ThreatIntelligenceGranularMarkingModel) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceGranularMarkingModel) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceGranularMarkingModel.

type ThreatIntelligenceIndicatorClient 

type ThreatIntelligenceIndicatorClient struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorClient contains the methods for the ThreatIntelligenceIndicator group. Don't use this type directly, use NewThreatIntelligenceIndicatorClient() instead.

func NewThreatIntelligenceIndicatorClient 

func NewThreatIntelligenceIndicatorClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ThreatIntelligenceIndicatorClient, error)

NewThreatIntelligenceIndicatorClient creates a new instance of ThreatIntelligenceIndicatorClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ThreatIntelligenceIndicatorClient) AppendTags 

func (client *ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags, options *ThreatIntelligenceIndicatorClientAppendTagsOptions) (ThreatIntelligenceIndicatorClientAppendTagsResponse, error)

AppendTags - Append tags to a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • name - Threat intelligence indicator name field.
  • threatIntelligenceAppendTags - The threat intelligence append tags request body
  • options - ThreatIntelligenceIndicatorClientAppendTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.AppendTags method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/AppendTagsThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewThreatIntelligenceIndicatorClient().AppendTags(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceAppendTags{
		ThreatIntelligenceTags: []*string{
			to.Ptr("tag1"),
			to.Ptr("tag2")},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*ThreatIntelligenceIndicatorClient) Create 

func (client *ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModel, options *ThreatIntelligenceIndicatorClientCreateOptions) (ThreatIntelligenceIndicatorClientCreateResponse, error)

Create - Update a threat Intelligence indicator. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • name - Threat intelligence indicator name field.
  • threatIntelligenceProperties - Properties of threat intelligence indicators to create and update.
  • options - ThreatIntelligenceIndicatorClientCreateOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Create method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/UpdateThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewThreatIntelligenceIndicatorClient().Create(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceIndicatorModel{
		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
			Description:        to.Ptr("debugging indicators"),
			Confidence:         to.Ptr[int32](78),
			CreatedByRef:       to.Ptr("contoso@contoso.com"),
			DisplayName:        to.Ptr("new schema"),
			ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{},
			GranularMarkings:   []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{},
			KillChainPhases:    []*armsecurityinsights.ThreatIntelligenceKillChainPhase{},
			Labels:             []*string{},
			Modified:           to.Ptr(""),
			Pattern:            to.Ptr("[url:value = 'https://www.contoso.com']"),
			PatternType:        to.Ptr("url"),
			Revoked:            to.Ptr(false),
			Source:             to.Ptr("Azure Sentinel"),
			ThreatIntelligenceTags: []*string{
				to.Ptr("new schema")},
			ThreatTypes: []*string{
				to.Ptr("compromised")},
			ValidFrom:  to.Ptr("2020-04-15T17:44:00.114052Z"),
			ValidUntil: to.Ptr(""),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.ThreatIntelligenceIndicatorClientCreateResponse{
	// 	                            ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{
	// 		Name: to.Ptr("180105c7-a28d-b1a2-4a78-234f6ec80fd6"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
	// 		ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6"),
	// 		Etag: to.Ptr("\"0000322c-0000-0800-0000-5e976c960000\""),
	// 		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
	// 		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
	// 			Description: to.Ptr("debugging indicators"),
	// 			Confidence: to.Ptr[int32](78),
	// 			Created: to.Ptr("2020-04-15T20:20:38.6160949Z"),
	// 			CreatedByRef: to.Ptr("contoso@contoso.com"),
	// 			DisplayName: to.Ptr("new schema"),
	// 			ExternalID: to.Ptr("indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7"),
	// 			ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
	// 			},
	// 			GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
	// 			},
	// 			KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
	// 			},
	// 			LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:20:38.6161887Z"),
	// 			Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
	// 			PatternType: to.Ptr("url"),
	// 			Revoked: to.Ptr(false),
	// 			Source: to.Ptr("Azure Sentinel"),
	// 			ThreatIntelligenceTags: []*string{
	// 				to.Ptr("new schema")},
	// 				ThreatTypes: []*string{
	// 					to.Ptr("compromised")},
	// 					ValidFrom: to.Ptr("2020-04-15T17:44:00.114052Z"),
	// 				},
	// 			},
	// 			                        }
}

Output:

func (*ThreatIntelligenceIndicatorClient) CreateIndicator 

func (client *ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModel, options *ThreatIntelligenceIndicatorClientCreateIndicatorOptions) (ThreatIntelligenceIndicatorClientCreateIndicatorResponse, error)

CreateIndicator - Create a new threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • threatIntelligenceProperties - Properties of threat intelligence indicators to create and update.
  • options - ThreatIntelligenceIndicatorClientCreateIndicatorOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.CreateIndicator method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/CreateThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewThreatIntelligenceIndicatorClient().CreateIndicator(ctx, "myRg", "myWorkspace", armsecurityinsights.ThreatIntelligenceIndicatorModel{
		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
			Description:        to.Ptr("debugging indicators"),
			Confidence:         to.Ptr[int32](78),
			CreatedByRef:       to.Ptr("contoso@contoso.com"),
			DisplayName:        to.Ptr("new schema"),
			ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{},
			GranularMarkings:   []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{},
			KillChainPhases:    []*armsecurityinsights.ThreatIntelligenceKillChainPhase{},
			Labels:             []*string{},
			Modified:           to.Ptr(""),
			Pattern:            to.Ptr("[url:value = 'https://www.contoso.com']"),
			PatternType:        to.Ptr("url"),
			Revoked:            to.Ptr(false),
			Source:             to.Ptr("Azure Sentinel"),
			ThreatIntelligenceTags: []*string{
				to.Ptr("new schema")},
			ThreatTypes: []*string{
				to.Ptr("compromised")},
			ValidFrom:  to.Ptr("2020-04-15T17:44:00.114052Z"),
			ValidUntil: to.Ptr(""),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.ThreatIntelligenceIndicatorClientCreateIndicatorResponse{
	// 	                            ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{
	// 		Name: to.Ptr("180105c7-a28d-b1a2-4a78-234f6ec80fd6"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
	// 		ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6"),
	// 		Etag: to.Ptr("\"0000322c-0000-0800-0000-5e976c960000\""),
	// 		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
	// 		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
	// 			Description: to.Ptr("debugging indicators"),
	// 			Confidence: to.Ptr[int32](78),
	// 			Created: to.Ptr("2020-04-15T20:20:38.6160949Z"),
	// 			CreatedByRef: to.Ptr("contoso@contoso.com"),
	// 			DisplayName: to.Ptr("new schema"),
	// 			ExternalID: to.Ptr("indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7"),
	// 			ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
	// 			},
	// 			GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
	// 			},
	// 			KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
	// 			},
	// 			LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:20:38.6161887Z"),
	// 			Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
	// 			PatternType: to.Ptr("url"),
	// 			Revoked: to.Ptr(false),
	// 			Source: to.Ptr("Azure Sentinel"),
	// 			ThreatIntelligenceTags: []*string{
	// 				to.Ptr("new schema")},
	// 				ThreatTypes: []*string{
	// 					to.Ptr("compromised")},
	// 					ValidFrom: to.Ptr("2020-04-15T17:44:00.114052Z"),
	// 				},
	// 			},
	// 			                        }
}

Output:

func (*ThreatIntelligenceIndicatorClient) Delete 

func (client *ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, name string, options *ThreatIntelligenceIndicatorClientDeleteOptions) (ThreatIntelligenceIndicatorClientDeleteResponse, error)

Delete - Delete a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • name - Threat intelligence indicator name field.
  • options - ThreatIntelligenceIndicatorClientDeleteOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/DeleteThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewThreatIntelligenceIndicatorClient().Delete(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*ThreatIntelligenceIndicatorClient) Get 

func (client *ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, name string, options *ThreatIntelligenceIndicatorClientGetOptions) (ThreatIntelligenceIndicatorClientGetResponse, error)

Get - View a threat intelligence indicator by name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • name - Threat intelligence indicator name field.
  • options - ThreatIntelligenceIndicatorClientGetOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/GetThreatIntelligenceById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewThreatIntelligenceIndicatorClient().Get(ctx, "myRg", "myWorkspace", "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.ThreatIntelligenceIndicatorClientGetResponse{
	// 	                            ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{
	// 		Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
	// 		ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
	// 		Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
	// 		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
	// 			Description: to.Ptr("debugging indicators"),
	// 			Confidence: to.Ptr[int32](78),
	// 			Created: to.Ptr("2020-04-15T19:51:17.1050923Z"),
	// 			CreatedByRef: to.Ptr("aztestConnectors@dataconnector.ccsctp.net"),
	// 			DisplayName: to.Ptr("updated indicator"),
	// 			ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"),
	// 			ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
	// 			},
	// 			GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
	// 			},
	// 			KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
	// 			},
	// 			LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:18:49.2259902Z"),
	// 			Pattern: to.Ptr("[url:value = 'https://abc.com']"),
	// 			PatternType: to.Ptr("url"),
	// 			Revoked: to.Ptr(false),
	// 			Source: to.Ptr("Azure Sentinel"),
	// 			ThreatIntelligenceTags: []*string{
	// 				to.Ptr("patching tags")},
	// 				ThreatTypes: []*string{
	// 					to.Ptr("compromised")},
	// 					ValidFrom: to.Ptr("2020-04-15T17:44:00.114052Z"),
	// 				},
	// 			},
	// 			                        }
}

Output:

func (*ThreatIntelligenceIndicatorClient) NewQueryIndicatorsPager added in v0.3.0 

func (client *ThreatIntelligenceIndicatorClient) NewQueryIndicatorsPager(resourceGroupName string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria, options *ThreatIntelligenceIndicatorClientQueryIndicatorsOptions) *runtime.Pager[ThreatIntelligenceIndicatorClientQueryIndicatorsResponse]

NewQueryIndicatorsPager - Query threat intelligence indicators as per filtering criteria.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • threatIntelligenceFilteringCriteria - Filtering criteria for querying threat intelligence indicators.
  • options - ThreatIntelligenceIndicatorClientQueryIndicatorsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.NewQueryIndicatorsPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/QueryThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewThreatIntelligenceIndicatorClient().NewQueryIndicatorsPager("myRg", "myWorkspace", armsecurityinsights.ThreatIntelligenceFilteringCriteria{
		MaxConfidence: to.Ptr[int32](80),
		MaxValidUntil: to.Ptr("2020-04-25T17:44:00.114052Z"),
		MinConfidence: to.Ptr[int32](25),
		MinValidUntil: to.Ptr("2020-04-05T17:44:00.114052Z"),
		PageSize:      to.Ptr[int32](100),
		SortBy: []*armsecurityinsights.ThreatIntelligenceSortingCriteria{
			{
				ItemKey:   to.Ptr("lastUpdatedTimeUtc"),
				SortOrder: to.Ptr(armsecurityinsights.ThreatIntelligenceSortingOrderDescending),
			}},
		Sources: []*string{
			to.Ptr("Azure Sentinel")},
	}, nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.ThreatIntelligenceInformationList = armsecurityinsights.ThreatIntelligenceInformationList{
		// 	Value: []armsecurityinsights.ThreatIntelligenceInformationClassification{
		// 		&armsecurityinsights.ThreatIntelligenceIndicatorModel{
		// 			Name: to.Ptr("27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
		// 			ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"),
		// 			Etag: to.Ptr("\"00002f2c-0000-0800-0000-5e976a8e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
		// 			Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
		// 				Description: to.Ptr("debugging indicators 2"),
		// 				Confidence: to.Ptr[int32](90),
		// 				Created: to.Ptr("2020-04-15T20:11:57.9666134Z"),
		// 				CreatedByRef: to.Ptr("contoso@contoso.com"),
		// 				DisplayName: to.Ptr("new schema 2"),
		// 				ExternalID: to.Ptr("indicator--8516d567-0daa-4614-8745-e3591e1b48cf"),
		// 				ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
		// 				},
		// 				GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
		// 				},
		// 				KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
		// 				},
		// 				LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:15:11.0746926Z"),
		// 				ParsedPattern: []*armsecurityinsights.ThreatIntelligenceParsedPattern{
		// 					{
		// 						PatternTypeKey: to.Ptr("network-traffic"),
		// 						PatternTypeValues: []*armsecurityinsights.ThreatIntelligenceParsedPatternTypeValue{
		// 							{
		// 								Value: to.Ptr("SSH-2.0-PuTTY_Release_0.64"),
		// 								ValueType: to.Ptr("0"),
		// 							},
		// 							{
		// 								Value: to.Ptr("194.88.106.146"),
		// 								ValueType: to.Ptr("1"),
		// 						}},
		// 				}},
		// 				Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
		// 				PatternType: to.Ptr("url"),
		// 				Revoked: to.Ptr(false),
		// 				Source: to.Ptr("Azure Sentinel"),
		// 				ThreatIntelligenceTags: []*string{
		// 					to.Ptr("new schema")},
		// 					ThreatTypes: []*string{
		// 						to.Ptr("compromised")},
		// 						ValidFrom: to.Ptr("2020-04-15T17:44:00.114052Z"),
		// 					},
		// 				},
		// 				&armsecurityinsights.ThreatIntelligenceIndicatorModel{
		// 					Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
		// 					Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
		// 					ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
		// 					Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""),
		// 					Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
		// 					Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
		// 						Description: to.Ptr("debugging indicators"),
		// 						Confidence: to.Ptr[int32](78),
		// 						Created: to.Ptr("2020-04-15T19:51:17.1050923Z"),
		// 						CreatedByRef: to.Ptr("contoso@contoso.com"),
		// 						DisplayName: to.Ptr("updated indicator"),
		// 						ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"),
		// 						ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
		// 						},
		// 						GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
		// 						},
		// 						KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
		// 						},
		// 						LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:15:11.074903Z"),
		// 						Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
		// 						PatternType: to.Ptr("url"),
		// 						Revoked: to.Ptr(false),
		// 						Source: to.Ptr("Azure Sentinel"),
		// 						ThreatIntelligenceTags: []*string{
		// 							to.Ptr("patching tags")},
		// 							ThreatTypes: []*string{
		// 								to.Ptr("compromised")},
		// 								ValidFrom: to.Ptr("2020-04-15T17:44:00.114052Z"),
		// 							},
		// 					}},
		// 				}
	}
}

Output:

func (*ThreatIntelligenceIndicatorClient) ReplaceTags 

func (client *ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModel, options *ThreatIntelligenceIndicatorClientReplaceTagsOptions) (ThreatIntelligenceIndicatorClientReplaceTagsResponse, error)

ReplaceTags - Replace tags added to a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • name - Threat intelligence indicator name field.
  • threatIntelligenceReplaceTags - Tags in the threat intelligence indicator to be replaced.
  • options - ThreatIntelligenceIndicatorClientReplaceTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.ReplaceTags method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/ReplaceTagsThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewThreatIntelligenceIndicatorClient().ReplaceTags(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceIndicatorModel{
		Etag: to.Ptr("\"0000262c-0000-0800-0000-5e9767060000\""),
		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
			ThreatIntelligenceTags: []*string{
				to.Ptr("patching tags")},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res = armsecurityinsights.ThreatIntelligenceIndicatorClientReplaceTagsResponse{
	// 	                            ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{
	// 		Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
	// 		Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
	// 		ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
	// 		Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""),
	// 		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
	// 		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
	// 			Description: to.Ptr("debugging indicators"),
	// 			Confidence: to.Ptr[int32](78),
	// 			Created: to.Ptr("2020-04-15T19:51:17.1050923Z"),
	// 			CreatedByRef: to.Ptr("aztestConnectors@dataconnector.ccsctp.net"),
	// 			DisplayName: to.Ptr("updated indicator"),
	// 			ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"),
	// 			ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
	// 			},
	// 			GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
	// 			},
	// 			KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
	// 			},
	// 			LastUpdatedTimeUTC: to.Ptr("2020-04-15T19:56:08.828946Z"),
	// 			Pattern: to.Ptr("[url:value = 'https://abc.com']"),
	// 			PatternType: to.Ptr("url"),
	// 			Revoked: to.Ptr(false),
	// 			Source: to.Ptr("Azure Sentinel"),
	// 			ThreatIntelligenceTags: []*string{
	// 				to.Ptr("patching tags")},
	// 				ThreatTypes: []*string{
	// 					to.Ptr("compromised")},
	// 					ValidFrom: to.Ptr("2020-04-15T17:44:00.114052Z"),
	// 				},
	// 			},
	// 			                        }
}

Output:

type ThreatIntelligenceIndicatorClientAppendTagsOptions 

type ThreatIntelligenceIndicatorClientAppendTagsOptions struct {
}

ThreatIntelligenceIndicatorClientAppendTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.AppendTags method.

type ThreatIntelligenceIndicatorClientAppendTagsResponse 

type ThreatIntelligenceIndicatorClientAppendTagsResponse struct {
}

ThreatIntelligenceIndicatorClientAppendTagsResponse contains the response from method ThreatIntelligenceIndicatorClient.AppendTags.

type ThreatIntelligenceIndicatorClientCreateIndicatorOptions 

type ThreatIntelligenceIndicatorClientCreateIndicatorOptions struct {
}

ThreatIntelligenceIndicatorClientCreateIndicatorOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.CreateIndicator method.

type ThreatIntelligenceIndicatorClientCreateIndicatorResponse 

type ThreatIntelligenceIndicatorClientCreateIndicatorResponse struct {
	// Threat intelligence information object.
	ThreatIntelligenceInformationClassification
}

ThreatIntelligenceIndicatorClientCreateIndicatorResponse contains the response from method ThreatIntelligenceIndicatorClient.CreateIndicator.

func (*ThreatIntelligenceIndicatorClientCreateIndicatorResponse) UnmarshalJSON added in v0.2.0 

func (t *ThreatIntelligenceIndicatorClientCreateIndicatorResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorClientCreateIndicatorResponse.

type ThreatIntelligenceIndicatorClientCreateOptions 

type ThreatIntelligenceIndicatorClientCreateOptions struct {
}

ThreatIntelligenceIndicatorClientCreateOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Create method.

type ThreatIntelligenceIndicatorClientCreateResponse 

type ThreatIntelligenceIndicatorClientCreateResponse struct {
	// Threat intelligence information object.
	ThreatIntelligenceInformationClassification
}

ThreatIntelligenceIndicatorClientCreateResponse contains the response from method ThreatIntelligenceIndicatorClient.Create.

func (*ThreatIntelligenceIndicatorClientCreateResponse) UnmarshalJSON added in v0.2.0 

func (t *ThreatIntelligenceIndicatorClientCreateResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorClientCreateResponse.

type ThreatIntelligenceIndicatorClientDeleteOptions 

type ThreatIntelligenceIndicatorClientDeleteOptions struct {
}

ThreatIntelligenceIndicatorClientDeleteOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Delete method.

type ThreatIntelligenceIndicatorClientDeleteResponse 

type ThreatIntelligenceIndicatorClientDeleteResponse struct {
}

ThreatIntelligenceIndicatorClientDeleteResponse contains the response from method ThreatIntelligenceIndicatorClient.Delete.

type ThreatIntelligenceIndicatorClientGetOptions 

type ThreatIntelligenceIndicatorClientGetOptions struct {
}

ThreatIntelligenceIndicatorClientGetOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Get method.

type ThreatIntelligenceIndicatorClientGetResponse 

type ThreatIntelligenceIndicatorClientGetResponse struct {
	// Threat intelligence information object.
	ThreatIntelligenceInformationClassification
}

ThreatIntelligenceIndicatorClientGetResponse contains the response from method ThreatIntelligenceIndicatorClient.Get.

func (*ThreatIntelligenceIndicatorClientGetResponse) UnmarshalJSON added in v0.2.0 

func (t *ThreatIntelligenceIndicatorClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorClientGetResponse.

type ThreatIntelligenceIndicatorClientQueryIndicatorsOptions 

type ThreatIntelligenceIndicatorClientQueryIndicatorsOptions struct {
}

ThreatIntelligenceIndicatorClientQueryIndicatorsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.NewQueryIndicatorsPager method.

type ThreatIntelligenceIndicatorClientQueryIndicatorsResponse 

type ThreatIntelligenceIndicatorClientQueryIndicatorsResponse struct {
	// List of all the threat intelligence information objects.
	ThreatIntelligenceInformationList
}

ThreatIntelligenceIndicatorClientQueryIndicatorsResponse contains the response from method ThreatIntelligenceIndicatorClient.NewQueryIndicatorsPager.

type ThreatIntelligenceIndicatorClientReplaceTagsOptions 

type ThreatIntelligenceIndicatorClientReplaceTagsOptions struct {
}

ThreatIntelligenceIndicatorClientReplaceTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.ReplaceTags method.

type ThreatIntelligenceIndicatorClientReplaceTagsResponse 

type ThreatIntelligenceIndicatorClientReplaceTagsResponse struct {
	// Threat intelligence information object.
	ThreatIntelligenceInformationClassification
}

ThreatIntelligenceIndicatorClientReplaceTagsResponse contains the response from method ThreatIntelligenceIndicatorClient.ReplaceTags.

func (*ThreatIntelligenceIndicatorClientReplaceTagsResponse) UnmarshalJSON added in v0.2.0 

func (t *ThreatIntelligenceIndicatorClientReplaceTagsResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorClientReplaceTagsResponse.

type ThreatIntelligenceIndicatorMetricsClient 

type ThreatIntelligenceIndicatorMetricsClient struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorMetricsClient contains the methods for the ThreatIntelligenceIndicatorMetrics group. Don't use this type directly, use NewThreatIntelligenceIndicatorMetricsClient() instead.

func NewThreatIntelligenceIndicatorMetricsClient 

func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ThreatIntelligenceIndicatorMetricsClient, error)

NewThreatIntelligenceIndicatorMetricsClient creates a new instance of ThreatIntelligenceIndicatorMetricsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ThreatIntelligenceIndicatorMetricsClient) List 

func (client *ThreatIntelligenceIndicatorMetricsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *ThreatIntelligenceIndicatorMetricsClientListOptions) (ThreatIntelligenceIndicatorMetricsClientListResponse, error)

List - Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - ThreatIntelligenceIndicatorMetricsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorMetricsClient.List method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/CollectThreatIntelligenceMetrics.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewThreatIntelligenceIndicatorMetricsClient().List(ctx, "myRg", "myWorkspace", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ThreatIntelligenceMetricsList = armsecurityinsights.ThreatIntelligenceMetricsList{
	// 	Value: []*armsecurityinsights.ThreatIntelligenceMetrics{
	// 		{
	// 			Properties: &armsecurityinsights.ThreatIntelligenceMetric{
	// 				LastUpdatedTimeUTC: to.Ptr("2020-09-01T19:44:44.117403Z"),
	// 				PatternTypeMetrics: []*armsecurityinsights.ThreatIntelligenceMetricEntity{
	// 					{
	// 						MetricName: to.Ptr("url"),
	// 						MetricValue: to.Ptr[int32](20),
	// 				}},
	// 				SourceMetrics: []*armsecurityinsights.ThreatIntelligenceMetricEntity{
	// 					{
	// 						MetricName: to.Ptr("Azure Sentinel"),
	// 						MetricValue: to.Ptr[int32](10315),
	// 					},
	// 					{
	// 						MetricName: to.Ptr("zinga"),
	// 						MetricValue: to.Ptr[int32](2),
	// 				}},
	// 				ThreatTypeMetrics: []*armsecurityinsights.ThreatIntelligenceMetricEntity{
	// 					{
	// 						MetricName: to.Ptr("compromised"),
	// 						MetricValue: to.Ptr[int32](20),
	// 				}},
	// 			},
	// 	}},
	// }
}

Output:

type ThreatIntelligenceIndicatorMetricsClientListOptions 

type ThreatIntelligenceIndicatorMetricsClientListOptions struct {
}

ThreatIntelligenceIndicatorMetricsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorMetricsClient.List method.

type ThreatIntelligenceIndicatorMetricsClientListResponse 

type ThreatIntelligenceIndicatorMetricsClientListResponse struct {
	// List of all the threat intelligence metric fields (type/threat type/source).
	ThreatIntelligenceMetricsList
}

ThreatIntelligenceIndicatorMetricsClientListResponse contains the response from method ThreatIntelligenceIndicatorMetricsClient.List.

type ThreatIntelligenceIndicatorModel 

type ThreatIntelligenceIndicatorModel struct {
	// REQUIRED; The kind of the entity.
	Kind *ThreatIntelligenceResourceInnerKind

	// Etag of the azure resource
	Etag *string

	// Threat Intelligence Entity properties
	Properties *ThreatIntelligenceIndicatorProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

ThreatIntelligenceIndicatorModel - Threat intelligence indicator entity.

func (*ThreatIntelligenceIndicatorModel) GetThreatIntelligenceInformation 

func (t *ThreatIntelligenceIndicatorModel) GetThreatIntelligenceInformation() *ThreatIntelligenceInformation

GetThreatIntelligenceInformation implements the ThreatIntelligenceInformationClassification interface for type ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) MarshalJSON 

func (t ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorModel.

func (*ThreatIntelligenceIndicatorModel) UnmarshalJSON 

func (t *ThreatIntelligenceIndicatorModel) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorModel.

type ThreatIntelligenceIndicatorProperties 

type ThreatIntelligenceIndicatorProperties struct {
	// Confidence of threat intelligence entity
	Confidence *int32

	// Created by
	Created *string

	// Created by reference of threat intelligence entity
	CreatedByRef *string

	// Is threat intelligence entity defanged
	Defanged *bool

	// Description of a threat intelligence entity
	Description *string

	// Display name of a threat intelligence entity
	DisplayName *string

	// Extensions map
	Extensions map[string]any

	// External ID of threat intelligence entity
	ExternalID *string

	// External last updated time in UTC
	ExternalLastUpdatedTimeUTC *string

	// External References
	ExternalReferences []*ThreatIntelligenceExternalReference

	// Granular Markings
	GranularMarkings []*ThreatIntelligenceGranularMarkingModel

	// Indicator types of threat intelligence entities
	IndicatorTypes []*string

	// Kill chain phases
	KillChainPhases []*ThreatIntelligenceKillChainPhase

	// Labels of threat intelligence entity
	Labels []*string

	// Language of threat intelligence entity
	Language *string

	// Last updated time in UTC
	LastUpdatedTimeUTC *string

	// Modified by
	Modified *string

	// Threat intelligence entity object marking references
	ObjectMarkingRefs []*string

	// Parsed patterns
	ParsedPattern []*ThreatIntelligenceParsedPattern

	// Pattern of a threat intelligence entity
	Pattern *string

	// Pattern type of a threat intelligence entity
	PatternType *string

	// Pattern version of a threat intelligence entity
	PatternVersion *string

	// Is threat intelligence entity revoked
	Revoked *bool

	// Source of a threat intelligence entity
	Source *string

	// List of tags
	ThreatIntelligenceTags []*string

	// Threat types
	ThreatTypes []*string

	// Valid from
	ValidFrom *string

	// Valid until
	ValidUntil *string

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string
}

ThreatIntelligenceIndicatorProperties - Describes threat intelligence entity properties

func (ThreatIntelligenceIndicatorProperties) MarshalJSON 

func (t ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorProperties.

func (*ThreatIntelligenceIndicatorProperties) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceIndicatorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorProperties.

type ThreatIntelligenceIndicatorsClient 

type ThreatIntelligenceIndicatorsClient struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorsClient contains the methods for the ThreatIntelligenceIndicators group. Don't use this type directly, use NewThreatIntelligenceIndicatorsClient() instead.

func NewThreatIntelligenceIndicatorsClient 

func NewThreatIntelligenceIndicatorsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ThreatIntelligenceIndicatorsClient, error)

NewThreatIntelligenceIndicatorsClient creates a new instance of ThreatIntelligenceIndicatorsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ThreatIntelligenceIndicatorsClient) NewListPager added in v0.3.0 

func (client *ThreatIntelligenceIndicatorsClient) NewListPager(resourceGroupName string, workspaceName string, options *ThreatIntelligenceIndicatorsClientListOptions) *runtime.Pager[ThreatIntelligenceIndicatorsClientListResponse]

NewListPager - Get all threat intelligence indicators.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - ThreatIntelligenceIndicatorsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/threatintelligence/GetThreatIntelligence.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewThreatIntelligenceIndicatorsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.ThreatIntelligenceIndicatorsClientListOptions{Filter: nil,
		Top:       nil,
		SkipToken: nil,
		Orderby:   nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.ThreatIntelligenceInformationList = armsecurityinsights.ThreatIntelligenceInformationList{
		// 	Value: []armsecurityinsights.ThreatIntelligenceInformationClassification{
		// 		&armsecurityinsights.ThreatIntelligenceIndicatorModel{
		// 			Name: to.Ptr("27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
		// 			ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"),
		// 			Etag: to.Ptr("\"00002f2c-0000-0800-0000-5e976a8e0000\""),
		// 			Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
		// 			Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
		// 				Description: to.Ptr("debugging indicators"),
		// 				Confidence: to.Ptr[int32](90),
		// 				Created: to.Ptr("2020-04-15T20:11:57.9666134Z"),
		// 				CreatedByRef: to.Ptr("contoso@contoso.com"),
		// 				DisplayName: to.Ptr("new schema 2"),
		// 				ExternalID: to.Ptr("indicator--8516d567-0daa-4614-8745-e3591e1b48cf"),
		// 				ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
		// 				},
		// 				GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
		// 				},
		// 				KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
		// 				},
		// 				LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:15:11.0746926Z"),
		// 				Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
		// 				PatternType: to.Ptr("url"),
		// 				Revoked: to.Ptr(false),
		// 				Source: to.Ptr("Azure Sentinel"),
		// 				ThreatIntelligenceTags: []*string{
		// 					to.Ptr("new schema")},
		// 					ThreatTypes: []*string{
		// 						to.Ptr("compromised")},
		// 						ValidFrom: to.Ptr("2020-04-15T17:44:00.114052Z"),
		// 					},
		// 				},
		// 				&armsecurityinsights.ThreatIntelligenceIndicatorModel{
		// 					Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
		// 					Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
		// 					ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
		// 					Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""),
		// 					Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceInnerKindIndicator),
		// 					Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
		// 						Description: to.Ptr("debugging indicators"),
		// 						Confidence: to.Ptr[int32](78),
		// 						Created: to.Ptr("2020-04-15T19:51:17.1050923Z"),
		// 						CreatedByRef: to.Ptr("contoso@contoso.com"),
		// 						DisplayName: to.Ptr("updated indicator"),
		// 						ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"),
		// 						ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
		// 						},
		// 						GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
		// 						},
		// 						KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
		// 						},
		// 						LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:15:11.074903Z"),
		// 						Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
		// 						PatternType: to.Ptr("url"),
		// 						Revoked: to.Ptr(false),
		// 						Source: to.Ptr("Azure Sentinel"),
		// 						ThreatIntelligenceTags: []*string{
		// 							to.Ptr("patching tags")},
		// 							ThreatTypes: []*string{
		// 								to.Ptr("compromised")},
		// 								ValidFrom: to.Ptr("2020-04-15T17:44:00.114052Z"),
		// 							},
		// 					}},
		// 				}
	}
}

Output:

type ThreatIntelligenceIndicatorsClientListOptions 

type ThreatIntelligenceIndicatorsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string

	// Sorts the results. Optional.
	Orderby *string

	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string

	// Returns only the first n results. Optional.
	Top *int32
}

ThreatIntelligenceIndicatorsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorsClient.NewListPager method.

type ThreatIntelligenceIndicatorsClientListResponse 

type ThreatIntelligenceIndicatorsClientListResponse struct {
	// List of all the threat intelligence information objects.
	ThreatIntelligenceInformationList
}

ThreatIntelligenceIndicatorsClientListResponse contains the response from method ThreatIntelligenceIndicatorsClient.NewListPager.

type ThreatIntelligenceInformation 

type ThreatIntelligenceInformation struct {
	// REQUIRED; The kind of the entity.
	Kind *ThreatIntelligenceResourceInnerKind

	// Etag of the azure resource
	Etag *string

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

ThreatIntelligenceInformation - Threat intelligence information object.

func (*ThreatIntelligenceInformation) GetThreatIntelligenceInformation 

func (t *ThreatIntelligenceInformation) GetThreatIntelligenceInformation() *ThreatIntelligenceInformation

GetThreatIntelligenceInformation implements the ThreatIntelligenceInformationClassification interface for type ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) MarshalJSON 

func (t ThreatIntelligenceInformation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceInformation.

func (*ThreatIntelligenceInformation) UnmarshalJSON 

func (t *ThreatIntelligenceInformation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceInformation.

type ThreatIntelligenceInformationClassification 

type ThreatIntelligenceInformationClassification interface {
	// GetThreatIntelligenceInformation returns the ThreatIntelligenceInformation content of the underlying type.
	GetThreatIntelligenceInformation() *ThreatIntelligenceInformation
}

ThreatIntelligenceInformationClassification provides polymorphic access to related types. Call the interface's GetThreatIntelligenceInformation() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ThreatIntelligenceIndicatorModel, *ThreatIntelligenceInformation

type ThreatIntelligenceInformationList 

type ThreatIntelligenceInformationList struct {
	// REQUIRED; Array of threat intelligence information objects.
	Value []ThreatIntelligenceInformationClassification

	// READ-ONLY; URL to fetch the next set of information objects.
	NextLink *string
}

ThreatIntelligenceInformationList - List of all the threat intelligence information objects.

func (ThreatIntelligenceInformationList) MarshalJSON 

func (t ThreatIntelligenceInformationList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceInformationList.

func (*ThreatIntelligenceInformationList) UnmarshalJSON 

func (t *ThreatIntelligenceInformationList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceInformationList.

type ThreatIntelligenceKillChainPhase 

type ThreatIntelligenceKillChainPhase struct {
	// Kill chainName name
	KillChainName *string

	// Phase name
	PhaseName *string
}

ThreatIntelligenceKillChainPhase - Describes threat kill chain phase entity

func (ThreatIntelligenceKillChainPhase) MarshalJSON added in v1.1.0 

func (t ThreatIntelligenceKillChainPhase) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceKillChainPhase.

func (*ThreatIntelligenceKillChainPhase) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceKillChainPhase) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceKillChainPhase.

type ThreatIntelligenceMetric 

type ThreatIntelligenceMetric struct {
	// Last updated indicator metric
	LastUpdatedTimeUTC *string

	// Pattern type metrics
	PatternTypeMetrics []*ThreatIntelligenceMetricEntity

	// Source metrics
	SourceMetrics []*ThreatIntelligenceMetricEntity

	// Threat type metrics
	ThreatTypeMetrics []*ThreatIntelligenceMetricEntity
}

ThreatIntelligenceMetric - Describes threat intelligence metric

func (ThreatIntelligenceMetric) MarshalJSON 

func (t ThreatIntelligenceMetric) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetric.

func (*ThreatIntelligenceMetric) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceMetric) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetric.

type ThreatIntelligenceMetricEntity 

type ThreatIntelligenceMetricEntity struct {
	// Metric name
	MetricName *string

	// Metric value
	MetricValue *int32
}

ThreatIntelligenceMetricEntity - Describes threat intelligence metric entity

func (ThreatIntelligenceMetricEntity) MarshalJSON added in v1.1.0 

func (t ThreatIntelligenceMetricEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetricEntity.

func (*ThreatIntelligenceMetricEntity) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceMetricEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetricEntity.

type ThreatIntelligenceMetrics 

type ThreatIntelligenceMetrics struct {
	// Threat intelligence metrics.
	Properties *ThreatIntelligenceMetric
}

ThreatIntelligenceMetrics - Threat intelligence metrics.

func (ThreatIntelligenceMetrics) MarshalJSON added in v1.1.0 

func (t ThreatIntelligenceMetrics) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetrics.

func (*ThreatIntelligenceMetrics) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceMetrics) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetrics.

type ThreatIntelligenceMetricsList 

type ThreatIntelligenceMetricsList struct {
	// REQUIRED; Array of threat intelligence metric fields (type/threat type/source).
	Value []*ThreatIntelligenceMetrics
}

ThreatIntelligenceMetricsList - List of all the threat intelligence metric fields (type/threat type/source).

func (ThreatIntelligenceMetricsList) MarshalJSON 

func (t ThreatIntelligenceMetricsList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetricsList.

func (*ThreatIntelligenceMetricsList) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceMetricsList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetricsList.

type ThreatIntelligenceParsedPattern 

type ThreatIntelligenceParsedPattern struct {
	// Pattern type key
	PatternTypeKey *string

	// Pattern type keys
	PatternTypeValues []*ThreatIntelligenceParsedPatternTypeValue
}

ThreatIntelligenceParsedPattern - Describes parsed pattern entity

func (ThreatIntelligenceParsedPattern) MarshalJSON 

func (t ThreatIntelligenceParsedPattern) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceParsedPattern.

func (*ThreatIntelligenceParsedPattern) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceParsedPattern) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceParsedPattern.

type ThreatIntelligenceParsedPatternTypeValue 

type ThreatIntelligenceParsedPatternTypeValue struct {
	// Value of parsed pattern
	Value *string

	// Type of the value
	ValueType *string
}

ThreatIntelligenceParsedPatternTypeValue - Describes threat kill chain phase entity

func (ThreatIntelligenceParsedPatternTypeValue) MarshalJSON added in v1.1.0 

func (t ThreatIntelligenceParsedPatternTypeValue) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceParsedPatternTypeValue.

func (*ThreatIntelligenceParsedPatternTypeValue) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceParsedPatternTypeValue) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceParsedPatternTypeValue.

type ThreatIntelligenceResourceInnerKind added in v1.0.0 

type ThreatIntelligenceResourceInnerKind string

ThreatIntelligenceResourceInnerKind - The kind of the threat intelligence entity 

const (
	// ThreatIntelligenceResourceInnerKindIndicator - Entity represents threat intelligence indicator in the system.
	ThreatIntelligenceResourceInnerKindIndicator ThreatIntelligenceResourceInnerKind = "indicator"
)

func PossibleThreatIntelligenceResourceInnerKindValues added in v1.0.0 

func PossibleThreatIntelligenceResourceInnerKindValues() []ThreatIntelligenceResourceInnerKind

PossibleThreatIntelligenceResourceInnerKindValues returns the possible values for the ThreatIntelligenceResourceInnerKind const type.

type ThreatIntelligenceSortingCriteria 

type ThreatIntelligenceSortingCriteria struct {
	// Column name
	ItemKey *string

	// Sorting order (ascending/descending/unsorted).
	SortOrder *ThreatIntelligenceSortingOrder
}

ThreatIntelligenceSortingCriteria - List of available columns for sorting

func (ThreatIntelligenceSortingCriteria) MarshalJSON added in v1.1.0 

func (t ThreatIntelligenceSortingCriteria) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceSortingCriteria.

func (*ThreatIntelligenceSortingCriteria) UnmarshalJSON added in v1.1.0 

func (t *ThreatIntelligenceSortingCriteria) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceSortingCriteria.

type ThreatIntelligenceSortingOrder added in v1.0.0 

type ThreatIntelligenceSortingOrder string

ThreatIntelligenceSortingOrder - Sorting order (ascending/descending/unsorted). 

const (
	ThreatIntelligenceSortingOrderAscending  ThreatIntelligenceSortingOrder = "ascending"
	ThreatIntelligenceSortingOrderDescending ThreatIntelligenceSortingOrder = "descending"
	ThreatIntelligenceSortingOrderUnsorted   ThreatIntelligenceSortingOrder = "unsorted"
)

func PossibleThreatIntelligenceSortingOrderValues added in v1.0.0 

func PossibleThreatIntelligenceSortingOrderValues() []ThreatIntelligenceSortingOrder

PossibleThreatIntelligenceSortingOrderValues returns the possible values for the ThreatIntelligenceSortingOrder const type.

type TriggerOperator 

type TriggerOperator string

TriggerOperator - The operation against the threshold that triggers alert rule. 

const (
	TriggerOperatorEqual       TriggerOperator = "Equal"
	TriggerOperatorGreaterThan TriggerOperator = "GreaterThan"
	TriggerOperatorLessThan    TriggerOperator = "LessThan"
	TriggerOperatorNotEqual    TriggerOperator = "NotEqual"
)

func PossibleTriggerOperatorValues 

func PossibleTriggerOperatorValues() []TriggerOperator

PossibleTriggerOperatorValues returns the possible values for the TriggerOperator const type.

type TriggersOn 

type TriggersOn string
const (
	// TriggersOnIncidents - Trigger on Incidents
	TriggersOnIncidents TriggersOn = "Incidents"
)

func PossibleTriggersOnValues 

func PossibleTriggersOnValues() []TriggersOn

PossibleTriggersOnValues returns the possible values for the TriggersOn const type.

type TriggersWhen 

type TriggersWhen string
const (
	// TriggersWhenCreated - Trigger on created objects
	TriggersWhenCreated TriggersWhen = "Created"
)

func PossibleTriggersWhenValues 

func PossibleTriggersWhenValues() []TriggersWhen

PossibleTriggersWhenValues returns the possible values for the TriggersWhen const type.

type URLEntity 

type URLEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKindEnum

	// Url entity properties
	Properties *URLEntityProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

URLEntity - Represents a url entity.

func (*URLEntity) GetEntity 

func (u *URLEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type URLEntity.

func (URLEntity) MarshalJSON 

func (u URLEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type URLEntity.

func (*URLEntity) UnmarshalJSON 

func (u *URLEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type URLEntity.

type URLEntityProperties 

type URLEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string

	// READ-ONLY; A full URL the entity points to
	URL *string
}

URLEntityProperties - Url entity property bag.

func (URLEntityProperties) MarshalJSON 

func (u URLEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type URLEntityProperties.

func (*URLEntityProperties) UnmarshalJSON added in v1.1.0 

func (u *URLEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type URLEntityProperties.

type UserInfo 

type UserInfo struct {
	// The object id of the user.
	ObjectID *string

	// READ-ONLY; The email of the user.
	Email *string

	// READ-ONLY; The name of the user.
	Name *string
}

UserInfo - User information that made some action

func (UserInfo) MarshalJSON added in v1.1.0 

func (u UserInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type UserInfo.

func (*UserInfo) UnmarshalJSON added in v1.1.0 

func (u *UserInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type UserInfo.

type Watchlist 

type Watchlist struct {
	// Etag of the azure resource
	Etag *string

	// Watchlist properties
	Properties *WatchlistProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

Watchlist - Represents a Watchlist in Azure Security Insights.

func (Watchlist) MarshalJSON added in v1.1.0 

func (w Watchlist) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Watchlist.

func (*Watchlist) UnmarshalJSON added in v1.1.0 

func (w *Watchlist) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Watchlist.

type WatchlistItem 

type WatchlistItem struct {
	// Etag of the azure resource
	Etag *string

	// Watchlist Item properties
	Properties *WatchlistItemProperties

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string

	// READ-ONLY; The name of the resource
	Name *string

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string
}

WatchlistItem - Represents a Watchlist Item in Azure Security Insights.

func (WatchlistItem) MarshalJSON added in v1.1.0 

func (w WatchlistItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistItem.

func (*WatchlistItem) UnmarshalJSON added in v1.1.0 

func (w *WatchlistItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistItem.

type WatchlistItemList 

type WatchlistItemList struct {
	// REQUIRED; Array of watchlist items.
	Value []*WatchlistItem

	// READ-ONLY; URL to fetch the next set of watchlist items.
	NextLink *string
}

WatchlistItemList - List all the watchlist items.

func (WatchlistItemList) MarshalJSON 

func (w WatchlistItemList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistItemList.

func (*WatchlistItemList) UnmarshalJSON added in v1.1.0 

func (w *WatchlistItemList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistItemList.

type WatchlistItemProperties 

type WatchlistItemProperties struct {
	// REQUIRED; key-value pairs for a watchlist item
	ItemsKeyValue any

	// The time the watchlist item was created
	Created *time.Time

	// Describes a user that created the watchlist item
	CreatedBy *UserInfo

	// key-value pairs for a watchlist item entity mapping
	EntityMapping any

	// A flag that indicates if the watchlist item is deleted or not
	IsDeleted *bool

	// The tenantId to which the watchlist item belongs to
	TenantID *string

	// The last time the watchlist item was updated
	Updated *time.Time

	// Describes a user that updated the watchlist item
	UpdatedBy *UserInfo

	// The id (a Guid) of the watchlist item
	WatchlistItemID *string

	// The type of the watchlist item
	WatchlistItemType *string
}

WatchlistItemProperties - Describes watchlist item properties

func (WatchlistItemProperties) MarshalJSON 

func (w WatchlistItemProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistItemProperties.

func (*WatchlistItemProperties) UnmarshalJSON 

func (w *WatchlistItemProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistItemProperties.

type WatchlistItemsClient 

type WatchlistItemsClient struct {
	// contains filtered or unexported fields
}

WatchlistItemsClient contains the methods for the WatchlistItems group. Don't use this type directly, use NewWatchlistItemsClient() instead.

func NewWatchlistItemsClient 

func NewWatchlistItemsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*WatchlistItemsClient, error)

NewWatchlistItemsClient creates a new instance of WatchlistItemsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*WatchlistItemsClient) CreateOrUpdate 

func (client *WatchlistItemsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, watchlistItem WatchlistItem, options *WatchlistItemsClientCreateOrUpdateOptions) (WatchlistItemsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Create or update a watchlist item. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - The watchlist alias
  • watchlistItemID - The watchlist item id (GUID)
  • watchlistItem - The watchlist item
  • options - WatchlistItemsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistItemsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/CreateWatchlistItem.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewWatchlistItemsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "highValueAsset", "82ba292c-dc97-4dfc-969d-d4dd9e666842", armsecurityinsights.WatchlistItem{
		Etag: to.Ptr("0300bf09-0000-0000-0000-5c37296e0000"),
		Properties: &armsecurityinsights.WatchlistItemProperties{
			ItemsKeyValue: map[string]any{
				"Business tier":  "10.0.2.0/24",
				"Data tier":      "10.0.2.0/24",
				"Gateway subnet": "10.0.255.224/27",
				"Private DMZ in": "10.0.0.0/27",
				"Public DMZ out": "10.0.0.96/27",
				"Web Tier":       "10.0.1.0/24",
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.WatchlistItem = armsecurityinsights.WatchlistItem{
	// 	Type: to.Ptr("Microsoft.SecurityInsights/Watchlists/WatchlistItems"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842"),
	// 	Etag: to.Ptr("0300bf09-0000-0000-0000-5c37296e0000"),
	// 	Properties: &armsecurityinsights.WatchlistItemProperties{
	// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-11-15T04:58:56.074Z"); return t}()),
	// 		CreatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		IsDeleted: to.Ptr(false),
	// 		ItemsKeyValue: map[string]any{
	// 			"Business tier": "10.0.2.0/24",
	// 			"Data tier": "10.0.2.0/24",
	// 			"Gateway subnet": "10.0.255.224/27",
	// 			"Private DMZ in": "10.0.0.0/27",
	// 			"Public DMZ out": "10.0.0.96/27",
	// 			"Web Tier": "10.0.1.0/24",
	// 		},
	// 		TenantID: to.Ptr("4008512e-1d30-48b2-9ee2-d3612ed9d3ea"),
	// 		Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-11-16T16:05:20.000Z"); return t}()),
	// 		UpdatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		WatchlistItemID: to.Ptr("82ba292c-dc97-4dfc-969d-d4dd9e666842"),
	// 		WatchlistItemType: to.Ptr("watchlist-item"),
	// 	},
	// }
}

Output:

func (*WatchlistItemsClient) Delete 

func (client *WatchlistItemsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientDeleteOptions) (WatchlistItemsClientDeleteResponse, error)

Delete - Delete a watchlist item. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - The watchlist alias
  • watchlistItemID - The watchlist item id (GUID)
  • options - WatchlistItemsClientDeleteOptions contains the optional parameters for the WatchlistItemsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/DeleteWatchlistItem.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewWatchlistItemsClient().Delete(ctx, "myRg", "myWorkspace", "highValueAsset", "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*WatchlistItemsClient) Get 

func (client *WatchlistItemsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientGetOptions) (WatchlistItemsClientGetResponse, error)

Get - Get a watchlist item. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - The watchlist alias
  • watchlistItemID - The watchlist item id (GUID)
  • options - WatchlistItemsClientGetOptions contains the optional parameters for the WatchlistItemsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/GetWatchlistItemById.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewWatchlistItemsClient().Get(ctx, "myRg", "myWorkspace", "highValueAsset", "3f8901fe-63d9-4875-9ad5-9fb3b8105797", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.WatchlistItem = armsecurityinsights.WatchlistItem{
	// 	Name: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/Watchlists/WatchlistItems"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576"),
	// 	Etag: to.Ptr("\"f2089bfa-0000-0d00-0000-601c58b42021\""),
	// 	Properties: &armsecurityinsights.WatchlistItemProperties{
	// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T20:27:32.378Z"); return t}()),
	// 		CreatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		EntityMapping: map[string]any{
	// 		},
	// 		IsDeleted: to.Ptr(false),
	// 		ItemsKeyValue: map[string]any{
	// 			"Header-1": "v1_1",
	// 			"Header-2": "v1_2",
	// 			"Header-3": "v1_3",
	// 			"Header-4": "v1_4",
	// 			"Header-5": "v1_5",
	// 		},
	// 		TenantID: to.Ptr("3f8901fe-63d9-4875-9ad5-9fb3b8105797"),
	// 		Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T20:27:32.378Z"); return t}()),
	// 		UpdatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		WatchlistItemID: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"),
	// 		WatchlistItemType: to.Ptr("watchlist-item"),
	// 	},
	// }
}

Output:

func (*WatchlistItemsClient) NewListPager added in v0.3.0 

func (client *WatchlistItemsClient) NewListPager(resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistItemsClientListOptions) *runtime.Pager[WatchlistItemsClientListResponse]

NewListPager - Get all watchlist Items.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - The watchlist alias
  • options - WatchlistItemsClientListOptions contains the optional parameters for the WatchlistItemsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/GetWatchlistItems.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewWatchlistItemsClient().NewListPager("myRg", "myWorkspace", "highValueAsset", &armsecurityinsights.WatchlistItemsClientListOptions{SkipToken: nil})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.WatchlistItemList = armsecurityinsights.WatchlistItemList{
		// 	Value: []*armsecurityinsights.WatchlistItem{
		// 		{
		// 			Name: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/Watchlists/WatchlistItems"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576"),
		// 			Etag: to.Ptr("\"f2089bfa-0000-0d00-0000-601c58b42021\""),
		// 			Properties: &armsecurityinsights.WatchlistItemProperties{
		// 				Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T20:27:32.378Z"); return t}()),
		// 				CreatedBy: &armsecurityinsights.UserInfo{
		// 					Name: to.Ptr("john doe"),
		// 					Email: to.Ptr("john@contoso.com"),
		// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		// 				},
		// 				EntityMapping: map[string]any{
		// 				},
		// 				IsDeleted: to.Ptr(false),
		// 				ItemsKeyValue: map[string]any{
		// 					"Header-1": "v1_1",
		// 					"Header-2": "v1_2",
		// 					"Header-3": "v1_3",
		// 					"Header-4": "v1_4",
		// 					"Header-5": "v1_5",
		// 				},
		// 				TenantID: to.Ptr("3f8901fe-63d9-4875-9ad5-9fb3b8105797"),
		// 				Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T20:27:32.378Z"); return t}()),
		// 				UpdatedBy: &armsecurityinsights.UserInfo{
		// 					Name: to.Ptr("john doe"),
		// 					Email: to.Ptr("john@contoso.com"),
		// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		// 				},
		// 				WatchlistItemID: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"),
		// 				WatchlistItemType: to.Ptr("watchlist-item"),
		// 			},
		// 	}},
		// }
	}
}

Output:

type WatchlistItemsClientCreateOrUpdateOptions 

type WatchlistItemsClientCreateOrUpdateOptions struct {
}

WatchlistItemsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistItemsClient.CreateOrUpdate method.

type WatchlistItemsClientCreateOrUpdateResponse 

type WatchlistItemsClientCreateOrUpdateResponse struct {
	// Represents a Watchlist Item in Azure Security Insights.
	WatchlistItem
}

WatchlistItemsClientCreateOrUpdateResponse contains the response from method WatchlistItemsClient.CreateOrUpdate.

type WatchlistItemsClientDeleteOptions 

type WatchlistItemsClientDeleteOptions struct {
}

WatchlistItemsClientDeleteOptions contains the optional parameters for the WatchlistItemsClient.Delete method.

type WatchlistItemsClientDeleteResponse 

type WatchlistItemsClientDeleteResponse struct {
}

WatchlistItemsClientDeleteResponse contains the response from method WatchlistItemsClient.Delete.

type WatchlistItemsClientGetOptions 

type WatchlistItemsClientGetOptions struct {
}

WatchlistItemsClientGetOptions contains the optional parameters for the WatchlistItemsClient.Get method.

type WatchlistItemsClientGetResponse 

type WatchlistItemsClientGetResponse struct {
	// Represents a Watchlist Item in Azure Security Insights.
	WatchlistItem
}

WatchlistItemsClientGetResponse contains the response from method WatchlistItemsClient.Get.

type WatchlistItemsClientListOptions 

type WatchlistItemsClientListOptions struct {
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
}

WatchlistItemsClientListOptions contains the optional parameters for the WatchlistItemsClient.NewListPager method.

type WatchlistItemsClientListResponse 

type WatchlistItemsClientListResponse struct {
	// List all the watchlist items.
	WatchlistItemList
}

WatchlistItemsClientListResponse contains the response from method WatchlistItemsClient.NewListPager.

type WatchlistList 

type WatchlistList struct {
	// REQUIRED; Array of watchlist.
	Value []*Watchlist

	// READ-ONLY; URL to fetch the next set of watchlists.
	NextLink *string
}

WatchlistList - List all the watchlists.

func (WatchlistList) MarshalJSON 

func (w WatchlistList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistList.

func (*WatchlistList) UnmarshalJSON added in v1.1.0 

func (w *WatchlistList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistList.

type WatchlistProperties 

type WatchlistProperties struct {
	// REQUIRED; The display name of the watchlist
	DisplayName *string

	// REQUIRED; The search key is used to optimize query performance when using watchlists for joins with other data. For example,
	// enable a column with IP addresses to be the designated SearchKey field, then use this
	// field as the key field when joining to other event data by IP address.
	ItemsSearchKey *string

	// REQUIRED; The provider of the watchlist
	Provider *string

	// REQUIRED; The source of the watchlist
	Source *Source

	// The content type of the raw content. For now, only text/csv is valid
	ContentType *string

	// The time the watchlist was created
	Created *time.Time

	// Describes a user that created the watchlist
	CreatedBy *UserInfo

	// The default duration of a watchlist (in ISO 8601 duration format)
	DefaultDuration *string

	// A description of the watchlist
	Description *string

	// A flag that indicates if the watchlist is deleted or not
	IsDeleted *bool

	// List of labels relevant to this watchlist
	Labels []*string

	// The number of lines in a csv content to skip before the header
	NumberOfLinesToSkip *int32

	// The raw content that represents to watchlist items to create. Example : This line will be skipped header1,header2 value1,value2
	RawContent *string

	// The tenantId where the watchlist belongs to
	TenantID *string

	// The last time the watchlist was updated
	Updated *time.Time

	// Describes a user that updated the watchlist
	UpdatedBy *UserInfo

	// The status of the Watchlist upload : New, InProgress or Complete. Note : When a Watchlist upload status is InProgress,
	// the Watchlist cannot be deleted
	UploadStatus *string

	// The alias of the watchlist
	WatchlistAlias *string

	// The id (a Guid) of the watchlist
	WatchlistID *string

	// The type of the watchlist
	WatchlistType *string
}

WatchlistProperties - Describes watchlist properties

func (WatchlistProperties) MarshalJSON 

func (w WatchlistProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistProperties.

func (*WatchlistProperties) UnmarshalJSON 

func (w *WatchlistProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistProperties.

type WatchlistsClient 

type WatchlistsClient struct {
	// contains filtered or unexported fields
}

WatchlistsClient contains the methods for the Watchlists group. Don't use this type directly, use NewWatchlistsClient() instead.

func NewWatchlistsClient 

func NewWatchlistsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*WatchlistsClient, error)

NewWatchlistsClient creates a new instance of WatchlistsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*WatchlistsClient) CreateOrUpdate 

func (client *WatchlistsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist, options *WatchlistsClientCreateOrUpdateOptions) (WatchlistsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with rawContent and contentType properties. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - The watchlist alias
  • watchlist - The watchlist
  • options - WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate method.
Example (CreateOrUpdateAWatchlist)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/CreateWatchlist.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewWatchlistsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "highValueAsset", armsecurityinsights.Watchlist{
		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		Properties: &armsecurityinsights.WatchlistProperties{
			Description:    to.Ptr("Watchlist from CSV content"),
			DisplayName:    to.Ptr("High Value Assets Watchlist"),
			ItemsSearchKey: to.Ptr("header1"),
			Provider:       to.Ptr("Microsoft"),
			Source:         to.Ptr(armsecurityinsights.SourceLocalFile),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Watchlist = armsecurityinsights.Watchlist{
	// 	Name: to.Ptr("highValueAsset"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 	Properties: &armsecurityinsights.WatchlistProperties{
	// 		Description: to.Ptr("Watchlist from CSV content"),
	// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.774Z"); return t}()),
	// 		CreatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		DisplayName: to.Ptr("High Value Assets Watchlist"),
	// 		IsDeleted: to.Ptr(false),
	// 		ItemsSearchKey: to.Ptr("header1"),
	// 		Provider: to.Ptr("Microsoft"),
	// 		Source: to.Ptr(armsecurityinsights.SourceLocalFile),
	// 		TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"),
	// 		Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57.000Z"); return t}()),
	// 		UpdatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		WatchlistAlias: to.Ptr("highValueAsset"),
	// 		WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"),
	// 		WatchlistType: to.Ptr("watchlist"),
	// 	},
	// }
}

Output:
Example (CreateOrUpdateAWatchlistAndBulkCreatesWatchlistItems)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/CreateWatchlistAndWatchlistItems.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewWatchlistsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "highValueAsset", armsecurityinsights.Watchlist{
		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		Properties: &armsecurityinsights.WatchlistProperties{
			Description:         to.Ptr("Watchlist from CSV content"),
			ContentType:         to.Ptr("text/csv"),
			DisplayName:         to.Ptr("High Value Assets Watchlist"),
			ItemsSearchKey:      to.Ptr("header1"),
			NumberOfLinesToSkip: to.Ptr[int32](1),
			Provider:            to.Ptr("Microsoft"),
			RawContent:          to.Ptr("This line will be skipped\nheader1,header2\nvalue1,value2"),
			Source:              to.Ptr(armsecurityinsights.SourceLocalFile),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Watchlist = armsecurityinsights.Watchlist{
	// 	Name: to.Ptr("highValueAsset"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 	Properties: &armsecurityinsights.WatchlistProperties{
	// 		Description: to.Ptr("Watchlist from CSV content"),
	// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.774Z"); return t}()),
	// 		CreatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		DisplayName: to.Ptr("High Value Assets Watchlist"),
	// 		IsDeleted: to.Ptr(false),
	// 		ItemsSearchKey: to.Ptr("header1"),
	// 		Provider: to.Ptr("Microsoft"),
	// 		Source: to.Ptr(armsecurityinsights.SourceLocalFile),
	// 		TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"),
	// 		Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57.000Z"); return t}()),
	// 		UpdatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		WatchlistAlias: to.Ptr("highValueAsset"),
	// 		WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"),
	// 		WatchlistType: to.Ptr("watchlist"),
	// 	},
	// }
}

Output:

func (*WatchlistsClient) Delete 

func (client *WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientDeleteOptions) (WatchlistsClientDeleteResponse, error)

Delete - Delete a watchlist. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - The watchlist alias
  • options - WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/DeleteWatchlist.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	_, err = clientFactory.NewWatchlistsClient().Delete(ctx, "myRg", "myWorkspace", "highValueAsset", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
}

Output:

func (*WatchlistsClient) Get 

func (client *WatchlistsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientGetOptions) (WatchlistsClientGetResponse, error)

Get - Get a watchlist, without its watchlist items. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - The watchlist alias
  • options - WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/GetWatchlistByAlias.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewWatchlistsClient().Get(ctx, "myRg", "myWorkspace", "highValueAsset", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.Watchlist = armsecurityinsights.Watchlist{
	// 	Name: to.Ptr("highValueAsset"),
	// 	Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"),
	// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"),
	// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 	Properties: &armsecurityinsights.WatchlistProperties{
	// 		Description: to.Ptr("Watchlist from CSV content"),
	// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.774Z"); return t}()),
	// 		CreatedBy: &armsecurityinsights.UserInfo{
	// 			Name: to.Ptr("john doe"),
	// 			Email: to.Ptr("john@contoso.com"),
	// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 		},
	// 		DefaultDuration: to.Ptr("P1279DT12H30M5S"),
	// 		DisplayName: to.Ptr("High Value Assets Watchlist"),
	// 		IsDeleted: to.Ptr(false),
	// 		ItemsSearchKey: to.Ptr("header1"),
	// 		Labels: []*string{
	// 			to.Ptr("Tag1"),
	// 			to.Ptr("Tag2")},
	// 			Provider: to.Ptr("Microsoft"),
	// 			Source: to.Ptr(armsecurityinsights.SourceLocalFile),
	// 			TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"),
	// 			Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57.000Z"); return t}()),
	// 			UpdatedBy: &armsecurityinsights.UserInfo{
	// 				Name: to.Ptr("john doe"),
	// 				Email: to.Ptr("john@contoso.com"),
	// 				ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 			},
	// 			WatchlistAlias: to.Ptr("highValueAsset"),
	// 			WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"),
	// 			WatchlistType: to.Ptr("watchlist"),
	// 		},
	// 	}
}

Output:

func (*WatchlistsClient) NewListPager added in v0.3.0 

func (client *WatchlistsClient) NewListPager(resourceGroupName string, workspaceName string, options *WatchlistsClientListOptions) *runtime.Pager[WatchlistsClientListResponse]

NewListPager - Get all watchlists, without watchlist items.

Generated from API version 2021-10-01

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - WatchlistsClientListOptions contains the optional parameters for the WatchlistsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/7a2ac91de424f271cf91cc8009f3fe9ee8249086/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/watchlists/GetWatchlists.json 

package main

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights"
)

func main() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewWatchlistsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.WatchlistsClientListOptions{SkipToken: nil})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.WatchlistList = armsecurityinsights.WatchlistList{
		// 	Value: []*armsecurityinsights.Watchlist{
		// 		{
		// 			Name: to.Ptr("highValueAsset"),
		// 			Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"),
		// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"),
		// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
		// 			Properties: &armsecurityinsights.WatchlistProperties{
		// 				Description: to.Ptr("Watchlist from CSV content"),
		// 				Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.774Z"); return t}()),
		// 				CreatedBy: &armsecurityinsights.UserInfo{
		// 					Name: to.Ptr("john doe"),
		// 					Email: to.Ptr("john@contoso.com"),
		// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		// 				},
		// 				DefaultDuration: to.Ptr("P1279DT12H30M5S"),
		// 				DisplayName: to.Ptr("High Value Assets Watchlist"),
		// 				IsDeleted: to.Ptr(false),
		// 				ItemsSearchKey: to.Ptr("header1"),
		// 				Labels: []*string{
		// 					to.Ptr("Tag1"),
		// 					to.Ptr("Tag2")},
		// 					Provider: to.Ptr("Microsoft"),
		// 					Source: to.Ptr(armsecurityinsights.SourceLocalFile),
		// 					TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"),
		// 					Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57.000Z"); return t}()),
		// 					UpdatedBy: &armsecurityinsights.UserInfo{
		// 						Name: to.Ptr("john doe"),
		// 						Email: to.Ptr("john@contoso.com"),
		// 						ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		// 					},
		// 					WatchlistAlias: to.Ptr("highValueAsset"),
		// 					WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"),
		// 					WatchlistType: to.Ptr("watchlist"),
		// 				},
		// 		}},
		// 	}
	}
}

Output:

type WatchlistsClientCreateOrUpdateOptions 

type WatchlistsClientCreateOrUpdateOptions struct {
}

WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate method.

type WatchlistsClientCreateOrUpdateResponse 

type WatchlistsClientCreateOrUpdateResponse struct {
	// Represents a Watchlist in Azure Security Insights.
	Watchlist
}

WatchlistsClientCreateOrUpdateResponse contains the response from method WatchlistsClient.CreateOrUpdate.

type WatchlistsClientDeleteOptions 

type WatchlistsClientDeleteOptions struct {
}

WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method.

type WatchlistsClientDeleteResponse 

type WatchlistsClientDeleteResponse struct {
}

WatchlistsClientDeleteResponse contains the response from method WatchlistsClient.Delete.

type WatchlistsClientGetOptions 

type WatchlistsClientGetOptions struct {
}

WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method.

type WatchlistsClientGetResponse 

type WatchlistsClientGetResponse struct {
	// Represents a Watchlist in Azure Security Insights.
	Watchlist
}

WatchlistsClientGetResponse contains the response from method WatchlistsClient.Get.

type WatchlistsClientListOptions 

type WatchlistsClientListOptions struct {
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
}

WatchlistsClientListOptions contains the optional parameters for the WatchlistsClient.NewListPager method.

type WatchlistsClientListResponse 

type WatchlistsClientListResponse struct {
	// List all the watchlists.
	WatchlistList
}

WatchlistsClientListResponse contains the response from method WatchlistsClient.NewListPager.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.