Documentation ¶
Overview ¶
Package securityinsight implements the Azure ARM Securityinsight service API version 2019-01-01-preview.
API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
Index ¶
- Constants
- func UserAgent() string
- func Version() string
- type AADDataConnector
- func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool)
- func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (adc AADDataConnector) MarshalJSON() ([]byte, error)
- func (adc *AADDataConnector) UnmarshalJSON(body []byte) error
- type AADDataConnectorProperties
- type AATPDataConnector
- func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool)
- func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (adc AATPDataConnector) MarshalJSON() ([]byte, error)
- func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error
- type AATPDataConnectorProperties
- type ASCDataConnector
- func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool)
- func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (adc ASCDataConnector) MarshalJSON() ([]byte, error)
- func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error
- type ASCDataConnectorProperties
- type AccountEntity
- func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool)
- func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool)
- func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool)
- func (ae AccountEntity) AsEntity() (*Entity, bool)
- func (ae AccountEntity) AsFileEntity() (*FileEntity, bool)
- func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (ae AccountEntity) AsHostEntity() (*HostEntity, bool)
- func (ae AccountEntity) AsIPEntity() (*IPEntity, bool)
- func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (ae AccountEntity) AsURLEntity() (*URLEntity, bool)
- func (ae AccountEntity) MarshalJSON() ([]byte, error)
- func (ae *AccountEntity) UnmarshalJSON(body []byte) error
- type AccountEntityProperties
- type ActionRequest
- type ActionRequestProperties
- type ActionResponse
- type ActionResponseProperties
- type ActionsClient
- func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, ...) (result ActionsListPage, err error)
- func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, ...) (result ActionsListIterator, err error)
- func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error)
- func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error)
- type ActionsList
- type ActionsListIterator
- type ActionsListPage
- type Aggregations
- type AggregationsKind
- type AggregationsKind1
- type AggregationsModel
- type AlertRule
- func (ar AlertRule) AsAlertRule() (*AlertRule, bool)
- func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
- func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
- func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
- func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
- func (ar AlertRule) MarshalJSON() ([]byte, error)
- type AlertRuleKind
- type AlertRuleKind1
- type AlertRuleModel
- type AlertRuleTemplate
- func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
- func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
- func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
- func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
- func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
- func (art AlertRuleTemplate) MarshalJSON() ([]byte, error)
- type AlertRuleTemplateModel
- type AlertRuleTemplatePropertiesBase
- type AlertRuleTemplatesClient
- func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, ...) (result AlertRuleTemplateModel, err error)
- func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error)
- func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, ...) (result AlertRuleTemplatesListPage, err error)
- func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result AlertRuleTemplatesListIterator, err error)
- func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error)
- func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error)
- type AlertRuleTemplatesList
- type AlertRuleTemplatesListIterator
- func (iter *AlertRuleTemplatesListIterator) Next() error
- func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter AlertRuleTemplatesListIterator) NotDone() bool
- func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList
- func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate
- type AlertRuleTemplatesListPage
- func (page *AlertRuleTemplatesListPage) Next() error
- func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error)
- func (page AlertRuleTemplatesListPage) NotDone() bool
- func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList
- func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate
- type AlertRulesClient
- func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result AlertRuleModel, err error)
- func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, ...) (result ActionResponse, err error)
- func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error)
- func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error)
- func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error)
- func (client AlertRulesClient) DeleteActionSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, ...) (result AlertRuleModel, err error)
- func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, ...) (result ActionResponse, err error)
- func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error)
- func (client AlertRulesClient) GetActionSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error)
- func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, ...) (result AlertRulesListPage, err error)
- func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result AlertRulesListIterator, err error)
- func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error)
- func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error)
- type AlertRulesList
- type AlertRulesListIterator
- func (iter *AlertRulesListIterator) Next() error
- func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter AlertRulesListIterator) NotDone() bool
- func (iter AlertRulesListIterator) Response() AlertRulesList
- func (iter AlertRulesListIterator) Value() BasicAlertRule
- type AlertRulesListPage
- type AlertSeverity
- type AlertStatus
- type AlertsDataTypeOfDataConnector
- type AlertsDataTypeOfDataConnectorAlerts
- type AttackTactic
- type AwsCloudTrailDataConnector
- func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)
- func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error
- type AwsCloudTrailDataConnectorDataTypes
- type AwsCloudTrailDataConnectorDataTypesLogs
- type AwsCloudTrailDataConnectorProperties
- type AzureResourceEntity
- func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool)
- func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool)
- func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool)
- func (are AzureResourceEntity) AsEntity() (*Entity, bool)
- func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool)
- func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool)
- func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool)
- func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool)
- func (are AzureResourceEntity) MarshalJSON() ([]byte, error)
- func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error
- type AzureResourceEntityProperties
- type BaseClient
- type BasicAggregations
- type BasicAlertRule
- type BasicAlertRuleTemplate
- type BasicDataConnector
- type BasicEntity
- type BasicSettings
- type Bookmark
- type BookmarkList
- type BookmarkListIterator
- type BookmarkListPage
- type BookmarkProperties
- type BookmarkRelation
- type BookmarkRelationList
- type BookmarkRelationListIterator
- func (iter *BookmarkRelationListIterator) Next() error
- func (iter *BookmarkRelationListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter BookmarkRelationListIterator) NotDone() bool
- func (iter BookmarkRelationListIterator) Response() BookmarkRelationList
- func (iter BookmarkRelationListIterator) Value() BookmarkRelation
- type BookmarkRelationListPage
- func (page *BookmarkRelationListPage) Next() error
- func (page *BookmarkRelationListPage) NextWithContext(ctx context.Context) (err error)
- func (page BookmarkRelationListPage) NotDone() bool
- func (page BookmarkRelationListPage) Response() BookmarkRelationList
- func (page BookmarkRelationListPage) Values() []BookmarkRelation
- type BookmarkRelationProperties
- type BookmarkRelationsClient
- func (client BookmarkRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, ...) (result BookmarkRelation, err error)
- func (client BookmarkRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarkRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result BookmarkRelation, err error)
- func (client BookmarkRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)
- func (client BookmarkRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client BookmarkRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarkRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)
- func (client BookmarkRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)
- func (client BookmarkRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, ...) (result BookmarkRelation, err error)
- func (client BookmarkRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarkRelationsClient) GetRelationResponder(resp *http.Response) (result BookmarkRelation, err error)
- func (client BookmarkRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)
- func (client BookmarkRelationsClient) List(ctx context.Context, resourceGroupName string, ...) (result BookmarkRelationListPage, err error)
- func (client BookmarkRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result BookmarkRelationListIterator, err error)
- func (client BookmarkRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarkRelationsClient) ListResponder(resp *http.Response) (result BookmarkRelationList, err error)
- func (client BookmarkRelationsClient) ListSender(req *http.Request) (*http.Response, error)
- type BookmarksClient
- func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result Bookmark, err error)
- func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error)
- func (client BookmarksClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)
- func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client BookmarksClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, ...) (result Bookmark, err error)
- func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error)
- func (client BookmarksClient) GetSender(req *http.Request) (*http.Response, error)
- func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, ...) (result BookmarkListPage, err error)
- func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result BookmarkListIterator, err error)
- func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error)
- func (client BookmarksClient) ListSender(req *http.Request) (*http.Response, error)
- type Case
- type CaseComment
- type CaseCommentList
- type CaseCommentListIterator
- func (iter *CaseCommentListIterator) Next() error
- func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter CaseCommentListIterator) NotDone() bool
- func (iter CaseCommentListIterator) Response() CaseCommentList
- func (iter CaseCommentListIterator) Value() CaseComment
- type CaseCommentListPage
- type CaseCommentProperties
- type CaseCommentsClient
- func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, ...) (result CaseComment, err error)
- func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error)
- func (client CaseCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error)
- type CaseList
- type CaseListIterator
- type CaseListPage
- type CaseProperties
- type CaseRelation
- type CaseRelationList
- type CaseRelationListIterator
- func (iter *CaseRelationListIterator) Next() error
- func (iter *CaseRelationListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter CaseRelationListIterator) NotDone() bool
- func (iter CaseRelationListIterator) Response() CaseRelationList
- func (iter CaseRelationListIterator) Value() CaseRelation
- type CaseRelationListPage
- type CaseRelationProperties
- type CaseRelationsClient
- func (client CaseRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, ...) (result CaseRelation, err error)
- func (client CaseRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CaseRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result CaseRelation, err error)
- func (client CaseRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)
- func (client CaseRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client CaseRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CaseRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)
- func (client CaseRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)
- func (client CaseRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, ...) (result CaseRelation, err error)
- func (client CaseRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CaseRelationsClient) GetRelationResponder(resp *http.Response) (result CaseRelation, err error)
- func (client CaseRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)
- func (client CaseRelationsClient) List(ctx context.Context, resourceGroupName string, ...) (result CaseRelationListPage, err error)
- func (client CaseRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result CaseRelationListIterator, err error)
- func (client CaseRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CaseRelationsClient) ListResponder(resp *http.Response) (result CaseRelationList, err error)
- func (client CaseRelationsClient) ListSender(req *http.Request) (*http.Response, error)
- type CaseSeverity
- type CaseStatus
- type CasesAggregation
- func (ca CasesAggregation) AsAggregations() (*Aggregations, bool)
- func (ca CasesAggregation) AsBasicAggregations() (BasicAggregations, bool)
- func (ca CasesAggregation) AsCasesAggregation() (*CasesAggregation, bool)
- func (ca CasesAggregation) MarshalJSON() ([]byte, error)
- func (ca *CasesAggregation) UnmarshalJSON(body []byte) error
- type CasesAggregationBySeverityProperties
- type CasesAggregationByStatusProperties
- type CasesAggregationProperties
- type CasesAggregationsClient
- func (client CasesAggregationsClient) Get(ctx context.Context, resourceGroupName string, ...) (result AggregationsModel, err error)
- func (client CasesAggregationsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesAggregationsClient) GetResponder(resp *http.Response) (result AggregationsModel, err error)
- func (client CasesAggregationsClient) GetSender(req *http.Request) (*http.Response, error)
- type CasesClient
- func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result Case, err error)
- func (client CasesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesClient) CreateOrUpdateResponder(resp *http.Response) (result Case, err error)
- func (client CasesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)
- func (client CasesClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client CasesClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client CasesClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client CasesClient) Get(ctx context.Context, resourceGroupName string, ...) (result Case, err error)
- func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, ...) (result CaseComment, err error)
- func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error)
- func (client CasesClient) GetCommentSender(req *http.Request) (*http.Response, error)
- func (client CasesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesClient) GetResponder(resp *http.Response) (result Case, err error)
- func (client CasesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client CasesClient) List(ctx context.Context, resourceGroupName string, ...) (result CaseListPage, err error)
- func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result CaseListIterator, err error)
- func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CasesClient) ListResponder(resp *http.Response) (result CaseList, err error)
- func (client CasesClient) ListSender(req *http.Request) (*http.Response, error)
- type CloseReason
- type CloudApplicationEntity
- func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool)
- func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool)
- func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool)
- func (cae CloudApplicationEntity) AsEntity() (*Entity, bool)
- func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool)
- func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool)
- func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool)
- func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool)
- func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error)
- func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error
- type CloudApplicationEntityProperties
- type CloudError
- type CloudErrorBody
- type CommentsClient
- func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, ...) (result CaseCommentListPage, err error)
- func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, ...) (result CaseCommentListIterator, err error)
- func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error)
- func (client CommentsClient) ListByCaseSender(req *http.Request) (*http.Response, error)
- type ConfidenceLevel
- type ConfidenceScoreStatus
- type DNSEntity
- func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool)
- func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (de DNSEntity) AsBasicEntity() (BasicEntity, bool)
- func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool)
- func (de DNSEntity) AsEntity() (*Entity, bool)
- func (de DNSEntity) AsFileEntity() (*FileEntity, bool)
- func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (de DNSEntity) AsHostEntity() (*HostEntity, bool)
- func (de DNSEntity) AsIPEntity() (*IPEntity, bool)
- func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (de DNSEntity) AsURLEntity() (*URLEntity, bool)
- func (de DNSEntity) MarshalJSON() ([]byte, error)
- func (de *DNSEntity) UnmarshalJSON(body []byte) error
- type DNSEntityProperties
- type DataConnector
- func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (dc DataConnector) AsDataConnector() (*DataConnector, bool)
- func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (dc DataConnector) MarshalJSON() ([]byte, error)
- type DataConnectorDataTypeCommon
- type DataConnectorKind
- type DataConnectorKind1
- type DataConnectorList
- type DataConnectorListIterator
- func (iter *DataConnectorListIterator) Next() error
- func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter DataConnectorListIterator) NotDone() bool
- func (iter DataConnectorListIterator) Response() DataConnectorList
- func (iter DataConnectorListIterator) Value() BasicDataConnector
- type DataConnectorListPage
- func (page *DataConnectorListPage) Next() error
- func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error)
- func (page DataConnectorListPage) NotDone() bool
- func (page DataConnectorListPage) Response() DataConnectorList
- func (page DataConnectorListPage) Values() []BasicDataConnector
- type DataConnectorModel
- type DataConnectorStatus
- type DataConnectorTenantID
- type DataConnectorWithAlertsProperties
- type DataConnectorsClient
- func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result DataConnectorModel, err error)
- func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error)
- func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)
- func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, ...) (result DataConnectorModel, err error)
- func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error)
- func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error)
- func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, ...) (result DataConnectorListPage, err error)
- func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result DataConnectorListIterator, err error)
- func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error)
- func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error)
- type DataTypeState
- type DataTypeStatus
- type ElevationToken
- type EntitiesClient
- func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, ...) (result EntityExpandResponse, err error)
- func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error)
- func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error)
- func (client EntitiesClient) Get(ctx context.Context, resourceGroupName string, ...) (result EntityModel, err error)
- func (client EntitiesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntitiesClient) GetResponder(resp *http.Response) (result EntityModel, err error)
- func (client EntitiesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client EntitiesClient) List(ctx context.Context, resourceGroupName string, ...) (result EntityListPage, err error)
- func (client EntitiesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result EntityListIterator, err error)
- func (client EntitiesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntitiesClient) ListResponder(resp *http.Response) (result EntityList, err error)
- func (client EntitiesClient) ListSender(req *http.Request) (*http.Response, error)
- type Entity
- func (e Entity) AsAccountEntity() (*AccountEntity, bool)
- func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (e Entity) AsBasicEntity() (BasicEntity, bool)
- func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (e Entity) AsDNSEntity() (*DNSEntity, bool)
- func (e Entity) AsEntity() (*Entity, bool)
- func (e Entity) AsFileEntity() (*FileEntity, bool)
- func (e Entity) AsFileHashEntity() (*FileHashEntity, bool)
- func (e Entity) AsHostEntity() (*HostEntity, bool)
- func (e Entity) AsIPEntity() (*IPEntity, bool)
- func (e Entity) AsMalwareEntity() (*MalwareEntity, bool)
- func (e Entity) AsProcessEntity() (*ProcessEntity, bool)
- func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (e Entity) AsSecurityAlert() (*SecurityAlert, bool)
- func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (e Entity) AsURLEntity() (*URLEntity, bool)
- func (e Entity) MarshalJSON() ([]byte, error)
- type EntityCommonProperties
- type EntityExpandParameters
- type EntityExpandResponse
- type EntityExpandResponseValue
- type EntityKind
- type EntityKind1
- type EntityList
- type EntityListIterator
- type EntityListPage
- type EntityModel
- type EntityQueriesClient
- func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, ...) (result EntityQuery, err error)
- func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQuery, err error)
- func (client EntityQueriesClient) GetSender(req *http.Request) (*http.Response, error)
- func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, ...) (result EntityQueryListPage, err error)
- func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result EntityQueryListIterator, err error)
- func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error)
- func (client EntityQueriesClient) ListSender(req *http.Request) (*http.Response, error)
- type EntityQuery
- type EntityQueryList
- type EntityQueryListIterator
- func (iter *EntityQueryListIterator) Next() error
- func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter EntityQueryListIterator) NotDone() bool
- func (iter EntityQueryListIterator) Response() EntityQueryList
- func (iter EntityQueryListIterator) Value() EntityQuery
- type EntityQueryListPage
- type EntityQueryProperties
- type EntityType
- type ExpansionResultAggregation
- type ExpansionResultsMetadata
- type FileEntity
- func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool)
- func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (fe FileEntity) AsBasicEntity() (BasicEntity, bool)
- func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool)
- func (fe FileEntity) AsEntity() (*Entity, bool)
- func (fe FileEntity) AsFileEntity() (*FileEntity, bool)
- func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (fe FileEntity) AsHostEntity() (*HostEntity, bool)
- func (fe FileEntity) AsIPEntity() (*IPEntity, bool)
- func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (fe FileEntity) AsURLEntity() (*URLEntity, bool)
- func (fe FileEntity) MarshalJSON() ([]byte, error)
- func (fe *FileEntity) UnmarshalJSON(body []byte) error
- type FileEntityProperties
- type FileHashAlgorithm
- type FileHashEntity
- func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool)
- func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool)
- func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool)
- func (fhe FileHashEntity) AsEntity() (*Entity, bool)
- func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool)
- func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool)
- func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool)
- func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool)
- func (fhe FileHashEntity) MarshalJSON() ([]byte, error)
- func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error
- type FileHashEntityProperties
- type FusionAlertRule
- func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool)
- func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
- func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
- func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
- func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
- func (far FusionAlertRule) MarshalJSON() ([]byte, error)
- func (far *FusionAlertRule) UnmarshalJSON(body []byte) error
- type FusionAlertRuleProperties
- type FusionAlertRuleTemplate
- func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
- func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
- func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
- func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
- func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
- func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)
- func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error
- type FusionAlertRuleTemplateProperties
- type GeoLocation
- type HostEntity
- func (he HostEntity) AsAccountEntity() (*AccountEntity, bool)
- func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (he HostEntity) AsBasicEntity() (BasicEntity, bool)
- func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (he HostEntity) AsDNSEntity() (*DNSEntity, bool)
- func (he HostEntity) AsEntity() (*Entity, bool)
- func (he HostEntity) AsFileEntity() (*FileEntity, bool)
- func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (he HostEntity) AsHostEntity() (*HostEntity, bool)
- func (he HostEntity) AsIPEntity() (*IPEntity, bool)
- func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (he HostEntity) AsURLEntity() (*URLEntity, bool)
- func (he HostEntity) MarshalJSON() ([]byte, error)
- func (he *HostEntity) UnmarshalJSON(body []byte) error
- type HostEntityProperties
- type IPEntity
- func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool)
- func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (ie IPEntity) AsBasicEntity() (BasicEntity, bool)
- func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool)
- func (ie IPEntity) AsEntity() (*Entity, bool)
- func (ie IPEntity) AsFileEntity() (*FileEntity, bool)
- func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (ie IPEntity) AsHostEntity() (*HostEntity, bool)
- func (ie IPEntity) AsIPEntity() (*IPEntity, bool)
- func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (ie IPEntity) AsURLEntity() (*URLEntity, bool)
- func (ie IPEntity) MarshalJSON() ([]byte, error)
- func (ie *IPEntity) UnmarshalJSON(body []byte) error
- type IPEntityProperties
- type KillChainIntent
- type Kind
- type KindBasicAlertRule
- type KindBasicAlertRuleTemplate
- type KindBasicDataConnector
- type KindBasicEntity
- type KindBasicSettings
- type LicenseStatus
- type MCASDataConnector
- func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool)
- func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (mdc MCASDataConnector) MarshalJSON() ([]byte, error)
- func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error
- type MCASDataConnectorDataTypes
- type MCASDataConnectorDataTypesDiscoveryLogs
- type MCASDataConnectorProperties
- type MDATPDataConnector
- func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool)
- func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error)
- func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error
- type MDATPDataConnectorProperties
- type MalwareEntity
- func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool)
- func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool)
- func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool)
- func (me MalwareEntity) AsEntity() (*Entity, bool)
- func (me MalwareEntity) AsFileEntity() (*FileEntity, bool)
- func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (me MalwareEntity) AsHostEntity() (*HostEntity, bool)
- func (me MalwareEntity) AsIPEntity() (*IPEntity, bool)
- func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (me MalwareEntity) AsURLEntity() (*URLEntity, bool)
- func (me MalwareEntity) MarshalJSON() ([]byte, error)
- func (me *MalwareEntity) UnmarshalJSON(body []byte) error
- type MalwareEntityProperties
- type MicrosoftSecurityIncidentCreationAlertRule
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool)
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
- func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)
- func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error
- type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties
- type MicrosoftSecurityIncidentCreationAlertRuleProperties
- type MicrosoftSecurityIncidentCreationAlertRuleTemplate
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
- func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)
- func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error
- type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties
- type MicrosoftSecurityProductName
- type OSFamily
- type OfficeConsent
- type OfficeConsentList
- type OfficeConsentListIterator
- func (iter *OfficeConsentListIterator) Next() error
- func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error)
- func (iter OfficeConsentListIterator) NotDone() bool
- func (iter OfficeConsentListIterator) Response() OfficeConsentList
- func (iter OfficeConsentListIterator) Value() OfficeConsent
- type OfficeConsentListPage
- func (page *OfficeConsentListPage) Next() error
- func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error)
- func (page OfficeConsentListPage) NotDone() bool
- func (page OfficeConsentListPage) Response() OfficeConsentList
- func (page OfficeConsentListPage) Values() []OfficeConsent
- type OfficeConsentProperties
- type OfficeConsentsClient
- func (client OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error)
- func (client OfficeConsentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client OfficeConsentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
- func (client OfficeConsentsClient) DeleteSender(req *http.Request) (*http.Response, error)
- func (client OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, ...) (result OfficeConsent, err error)
- func (client OfficeConsentsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client OfficeConsentsClient) GetResponder(resp *http.Response) (result OfficeConsent, err error)
- func (client OfficeConsentsClient) GetSender(req *http.Request) (*http.Response, error)
- func (client OfficeConsentsClient) List(ctx context.Context, resourceGroupName string, ...) (result OfficeConsentListPage, err error)
- func (client OfficeConsentsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result OfficeConsentListIterator, err error)
- func (client OfficeConsentsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client OfficeConsentsClient) ListResponder(resp *http.Response) (result OfficeConsentList, err error)
- func (client OfficeConsentsClient) ListSender(req *http.Request) (*http.Response, error)
- type OfficeDataConnector
- func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool)
- func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (odc OfficeDataConnector) MarshalJSON() ([]byte, error)
- func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error
- type OfficeDataConnectorDataTypes
- type OfficeDataConnectorDataTypesExchange
- type OfficeDataConnectorDataTypesSharePoint
- type OfficeDataConnectorProperties
- type Operation
- type OperationDisplay
- type OperationsClient
- func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error)
- func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error)
- func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error)
- func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error)
- func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error)
- type OperationsList
- type OperationsListIterator
- type OperationsListPage
- type ProcessEntity
- func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool)
- func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool)
- func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool)
- func (peVar ProcessEntity) AsEntity() (*Entity, bool)
- func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool)
- func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool)
- func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool)
- func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool)
- func (peVar ProcessEntity) MarshalJSON() ([]byte, error)
- func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error
- type ProcessEntityProperties
- type ProductSettingsClient
- func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, ...) (result SettingsModel, err error)
- func (client ProductSettingsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ProductSettingsClient) GetResponder(resp *http.Response) (result SettingsModel, err error)
- func (client ProductSettingsClient) GetSender(req *http.Request) (*http.Response, error)
- func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, ...) (result SettingsModel, err error)
- func (client ProductSettingsClient) UpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error)
- func (client ProductSettingsClient) UpdateResponder(resp *http.Response) (result SettingsModel, err error)
- func (client ProductSettingsClient) UpdateSender(req *http.Request) (*http.Response, error)
- type RegistryHive
- type RegistryKeyEntity
- func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool)
- func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool)
- func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool)
- func (rke RegistryKeyEntity) AsEntity() (*Entity, bool)
- func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool)
- func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool)
- func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool)
- func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool)
- func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error)
- func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error
- type RegistryKeyEntityProperties
- type RegistryValueEntity
- func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool)
- func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool)
- func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool)
- func (rve RegistryValueEntity) AsEntity() (*Entity, bool)
- func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool)
- func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool)
- func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool)
- func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool)
- func (rve RegistryValueEntity) MarshalJSON() ([]byte, error)
- func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error
- type RegistryValueEntityProperties
- type RegistryValueKind
- type RelationBase
- type RelationNode
- type RelationNodeKind
- type RelationTypes
- type RelationsModelInput
- type RelationsModelInputProperties
- type Resource
- type ResourceWithEtag
- type ScheduledAlertRule
- func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool)
- func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
- func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
- func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
- func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
- func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error)
- func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error
- type ScheduledAlertRuleCommonProperties
- type ScheduledAlertRuleProperties
- type ScheduledAlertRuleTemplate
- func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
- func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
- func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
- func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
- func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
- func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)
- func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error
- type ScheduledAlertRuleTemplateProperties
- type SecurityAlert
- func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool)
- func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool)
- func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool)
- func (sa SecurityAlert) AsEntity() (*Entity, bool)
- func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool)
- func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool)
- func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool)
- func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool)
- func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool)
- func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool)
- func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool)
- func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool)
- func (sa SecurityAlert) MarshalJSON() ([]byte, error)
- func (sa *SecurityAlert) UnmarshalJSON(body []byte) error
- type SecurityAlertProperties
- type SecurityAlertPropertiesConfidenceReasonsItem
- type SecurityGroupEntity
- func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool)
- func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool)
- func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool)
- func (sge SecurityGroupEntity) AsEntity() (*Entity, bool)
- func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool)
- func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool)
- func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool)
- func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool)
- func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error)
- func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error
- type SecurityGroupEntityProperties
- type SettingKind
- type Settings
- type SettingsKind
- type SettingsModel
- type StatusInMcas
- type TIDataConnector
- func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
- func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
- func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
- func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
- func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
- func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool)
- func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
- func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
- func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
- func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
- func (tdc TIDataConnector) MarshalJSON() ([]byte, error)
- func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error
- type TIDataConnectorDataTypes
- type TIDataConnectorDataTypesIndicators
- type TIDataConnectorProperties
- type TemplateStatus
- type ThreatIntelligence
- type ToggleSettings
- func (ts ToggleSettings) AsBasicSettings() (BasicSettings, bool)
- func (ts ToggleSettings) AsSettings() (*Settings, bool)
- func (ts ToggleSettings) AsToggleSettings() (*ToggleSettings, bool)
- func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool)
- func (ts ToggleSettings) MarshalJSON() ([]byte, error)
- func (ts *ToggleSettings) UnmarshalJSON(body []byte) error
- type ToggleSettingsProperties
- type TriggerOperator
- type URLEntity
- func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool)
- func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
- func (ue URLEntity) AsBasicEntity() (BasicEntity, bool)
- func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
- func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool)
- func (ue URLEntity) AsEntity() (*Entity, bool)
- func (ue URLEntity) AsFileEntity() (*FileEntity, bool)
- func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool)
- func (ue URLEntity) AsHostEntity() (*HostEntity, bool)
- func (ue URLEntity) AsIPEntity() (*IPEntity, bool)
- func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool)
- func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool)
- func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
- func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
- func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool)
- func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
- func (ue URLEntity) AsURLEntity() (*URLEntity, bool)
- func (ue URLEntity) MarshalJSON() ([]byte, error)
- func (ue *URLEntity) UnmarshalJSON(body []byte) error
- type URLEntityProperties
- type UebaSettings
- func (us UebaSettings) AsBasicSettings() (BasicSettings, bool)
- func (us UebaSettings) AsSettings() (*Settings, bool)
- func (us UebaSettings) AsToggleSettings() (*ToggleSettings, bool)
- func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool)
- func (us UebaSettings) MarshalJSON() ([]byte, error)
- func (us *UebaSettings) UnmarshalJSON(body []byte) error
- type UebaSettingsProperties
- type UserInfo
Constants ¶
const (
// DefaultBaseURI is the default URI used for the service Securityinsight
DefaultBaseURI = "https://management.azure.com"
)
Variables ¶
This section is empty.
Functions ¶
func UserAgent ¶
func UserAgent() string
UserAgent returns the UserAgent string to use when sending http.Requests.
func Version ¶
func Version() string
Version returns the semantic version (see http://semver.org) of the client.
Types ¶
type AADDataConnector ¶
type AADDataConnector struct { // AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties. *AADDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` }
AADDataConnector represents AAD (Azure Active Directory) data connector.
func (AADDataConnector) AsAADDataConnector ¶
func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsAATPDataConnector ¶
func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsASCDataConnector ¶
func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsAwsCloudTrailDataConnector ¶
func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsBasicDataConnector ¶
func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsDataConnector ¶
func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsMCASDataConnector ¶
func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsMDATPDataConnector ¶
func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsOfficeDataConnector ¶
func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) AsTIDataConnector ¶
func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector.
func (AADDataConnector) MarshalJSON ¶
func (adc AADDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AADDataConnector.
func (*AADDataConnector) UnmarshalJSON ¶
func (adc *AADDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AADDataConnector struct.
type AADDataConnectorProperties ¶
type AADDataConnectorProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
AADDataConnectorProperties AAD (Azure Active Directory) data connector properties.
type AATPDataConnector ¶
type AATPDataConnector struct { // AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties. *AATPDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` }
AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector.
func (AATPDataConnector) AsAADDataConnector ¶
func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsAATPDataConnector ¶
func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsASCDataConnector ¶
func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsAwsCloudTrailDataConnector ¶
func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsBasicDataConnector ¶
func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsDataConnector ¶
func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsMCASDataConnector ¶
func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsMDATPDataConnector ¶
func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsOfficeDataConnector ¶
func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) AsTIDataConnector ¶
func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector.
func (AATPDataConnector) MarshalJSON ¶
func (adc AATPDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AATPDataConnector.
func (*AATPDataConnector) UnmarshalJSON ¶
func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct.
type AATPDataConnectorProperties ¶
type AATPDataConnectorProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties.
type ASCDataConnector ¶
type ASCDataConnector struct { // ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties. *ASCDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` }
ASCDataConnector represents ASC (Azure Security Center) data connector.
func (ASCDataConnector) AsAADDataConnector ¶
func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsAATPDataConnector ¶
func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsASCDataConnector ¶
func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsAwsCloudTrailDataConnector ¶
func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsBasicDataConnector ¶
func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsDataConnector ¶
func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsMCASDataConnector ¶
func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsMDATPDataConnector ¶
func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsOfficeDataConnector ¶
func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) AsTIDataConnector ¶
func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector.
func (ASCDataConnector) MarshalJSON ¶
func (adc ASCDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ASCDataConnector.
func (*ASCDataConnector) UnmarshalJSON ¶
func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ASCDataConnector struct.
type ASCDataConnectorProperties ¶
type ASCDataConnectorProperties struct { // SubscriptionID - The subscription id to connect to, and get the data from. SubscriptionID *string `json:"subscriptionId,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
ASCDataConnectorProperties ASC (Azure Security Center) data connector properties.
type AccountEntity ¶
type AccountEntity struct { // AccountEntityProperties - Account entity properties *AccountEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
AccountEntity represents an account entity.
func (AccountEntity) AsAccountEntity ¶
func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsAzureResourceEntity ¶
func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsBasicEntity ¶
func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsCloudApplicationEntity ¶
func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsDNSEntity ¶
func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsEntity ¶
func (ae AccountEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsFileEntity ¶
func (ae AccountEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsFileHashEntity ¶
func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsHostEntity ¶
func (ae AccountEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsIPEntity ¶
func (ae AccountEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsMalwareEntity ¶
func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsProcessEntity ¶
func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsRegistryKeyEntity ¶
func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsRegistryValueEntity ¶
func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsSecurityAlert ¶
func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsSecurityGroupEntity ¶
func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) AsURLEntity ¶
func (ae AccountEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for AccountEntity.
func (AccountEntity) MarshalJSON ¶
func (ae AccountEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AccountEntity.
func (*AccountEntity) UnmarshalJSON ¶
func (ae *AccountEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AccountEntity struct.
type AccountEntityProperties ¶
type AccountEntityProperties struct { // AadTenantID - READ-ONLY; The Azure Active Directory tenant id. AadTenantID *string `json:"aadTenantId,omitempty"` // AadUserID - READ-ONLY; The Azure Active Directory user id. AadUserID *string `json:"aadUserId,omitempty"` // AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator. AccountName *string `json:"accountName,omitempty"` // DisplayName - READ-ONLY; The display name of the account. DisplayName *string `json:"displayName,omitempty"` // HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined) HostEntityID *string `json:"hostEntityId,omitempty"` // IsDomainJoined - READ-ONLY; Determines whether this is a domain account. IsDomainJoined *bool `json:"isDomainJoined,omitempty"` // NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY. NtDomain *string `json:"ntDomain,omitempty"` // ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory. ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` // Puid - READ-ONLY; The Azure Active Directory Passport User ID. Puid *string `json:"puid,omitempty"` // Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18. Sid *string `json:"sid,omitempty"` // UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com. UpnSuffix *string `json:"upnSuffix,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
AccountEntityProperties account entity property bag.
func (AccountEntityProperties) MarshalJSON ¶
func (aep AccountEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AccountEntityProperties.
type ActionRequest ¶
type ActionRequest struct { // ActionRequestProperties - Action properties for put request *ActionRequestProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
ActionRequest action for alert rule.
func (ActionRequest) MarshalJSON ¶
func (ar ActionRequest) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ActionRequest.
func (*ActionRequest) UnmarshalJSON ¶
func (ar *ActionRequest) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ActionRequest struct.
type ActionRequestProperties ¶
type ActionRequestProperties struct { // TriggerURI - Logic App Callback URL for this specific workflow. TriggerURI *string `json:"triggerUri,omitempty"` }
ActionRequestProperties action property bag.
type ActionResponse ¶
type ActionResponse struct { autorest.Response `json:"-"` // Etag - Etag of the action. Etag *string `json:"etag,omitempty"` // ActionResponseProperties - Action properties for get request *ActionResponseProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
ActionResponse action for alert rule.
func (ActionResponse) MarshalJSON ¶
func (ar ActionResponse) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ActionResponse.
func (*ActionResponse) UnmarshalJSON ¶
func (ar *ActionResponse) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ActionResponse struct.
type ActionResponseProperties ¶
type ActionResponseProperties struct { // WorkflowID - The name of the logic app's workflow. WorkflowID *string `json:"workflowId,omitempty"` }
ActionResponseProperties action property bag.
type ActionsClient ¶
type ActionsClient struct {
BaseClient
}
ActionsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewActionsClient ¶
func NewActionsClient(subscriptionID string) ActionsClient
NewActionsClient creates an instance of the ActionsClient client.
func NewActionsClientWithBaseURI ¶
func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient
NewActionsClientWithBaseURI creates an instance of the ActionsClient client.
func (ActionsClient) ListByAlertRule ¶
func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListPage, err error)
ListByAlertRule gets all actions of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID
func (ActionsClient) ListByAlertRuleComplete ¶
func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListIterator, err error)
ListByAlertRuleComplete enumerates all values, automatically crossing page boundaries as required.
func (ActionsClient) ListByAlertRulePreparer ¶
func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)
ListByAlertRulePreparer prepares the ListByAlertRule request.
func (ActionsClient) ListByAlertRuleResponder ¶
func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error)
ListByAlertRuleResponder handles the response to the ListByAlertRule request. The method always closes the http.Response Body.
func (ActionsClient) ListByAlertRuleSender ¶
ListByAlertRuleSender sends the ListByAlertRule request. The method will close the http.Response Body if it receives an error.
type ActionsList ¶
type ActionsList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of actions. NextLink *string `json:"nextLink,omitempty"` // Value - Array of actions. Value *[]ActionResponse `json:"value,omitempty"` }
ActionsList list all the actions.
func (ActionsList) IsEmpty ¶
func (al ActionsList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
type ActionsListIterator ¶
type ActionsListIterator struct {
// contains filtered or unexported fields
}
ActionsListIterator provides access to a complete listing of ActionResponse values.
func NewActionsListIterator ¶
func NewActionsListIterator(page ActionsListPage) ActionsListIterator
Creates a new instance of the ActionsListIterator type.
func (*ActionsListIterator) Next ¶
func (iter *ActionsListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*ActionsListIterator) NextWithContext ¶
func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (ActionsListIterator) NotDone ¶
func (iter ActionsListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (ActionsListIterator) Response ¶
func (iter ActionsListIterator) Response() ActionsList
Response returns the raw server response from the last page request.
func (ActionsListIterator) Value ¶
func (iter ActionsListIterator) Value() ActionResponse
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type ActionsListPage ¶
type ActionsListPage struct {
// contains filtered or unexported fields
}
ActionsListPage contains a page of ActionResponse values.
func NewActionsListPage ¶
func NewActionsListPage(getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage
Creates a new instance of the ActionsListPage type.
func (*ActionsListPage) Next ¶
func (page *ActionsListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*ActionsListPage) NextWithContext ¶
func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (ActionsListPage) NotDone ¶
func (page ActionsListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (ActionsListPage) Response ¶
func (page ActionsListPage) Response() ActionsList
Response returns the raw server response from the last page request.
func (ActionsListPage) Values ¶
func (page ActionsListPage) Values() []ActionResponse
Values returns the slice of values for the current page or nil if there are no values.
type Aggregations ¶
type Aggregations struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation' Kind Kind `json:"kind,omitempty"` }
Aggregations the aggregation.
func (Aggregations) AsAggregations ¶
func (a Aggregations) AsAggregations() (*Aggregations, bool)
AsAggregations is the BasicAggregations implementation for Aggregations.
func (Aggregations) AsBasicAggregations ¶
func (a Aggregations) AsBasicAggregations() (BasicAggregations, bool)
AsBasicAggregations is the BasicAggregations implementation for Aggregations.
func (Aggregations) AsCasesAggregation ¶
func (a Aggregations) AsCasesAggregation() (*CasesAggregation, bool)
AsCasesAggregation is the BasicAggregations implementation for Aggregations.
func (Aggregations) MarshalJSON ¶
func (a Aggregations) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for Aggregations.
type AggregationsKind ¶
type AggregationsKind string
AggregationsKind enumerates the values for aggregations kind.
const ( // AggregationsKindCasesAggregation ... AggregationsKindCasesAggregation AggregationsKind = "CasesAggregation" )
func PossibleAggregationsKindValues ¶
func PossibleAggregationsKindValues() []AggregationsKind
PossibleAggregationsKindValues returns an array of possible values for the AggregationsKind const type.
type AggregationsKind1 ¶
type AggregationsKind1 struct { // Kind - The kind of the setting. Possible values include: 'AggregationsKindCasesAggregation' Kind AggregationsKind `json:"kind,omitempty"` }
AggregationsKind1 describes an Azure resource with kind.
type AggregationsModel ¶
type AggregationsModel struct { autorest.Response `json:"-"` Value BasicAggregations `json:"value,omitempty"` }
AggregationsModel ...
func (*AggregationsModel) UnmarshalJSON ¶
func (am *AggregationsModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AggregationsModel struct.
type AlertRule ¶
type AlertRule struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' Kind KindBasicAlertRule `json:"kind,omitempty"` }
AlertRule alert rule.
func (AlertRule) AsAlertRule ¶
AsAlertRule is the BasicAlertRule implementation for AlertRule.
func (AlertRule) AsBasicAlertRule ¶
func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
AsBasicAlertRule is the BasicAlertRule implementation for AlertRule.
func (AlertRule) AsFusionAlertRule ¶
func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
AsFusionAlertRule is the BasicAlertRule implementation for AlertRule.
func (AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule ¶
func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for AlertRule.
func (AlertRule) AsScheduledAlertRule ¶
func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule.
func (AlertRule) MarshalJSON ¶
MarshalJSON is the custom marshaler for AlertRule.
type AlertRuleKind ¶
type AlertRuleKind string
AlertRuleKind enumerates the values for alert rule kind.
const ( // Fusion ... Fusion AlertRuleKind = "Fusion" // MicrosoftSecurityIncidentCreation ... MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation" // Scheduled ... Scheduled AlertRuleKind = "Scheduled" )
func PossibleAlertRuleKindValues ¶
func PossibleAlertRuleKindValues() []AlertRuleKind
PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type.
type AlertRuleKind1 ¶
type AlertRuleKind1 struct { // Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion' Kind AlertRuleKind `json:"kind,omitempty"` }
AlertRuleKind1 describes an Azure resource with kind.
type AlertRuleModel ¶
type AlertRuleModel struct { autorest.Response `json:"-"` Value BasicAlertRule `json:"value,omitempty"` }
AlertRuleModel ...
func (*AlertRuleModel) UnmarshalJSON ¶
func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AlertRuleModel struct.
type AlertRuleTemplate ¶
type AlertRuleTemplate struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` }
AlertRuleTemplate alert rule template.
func (AlertRuleTemplate) AsAlertRuleTemplate ¶
func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.
func (AlertRuleTemplate) AsBasicAlertRuleTemplate ¶
func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.
func (AlertRuleTemplate) AsFusionAlertRuleTemplate ¶
func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.
func (AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.
func (AlertRuleTemplate) AsScheduledAlertRuleTemplate ¶
func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.
func (AlertRuleTemplate) MarshalJSON ¶
func (art AlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AlertRuleTemplate.
type AlertRuleTemplateModel ¶
type AlertRuleTemplateModel struct { autorest.Response `json:"-"` Value BasicAlertRuleTemplate `json:"value,omitempty"` }
AlertRuleTemplateModel ...
func (*AlertRuleTemplateModel) UnmarshalJSON ¶
func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct.
type AlertRuleTemplatePropertiesBase ¶
type AlertRuleTemplatePropertiesBase struct { // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` // DisplayName - The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' Status TemplateStatus `json:"status,omitempty"` // Tactics - The tactics of the alert rule template Tactics *[]AttackTactic `json:"tactics,omitempty"` }
AlertRuleTemplatePropertiesBase base alert rule template property bag.
type AlertRuleTemplatesClient ¶
type AlertRuleTemplatesClient struct {
BaseClient
}
AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewAlertRuleTemplatesClient ¶
func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient
NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client.
func NewAlertRuleTemplatesClientWithBaseURI ¶
func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient
NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client.
func (AlertRuleTemplatesClient) Get ¶
func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error)
Get gets the alert rule template. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. alertRuleTemplateID - alert rule template ID
func (AlertRuleTemplatesClient) GetPreparer ¶
func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (AlertRuleTemplatesClient) GetResponder ¶
func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (AlertRuleTemplatesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (AlertRuleTemplatesClient) List ¶
func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListPage, err error)
List gets all alert rule templates. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (AlertRuleTemplatesClient) ListComplete ¶
func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (AlertRuleTemplatesClient) ListPreparer ¶
func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (AlertRuleTemplatesClient) ListResponder ¶
func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (AlertRuleTemplatesClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type AlertRuleTemplatesList ¶
type AlertRuleTemplatesList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of alert rule templates. NextLink *string `json:"nextLink,omitempty"` // Value - Array of alert rule templates. Value *[]BasicAlertRuleTemplate `json:"value,omitempty"` }
AlertRuleTemplatesList list all the alert rule templates.
func (AlertRuleTemplatesList) IsEmpty ¶
func (artl AlertRuleTemplatesList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (*AlertRuleTemplatesList) UnmarshalJSON ¶
func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct.
type AlertRuleTemplatesListIterator ¶
type AlertRuleTemplatesListIterator struct {
// contains filtered or unexported fields
}
AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values.
func NewAlertRuleTemplatesListIterator ¶
func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator
Creates a new instance of the AlertRuleTemplatesListIterator type.
func (*AlertRuleTemplatesListIterator) Next ¶
func (iter *AlertRuleTemplatesListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*AlertRuleTemplatesListIterator) NextWithContext ¶
func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (AlertRuleTemplatesListIterator) NotDone ¶
func (iter AlertRuleTemplatesListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (AlertRuleTemplatesListIterator) Response ¶
func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList
Response returns the raw server response from the last page request.
func (AlertRuleTemplatesListIterator) Value ¶
func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type AlertRuleTemplatesListPage ¶
type AlertRuleTemplatesListPage struct {
// contains filtered or unexported fields
}
AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values.
func NewAlertRuleTemplatesListPage ¶
func NewAlertRuleTemplatesListPage(getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage
Creates a new instance of the AlertRuleTemplatesListPage type.
func (*AlertRuleTemplatesListPage) Next ¶
func (page *AlertRuleTemplatesListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*AlertRuleTemplatesListPage) NextWithContext ¶
func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (AlertRuleTemplatesListPage) NotDone ¶
func (page AlertRuleTemplatesListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (AlertRuleTemplatesListPage) Response ¶
func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList
Response returns the raw server response from the last page request.
func (AlertRuleTemplatesListPage) Values ¶
func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate
Values returns the slice of values for the current page or nil if there are no values.
type AlertRulesClient ¶
type AlertRulesClient struct {
BaseClient
}
AlertRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewAlertRulesClient ¶
func NewAlertRulesClient(subscriptionID string) AlertRulesClient
NewAlertRulesClient creates an instance of the AlertRulesClient client.
func NewAlertRulesClientWithBaseURI ¶
func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient
NewAlertRulesClientWithBaseURI creates an instance of the AlertRulesClient client.
func (AlertRulesClient) CreateOrUpdate ¶
func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (result AlertRuleModel, err error)
CreateOrUpdate creates or updates the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID alertRule - the alert rule
func (AlertRulesClient) CreateOrUpdateAction ¶
func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (result ActionResponse, err error)
CreateOrUpdateAction creates or updates the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID action - the action
func (AlertRulesClient) CreateOrUpdateActionPreparer ¶
func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (*http.Request, error)
CreateOrUpdateActionPreparer prepares the CreateOrUpdateAction request.
func (AlertRulesClient) CreateOrUpdateActionResponder ¶
func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error)
CreateOrUpdateActionResponder handles the response to the CreateOrUpdateAction request. The method always closes the http.Response Body.
func (AlertRulesClient) CreateOrUpdateActionSender ¶
func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error)
CreateOrUpdateActionSender sends the CreateOrUpdateAction request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) CreateOrUpdatePreparer ¶
func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (*http.Request, error)
CreateOrUpdatePreparer prepares the CreateOrUpdate request.
func (AlertRulesClient) CreateOrUpdateResponder ¶
func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error)
CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.
func (AlertRulesClient) CreateOrUpdateSender ¶
CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) Delete ¶
func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result autorest.Response, err error)
Delete delete the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID
func (AlertRulesClient) DeleteAction ¶
func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error)
DeleteAction delete the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID
func (AlertRulesClient) DeleteActionPreparer ¶
func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)
DeleteActionPreparer prepares the DeleteAction request.
func (AlertRulesClient) DeleteActionResponder ¶
func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error)
DeleteActionResponder handles the response to the DeleteAction request. The method always closes the http.Response Body.
func (AlertRulesClient) DeleteActionSender ¶
DeleteActionSender sends the DeleteAction request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) DeletePreparer ¶
func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (AlertRulesClient) DeleteResponder ¶
func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (AlertRulesClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) Get ¶
func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result AlertRuleModel, err error)
Get gets the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID
func (AlertRulesClient) GetAction ¶
func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result ActionResponse, err error)
GetAction gets the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID
func (AlertRulesClient) GetActionPreparer ¶
func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)
GetActionPreparer prepares the GetAction request.
func (AlertRulesClient) GetActionResponder ¶
func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error)
GetActionResponder handles the response to the GetAction request. The method always closes the http.Response Body.
func (AlertRulesClient) GetActionSender ¶
GetActionSender sends the GetAction request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) GetPreparer ¶
func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (AlertRulesClient) GetResponder ¶
func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (AlertRulesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (AlertRulesClient) List ¶
func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListPage, err error)
List gets all alert rules. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (AlertRulesClient) ListComplete ¶
func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (AlertRulesClient) ListPreparer ¶
func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (AlertRulesClient) ListResponder ¶
func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (AlertRulesClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type AlertRulesList ¶
type AlertRulesList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of alert rules. NextLink *string `json:"nextLink,omitempty"` // Value - Array of alert rules. Value *[]BasicAlertRule `json:"value,omitempty"` }
AlertRulesList list all the alert rules.
func (AlertRulesList) IsEmpty ¶
func (arl AlertRulesList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (*AlertRulesList) UnmarshalJSON ¶
func (arl *AlertRulesList) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AlertRulesList struct.
type AlertRulesListIterator ¶
type AlertRulesListIterator struct {
// contains filtered or unexported fields
}
AlertRulesListIterator provides access to a complete listing of AlertRule values.
func NewAlertRulesListIterator ¶
func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator
Creates a new instance of the AlertRulesListIterator type.
func (*AlertRulesListIterator) Next ¶
func (iter *AlertRulesListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*AlertRulesListIterator) NextWithContext ¶
func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (AlertRulesListIterator) NotDone ¶
func (iter AlertRulesListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (AlertRulesListIterator) Response ¶
func (iter AlertRulesListIterator) Response() AlertRulesList
Response returns the raw server response from the last page request.
func (AlertRulesListIterator) Value ¶
func (iter AlertRulesListIterator) Value() BasicAlertRule
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type AlertRulesListPage ¶
type AlertRulesListPage struct {
// contains filtered or unexported fields
}
AlertRulesListPage contains a page of BasicAlertRule values.
func NewAlertRulesListPage ¶
func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage
Creates a new instance of the AlertRulesListPage type.
func (*AlertRulesListPage) Next ¶
func (page *AlertRulesListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*AlertRulesListPage) NextWithContext ¶
func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (AlertRulesListPage) NotDone ¶
func (page AlertRulesListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (AlertRulesListPage) Response ¶
func (page AlertRulesListPage) Response() AlertRulesList
Response returns the raw server response from the last page request.
func (AlertRulesListPage) Values ¶
func (page AlertRulesListPage) Values() []BasicAlertRule
Values returns the slice of values for the current page or nil if there are no values.
type AlertSeverity ¶
type AlertSeverity string
AlertSeverity enumerates the values for alert severity.
const ( // High High severity High AlertSeverity = "High" // Informational Informational severity Informational AlertSeverity = "Informational" // Low Low severity Low AlertSeverity = "Low" // Medium Medium severity Medium AlertSeverity = "Medium" )
func PossibleAlertSeverityValues ¶
func PossibleAlertSeverityValues() []AlertSeverity
PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type.
type AlertStatus ¶
type AlertStatus string
AlertStatus enumerates the values for alert status.
const ( // AlertStatusDismissed Alert dismissed as false positive AlertStatusDismissed AlertStatus = "Dismissed" // AlertStatusInProgress Alert is being handled AlertStatusInProgress AlertStatus = "InProgress" // AlertStatusNew New alert AlertStatusNew AlertStatus = "New" // AlertStatusResolved Alert closed after handling AlertStatusResolved AlertStatus = "Resolved" // AlertStatusUnknown Unknown value AlertStatusUnknown AlertStatus = "Unknown" )
func PossibleAlertStatusValues ¶
func PossibleAlertStatusValues() []AlertStatus
PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type.
type AlertsDataTypeOfDataConnector ¶
type AlertsDataTypeOfDataConnector struct { // Alerts - Alerts data type connection. Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` }
AlertsDataTypeOfDataConnector alerts data type for data connectors.
type AlertsDataTypeOfDataConnectorAlerts ¶
type AlertsDataTypeOfDataConnectorAlerts struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
AlertsDataTypeOfDataConnectorAlerts alerts data type connection.
type AttackTactic ¶
type AttackTactic string
AttackTactic enumerates the values for attack tactic.
const ( // Collection ... Collection AttackTactic = "Collection" // CommandAndControl ... CommandAndControl AttackTactic = "CommandAndControl" // CredentialAccess ... CredentialAccess AttackTactic = "CredentialAccess" // DefenseEvasion ... DefenseEvasion AttackTactic = "DefenseEvasion" // Discovery ... Discovery AttackTactic = "Discovery" // Execution ... Execution AttackTactic = "Execution" // Exfiltration ... Exfiltration AttackTactic = "Exfiltration" // Impact ... Impact AttackTactic = "Impact" // InitialAccess ... InitialAccess AttackTactic = "InitialAccess" // LateralMovement ... LateralMovement AttackTactic = "LateralMovement" // Persistence ... Persistence AttackTactic = "Persistence" // PrivilegeEscalation ... PrivilegeEscalation AttackTactic = "PrivilegeEscalation" )
func PossibleAttackTacticValues ¶
func PossibleAttackTacticValues() []AttackTactic
PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type.
type AwsCloudTrailDataConnector ¶
type AwsCloudTrailDataConnector struct { // AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties. *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` }
AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector.
func (AwsCloudTrailDataConnector) AsAADDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsAATPDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsASCDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsBasicDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsMCASDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsMDATPDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsOfficeDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) AsTIDataConnector ¶
func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.
func (AwsCloudTrailDataConnector) MarshalJSON ¶
func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector.
func (*AwsCloudTrailDataConnector) UnmarshalJSON ¶
func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct.
type AwsCloudTrailDataConnectorDataTypes ¶
type AwsCloudTrailDataConnectorDataTypes struct { // Logs - Logs data type. Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"` }
AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data connector.
type AwsCloudTrailDataConnectorDataTypesLogs ¶
type AwsCloudTrailDataConnectorDataTypesLogs struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
AwsCloudTrailDataConnectorDataTypesLogs logs data type.
type AwsCloudTrailDataConnectorProperties ¶
type AwsCloudTrailDataConnectorProperties struct { // AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account. AwsRoleArn *string `json:"awsRoleArn,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"` }
AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties.
type AzureResourceEntity ¶
type AzureResourceEntity struct { // AzureResourceEntityProperties - AzureResource entity properties *AzureResourceEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
AzureResourceEntity represents an azure resource entity.
func (AzureResourceEntity) AsAccountEntity ¶
func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsAzureResourceEntity ¶
func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsBasicEntity ¶
func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsCloudApplicationEntity ¶
func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsDNSEntity ¶
func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsEntity ¶
func (are AzureResourceEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsFileEntity ¶
func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsFileHashEntity ¶
func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsHostEntity ¶
func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsIPEntity ¶
func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsMalwareEntity ¶
func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsProcessEntity ¶
func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsRegistryKeyEntity ¶
func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsRegistryValueEntity ¶
func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsSecurityAlert ¶
func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsSecurityGroupEntity ¶
func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) AsURLEntity ¶
func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for AzureResourceEntity.
func (AzureResourceEntity) MarshalJSON ¶
func (are AzureResourceEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AzureResourceEntity.
func (*AzureResourceEntity) UnmarshalJSON ¶
func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct.
type AzureResourceEntityProperties ¶
type AzureResourceEntityProperties struct { // ResourceID - READ-ONLY; The azure resource id of the resource ResourceID *string `json:"resourceId,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
AzureResourceEntityProperties azureResource entity property bag.
func (AzureResourceEntityProperties) MarshalJSON ¶
func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for AzureResourceEntityProperties.
type BaseClient ¶
BaseClient is the base client for Securityinsight.
func New ¶
func New(subscriptionID string) BaseClient
New creates an instance of the BaseClient client.
func NewWithBaseURI ¶
func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient
NewWithBaseURI creates an instance of the BaseClient client.
type BasicAggregations ¶
type BasicAggregations interface { AsCasesAggregation() (*CasesAggregation, bool) AsAggregations() (*Aggregations, bool) }
BasicAggregations the aggregation.
type BasicAlertRule ¶
type BasicAlertRule interface { AsFusionAlertRule() (*FusionAlertRule, bool) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) AsScheduledAlertRule() (*ScheduledAlertRule, bool) AsAlertRule() (*AlertRule, bool) }
BasicAlertRule alert rule.
type BasicAlertRuleTemplate ¶
type BasicAlertRuleTemplate interface { AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) }
BasicAlertRuleTemplate alert rule template.
type BasicDataConnector ¶
type BasicDataConnector interface { AsAADDataConnector() (*AADDataConnector, bool) AsAATPDataConnector() (*AATPDataConnector, bool) AsASCDataConnector() (*ASCDataConnector, bool) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) AsMCASDataConnector() (*MCASDataConnector, bool) AsMDATPDataConnector() (*MDATPDataConnector, bool) AsOfficeDataConnector() (*OfficeDataConnector, bool) AsTIDataConnector() (*TIDataConnector, bool) AsDataConnector() (*DataConnector, bool) }
BasicDataConnector data connector.
type BasicEntity ¶
type BasicEntity interface { AsAccountEntity() (*AccountEntity, bool) AsAzureResourceEntity() (*AzureResourceEntity, bool) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) AsDNSEntity() (*DNSEntity, bool) AsFileEntity() (*FileEntity, bool) AsFileHashEntity() (*FileHashEntity, bool) AsHostEntity() (*HostEntity, bool) AsIPEntity() (*IPEntity, bool) AsMalwareEntity() (*MalwareEntity, bool) AsProcessEntity() (*ProcessEntity, bool) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) AsRegistryValueEntity() (*RegistryValueEntity, bool) AsSecurityAlert() (*SecurityAlert, bool) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) AsURLEntity() (*URLEntity, bool) AsEntity() (*Entity, bool) }
BasicEntity specific entity.
type BasicSettings ¶
type BasicSettings interface { AsToggleSettings() (*ToggleSettings, bool) AsUebaSettings() (*UebaSettings, bool) AsSettings() (*Settings, bool) }
BasicSettings the Setting.
type Bookmark ¶
type Bookmark struct { autorest.Response `json:"-"` // BookmarkProperties - Bookmark properties *BookmarkProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
Bookmark represents a bookmark in Azure Security Insights.
func (Bookmark) MarshalJSON ¶
MarshalJSON is the custom marshaler for Bookmark.
func (*Bookmark) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for Bookmark struct.
type BookmarkList ¶
type BookmarkList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of cases. NextLink *string `json:"nextLink,omitempty"` // Value - Array of bookmarks. Value *[]Bookmark `json:"value,omitempty"` }
BookmarkList list all the bookmarks.
func (BookmarkList) IsEmpty ¶
func (bl BookmarkList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
type BookmarkListIterator ¶
type BookmarkListIterator struct {
// contains filtered or unexported fields
}
BookmarkListIterator provides access to a complete listing of Bookmark values.
func NewBookmarkListIterator ¶
func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator
Creates a new instance of the BookmarkListIterator type.
func (*BookmarkListIterator) Next ¶
func (iter *BookmarkListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*BookmarkListIterator) NextWithContext ¶
func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (BookmarkListIterator) NotDone ¶
func (iter BookmarkListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (BookmarkListIterator) Response ¶
func (iter BookmarkListIterator) Response() BookmarkList
Response returns the raw server response from the last page request.
func (BookmarkListIterator) Value ¶
func (iter BookmarkListIterator) Value() Bookmark
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type BookmarkListPage ¶
type BookmarkListPage struct {
// contains filtered or unexported fields
}
BookmarkListPage contains a page of Bookmark values.
func NewBookmarkListPage ¶
func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage
Creates a new instance of the BookmarkListPage type.
func (*BookmarkListPage) Next ¶
func (page *BookmarkListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*BookmarkListPage) NextWithContext ¶
func (page *BookmarkListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (BookmarkListPage) NotDone ¶
func (page BookmarkListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (BookmarkListPage) Response ¶
func (page BookmarkListPage) Response() BookmarkList
Response returns the raw server response from the last page request.
func (BookmarkListPage) Values ¶
func (page BookmarkListPage) Values() []Bookmark
Values returns the slice of values for the current page or nil if there are no values.
type BookmarkProperties ¶
type BookmarkProperties struct { // Created - The time the bookmark was created Created *date.Time `json:"created,omitempty"` // CreatedBy - Describes a user that created the bookmark CreatedBy *UserInfo `json:"createdBy,omitempty"` // DisplayName - The display name of the bookmark DisplayName *string `json:"displayName,omitempty"` // Labels - List of labels relevant to this bookmark Labels *[]string `json:"labels,omitempty"` // Notes - The notes of the bookmark Notes *string `json:"notes,omitempty"` // Query - The query of the bookmark. Query *string `json:"query,omitempty"` // QueryResult - The query result of the bookmark. QueryResult *string `json:"queryResult,omitempty"` // Updated - The last time the bookmark was updated Updated *date.Time `json:"updated,omitempty"` // UpdatedBy - Describes a user that updated the bookmark UpdatedBy *UserInfo `json:"updatedBy,omitempty"` }
BookmarkProperties describes bookmark properties
type BookmarkRelation ¶
type BookmarkRelation struct { autorest.Response `json:"-"` // BookmarkRelationProperties - Bookmark relation properties *BookmarkRelationProperties `json:"properties,omitempty"` // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' Kind RelationTypes `json:"kind,omitempty"` // Etag - ETag for relation Etag *string `json:"etag,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
BookmarkRelation represents a bookmark relation
func (BookmarkRelation) MarshalJSON ¶
func (br BookmarkRelation) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for BookmarkRelation.
func (*BookmarkRelation) UnmarshalJSON ¶
func (br *BookmarkRelation) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for BookmarkRelation struct.
type BookmarkRelationList ¶
type BookmarkRelationList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of relations. NextLink *string `json:"nextLink,omitempty"` // Value - Array of relations. Value *[]BookmarkRelation `json:"value,omitempty"` }
BookmarkRelationList list of bookmark relations.
func (BookmarkRelationList) IsEmpty ¶
func (brl BookmarkRelationList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
type BookmarkRelationListIterator ¶
type BookmarkRelationListIterator struct {
// contains filtered or unexported fields
}
BookmarkRelationListIterator provides access to a complete listing of BookmarkRelation values.
func NewBookmarkRelationListIterator ¶
func NewBookmarkRelationListIterator(page BookmarkRelationListPage) BookmarkRelationListIterator
Creates a new instance of the BookmarkRelationListIterator type.
func (*BookmarkRelationListIterator) Next ¶
func (iter *BookmarkRelationListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*BookmarkRelationListIterator) NextWithContext ¶
func (iter *BookmarkRelationListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (BookmarkRelationListIterator) NotDone ¶
func (iter BookmarkRelationListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (BookmarkRelationListIterator) Response ¶
func (iter BookmarkRelationListIterator) Response() BookmarkRelationList
Response returns the raw server response from the last page request.
func (BookmarkRelationListIterator) Value ¶
func (iter BookmarkRelationListIterator) Value() BookmarkRelation
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type BookmarkRelationListPage ¶
type BookmarkRelationListPage struct {
// contains filtered or unexported fields
}
BookmarkRelationListPage contains a page of BookmarkRelation values.
func NewBookmarkRelationListPage ¶
func NewBookmarkRelationListPage(getNextPage func(context.Context, BookmarkRelationList) (BookmarkRelationList, error)) BookmarkRelationListPage
Creates a new instance of the BookmarkRelationListPage type.
func (*BookmarkRelationListPage) Next ¶
func (page *BookmarkRelationListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*BookmarkRelationListPage) NextWithContext ¶
func (page *BookmarkRelationListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (BookmarkRelationListPage) NotDone ¶
func (page BookmarkRelationListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (BookmarkRelationListPage) Response ¶
func (page BookmarkRelationListPage) Response() BookmarkRelationList
Response returns the raw server response from the last page request.
func (BookmarkRelationListPage) Values ¶
func (page BookmarkRelationListPage) Values() []BookmarkRelation
Values returns the slice of values for the current page or nil if there are no values.
type BookmarkRelationProperties ¶
type BookmarkRelationProperties struct { // RelationName - Name of relation RelationName *string `json:"relationName,omitempty"` // BookmarkID - The case related bookmark id BookmarkID *string `json:"bookmarkId,omitempty"` // CaseIdentifier - The case identifier CaseIdentifier *string `json:"caseIdentifier,omitempty"` // CaseTitle - The case title CaseTitle *string `json:"caseTitle,omitempty"` // CaseSeverity - The case severity CaseSeverity *string `json:"caseSeverity,omitempty"` }
BookmarkRelationProperties bookmark relation properties
type BookmarkRelationsClient ¶
type BookmarkRelationsClient struct {
BaseClient
}
BookmarkRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewBookmarkRelationsClient ¶
func NewBookmarkRelationsClient(subscriptionID string) BookmarkRelationsClient
NewBookmarkRelationsClient creates an instance of the BookmarkRelationsClient client.
func NewBookmarkRelationsClientWithBaseURI ¶
func NewBookmarkRelationsClientWithBaseURI(baseURI string, subscriptionID string) BookmarkRelationsClient
NewBookmarkRelationsClientWithBaseURI creates an instance of the BookmarkRelationsClient client.
func (BookmarkRelationsClient) CreateOrUpdateRelation ¶
func (client BookmarkRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relationInputModel RelationsModelInput) (result BookmarkRelation, err error)
CreateOrUpdateRelation creates the bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name relationInputModel - the relation input model
func (BookmarkRelationsClient) CreateOrUpdateRelationPreparer ¶
func (client BookmarkRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relationInputModel RelationsModelInput) (*http.Request, error)
CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.
func (BookmarkRelationsClient) CreateOrUpdateRelationResponder ¶
func (client BookmarkRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result BookmarkRelation, err error)
CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.
func (BookmarkRelationsClient) CreateOrUpdateRelationSender ¶
func (client BookmarkRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)
CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.
func (BookmarkRelationsClient) DeleteRelation ¶
func (client BookmarkRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result autorest.Response, err error)
DeleteRelation delete the bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name
func (BookmarkRelationsClient) DeleteRelationPreparer ¶
func (client BookmarkRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)
DeleteRelationPreparer prepares the DeleteRelation request.
func (BookmarkRelationsClient) DeleteRelationResponder ¶
func (client BookmarkRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)
DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.
func (BookmarkRelationsClient) DeleteRelationSender ¶
func (client BookmarkRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)
DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.
func (BookmarkRelationsClient) GetRelation ¶
func (client BookmarkRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result BookmarkRelation, err error)
GetRelation gets a bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name
func (BookmarkRelationsClient) GetRelationPreparer ¶
func (client BookmarkRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)
GetRelationPreparer prepares the GetRelation request.
func (BookmarkRelationsClient) GetRelationResponder ¶
func (client BookmarkRelationsClient) GetRelationResponder(resp *http.Response) (result BookmarkRelation, err error)
GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.
func (BookmarkRelationsClient) GetRelationSender ¶
GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.
func (BookmarkRelationsClient) List ¶
func (client BookmarkRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result BookmarkRelationListPage, err error)
List gets all bookmark relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (BookmarkRelationsClient) ListComplete ¶
func (client BookmarkRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result BookmarkRelationListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (BookmarkRelationsClient) ListPreparer ¶
func (client BookmarkRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListPreparer prepares the List request.
func (BookmarkRelationsClient) ListResponder ¶
func (client BookmarkRelationsClient) ListResponder(resp *http.Response) (result BookmarkRelationList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (BookmarkRelationsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type BookmarksClient ¶
type BookmarksClient struct {
BaseClient
}
BookmarksClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewBookmarksClient ¶
func NewBookmarksClient(subscriptionID string) BookmarksClient
NewBookmarksClient creates an instance of the BookmarksClient client.
func NewBookmarksClientWithBaseURI ¶
func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient
NewBookmarksClientWithBaseURI creates an instance of the BookmarksClient client.
func (BookmarksClient) CreateOrUpdate ¶
func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (result Bookmark, err error)
CreateOrUpdate creates or updates the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID bookmark - the bookmark
func (BookmarksClient) CreateOrUpdatePreparer ¶
func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (*http.Request, error)
CreateOrUpdatePreparer prepares the CreateOrUpdate request.
func (BookmarksClient) CreateOrUpdateResponder ¶
func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error)
CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.
func (BookmarksClient) CreateOrUpdateSender ¶
CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.
func (BookmarksClient) Delete ¶
func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result autorest.Response, err error)
Delete delete the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID
func (BookmarksClient) DeletePreparer ¶
func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (BookmarksClient) DeleteResponder ¶
func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (BookmarksClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (BookmarksClient) Get ¶
func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result Bookmark, err error)
Get gets a bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID
func (BookmarksClient) GetPreparer ¶
func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (BookmarksClient) GetResponder ¶
func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (BookmarksClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (BookmarksClient) List ¶
func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListPage, err error)
List gets all bookmarks. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (BookmarksClient) ListComplete ¶
func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (BookmarksClient) ListPreparer ¶
func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (BookmarksClient) ListResponder ¶
func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (BookmarksClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type Case ¶
type Case struct { autorest.Response `json:"-"` // CaseProperties - Case properties *CaseProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
Case represents a case in Azure Security Insights.
func (Case) MarshalJSON ¶
MarshalJSON is the custom marshaler for Case.
func (*Case) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for Case struct.
type CaseComment ¶
type CaseComment struct { autorest.Response `json:"-"` // CaseCommentProperties - Case comment properties *CaseCommentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
CaseComment represents a case comment
func (CaseComment) MarshalJSON ¶
func (cc CaseComment) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CaseComment.
func (*CaseComment) UnmarshalJSON ¶
func (cc *CaseComment) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for CaseComment struct.
type CaseCommentList ¶
type CaseCommentList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of comments. NextLink *string `json:"nextLink,omitempty"` // Value - Array of comments. Value *[]CaseComment `json:"value,omitempty"` }
CaseCommentList list of case comments.
func (CaseCommentList) IsEmpty ¶
func (ccl CaseCommentList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
type CaseCommentListIterator ¶
type CaseCommentListIterator struct {
// contains filtered or unexported fields
}
CaseCommentListIterator provides access to a complete listing of CaseComment values.
func NewCaseCommentListIterator ¶
func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator
Creates a new instance of the CaseCommentListIterator type.
func (*CaseCommentListIterator) Next ¶
func (iter *CaseCommentListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseCommentListIterator) NextWithContext ¶
func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (CaseCommentListIterator) NotDone ¶
func (iter CaseCommentListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (CaseCommentListIterator) Response ¶
func (iter CaseCommentListIterator) Response() CaseCommentList
Response returns the raw server response from the last page request.
func (CaseCommentListIterator) Value ¶
func (iter CaseCommentListIterator) Value() CaseComment
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type CaseCommentListPage ¶
type CaseCommentListPage struct {
// contains filtered or unexported fields
}
CaseCommentListPage contains a page of CaseComment values.
func NewCaseCommentListPage ¶
func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage
Creates a new instance of the CaseCommentListPage type.
func (*CaseCommentListPage) Next ¶
func (page *CaseCommentListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseCommentListPage) NextWithContext ¶
func (page *CaseCommentListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (CaseCommentListPage) NotDone ¶
func (page CaseCommentListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (CaseCommentListPage) Response ¶
func (page CaseCommentListPage) Response() CaseCommentList
Response returns the raw server response from the last page request.
func (CaseCommentListPage) Values ¶
func (page CaseCommentListPage) Values() []CaseComment
Values returns the slice of values for the current page or nil if there are no values.
type CaseCommentProperties ¶
type CaseCommentProperties struct { // CreatedTimeUtc - READ-ONLY; The time the comment was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` // Message - The comment message Message *string `json:"message,omitempty"` // UserInfo - READ-ONLY; Describes the user that created the comment UserInfo *UserInfo `json:"userInfo,omitempty"` }
CaseCommentProperties case comment property bag.
type CaseCommentsClient ¶
type CaseCommentsClient struct {
BaseClient
}
CaseCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewCaseCommentsClient ¶
func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient
NewCaseCommentsClient creates an instance of the CaseCommentsClient client.
func NewCaseCommentsClientWithBaseURI ¶
func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient
NewCaseCommentsClientWithBaseURI creates an instance of the CaseCommentsClient client.
func (CaseCommentsClient) CreateComment ¶
func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (result CaseComment, err error)
CreateComment creates the case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID caseComment - the case comment
func (CaseCommentsClient) CreateCommentPreparer ¶
func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (*http.Request, error)
CreateCommentPreparer prepares the CreateComment request.
func (CaseCommentsClient) CreateCommentResponder ¶
func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error)
CreateCommentResponder handles the response to the CreateComment request. The method always closes the http.Response Body.
func (CaseCommentsClient) CreateCommentSender ¶
CreateCommentSender sends the CreateComment request. The method will close the http.Response Body if it receives an error.
type CaseList ¶
type CaseList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of cases. NextLink *string `json:"nextLink,omitempty"` // Value - Array of cases. Value *[]Case `json:"value,omitempty"` }
CaseList list all the cases.
type CaseListIterator ¶
type CaseListIterator struct {
// contains filtered or unexported fields
}
CaseListIterator provides access to a complete listing of Case values.
func NewCaseListIterator ¶
func NewCaseListIterator(page CaseListPage) CaseListIterator
Creates a new instance of the CaseListIterator type.
func (*CaseListIterator) Next ¶
func (iter *CaseListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseListIterator) NextWithContext ¶
func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (CaseListIterator) NotDone ¶
func (iter CaseListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (CaseListIterator) Response ¶
func (iter CaseListIterator) Response() CaseList
Response returns the raw server response from the last page request.
func (CaseListIterator) Value ¶
func (iter CaseListIterator) Value() Case
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type CaseListPage ¶
type CaseListPage struct {
// contains filtered or unexported fields
}
CaseListPage contains a page of Case values.
func NewCaseListPage ¶
Creates a new instance of the CaseListPage type.
func (*CaseListPage) Next ¶
func (page *CaseListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseListPage) NextWithContext ¶
func (page *CaseListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (CaseListPage) NotDone ¶
func (page CaseListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (CaseListPage) Response ¶
func (page CaseListPage) Response() CaseList
Response returns the raw server response from the last page request.
func (CaseListPage) Values ¶
func (page CaseListPage) Values() []Case
Values returns the slice of values for the current page or nil if there are no values.
type CaseProperties ¶
type CaseProperties struct { // CaseNumber - READ-ONLY; a sequential number CaseNumber *int32 `json:"caseNumber,omitempty"` // CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other' CloseReason CloseReason `json:"closeReason,omitempty"` // ClosedReasonText - the case close reason details ClosedReasonText *string `json:"closedReasonText,omitempty"` // CreatedTimeUtc - READ-ONLY; The time the case was created CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"` // Description - The description of the case Description *string `json:"description,omitempty"` // EndTimeUtc - The end time of the case EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` // Labels - List of labels relevant to this case Labels *[]string `json:"labels,omitempty"` // LastComment - READ-ONLY; the last comment in the case LastComment *string `json:"lastComment,omitempty"` // LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"` // Owner - Describes a user that the case is assigned to Owner *UserInfo `json:"owner,omitempty"` // RelatedAlertIds - READ-ONLY; List of related alert identifiers RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"` // Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational' Severity CaseSeverity `json:"severity,omitempty"` // StartTimeUtc - The start time of the case StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed' Status CaseStatus `json:"status,omitempty"` // Title - The title of the case Title *string `json:"title,omitempty"` // TotalComments - READ-ONLY; the number of total comments in the case TotalComments *int32 `json:"totalComments,omitempty"` }
CaseProperties describes case properties
type CaseRelation ¶
type CaseRelation struct { autorest.Response `json:"-"` // CaseRelationProperties - Case relation properties *CaseRelationProperties `json:"properties,omitempty"` // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' Kind RelationTypes `json:"kind,omitempty"` // Etag - ETag for relation Etag *string `json:"etag,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
CaseRelation represents a case relation
func (CaseRelation) MarshalJSON ¶
func (cr CaseRelation) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CaseRelation.
func (*CaseRelation) UnmarshalJSON ¶
func (cr *CaseRelation) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for CaseRelation struct.
type CaseRelationList ¶
type CaseRelationList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of relations. NextLink *string `json:"nextLink,omitempty"` // Value - Array of relations. Value *[]CaseRelation `json:"value,omitempty"` }
CaseRelationList list of case relations.
func (CaseRelationList) IsEmpty ¶
func (crl CaseRelationList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
type CaseRelationListIterator ¶
type CaseRelationListIterator struct {
// contains filtered or unexported fields
}
CaseRelationListIterator provides access to a complete listing of CaseRelation values.
func NewCaseRelationListIterator ¶
func NewCaseRelationListIterator(page CaseRelationListPage) CaseRelationListIterator
Creates a new instance of the CaseRelationListIterator type.
func (*CaseRelationListIterator) Next ¶
func (iter *CaseRelationListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseRelationListIterator) NextWithContext ¶
func (iter *CaseRelationListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (CaseRelationListIterator) NotDone ¶
func (iter CaseRelationListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (CaseRelationListIterator) Response ¶
func (iter CaseRelationListIterator) Response() CaseRelationList
Response returns the raw server response from the last page request.
func (CaseRelationListIterator) Value ¶
func (iter CaseRelationListIterator) Value() CaseRelation
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type CaseRelationListPage ¶
type CaseRelationListPage struct {
// contains filtered or unexported fields
}
CaseRelationListPage contains a page of CaseRelation values.
func NewCaseRelationListPage ¶
func NewCaseRelationListPage(getNextPage func(context.Context, CaseRelationList) (CaseRelationList, error)) CaseRelationListPage
Creates a new instance of the CaseRelationListPage type.
func (*CaseRelationListPage) Next ¶
func (page *CaseRelationListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*CaseRelationListPage) NextWithContext ¶
func (page *CaseRelationListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (CaseRelationListPage) NotDone ¶
func (page CaseRelationListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (CaseRelationListPage) Response ¶
func (page CaseRelationListPage) Response() CaseRelationList
Response returns the raw server response from the last page request.
func (CaseRelationListPage) Values ¶
func (page CaseRelationListPage) Values() []CaseRelation
Values returns the slice of values for the current page or nil if there are no values.
type CaseRelationProperties ¶
type CaseRelationProperties struct { // RelationName - Name of relation RelationName *string `json:"relationName,omitempty"` // BookmarkID - The case related bookmark id BookmarkID *string `json:"bookmarkId,omitempty"` // CaseIdentifier - The case identifier CaseIdentifier *string `json:"caseIdentifier,omitempty"` // BookmarkName - The case related bookmark name BookmarkName *string `json:"bookmarkName,omitempty"` }
CaseRelationProperties case relation properties
type CaseRelationsClient ¶
type CaseRelationsClient struct {
BaseClient
}
CaseRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewCaseRelationsClient ¶
func NewCaseRelationsClient(subscriptionID string) CaseRelationsClient
NewCaseRelationsClient creates an instance of the CaseRelationsClient client.
func NewCaseRelationsClientWithBaseURI ¶
func NewCaseRelationsClientWithBaseURI(baseURI string, subscriptionID string) CaseRelationsClient
NewCaseRelationsClientWithBaseURI creates an instance of the CaseRelationsClient client.
func (CaseRelationsClient) CreateOrUpdateRelation ¶
func (client CaseRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (result CaseRelation, err error)
CreateOrUpdateRelation creates or updates the case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name relationInputModel - the relation input model
func (CaseRelationsClient) CreateOrUpdateRelationPreparer ¶
func (client CaseRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (*http.Request, error)
CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.
func (CaseRelationsClient) CreateOrUpdateRelationResponder ¶
func (client CaseRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result CaseRelation, err error)
CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.
func (CaseRelationsClient) CreateOrUpdateRelationSender ¶
func (client CaseRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)
CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.
func (CaseRelationsClient) DeleteRelation ¶
func (client CaseRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result autorest.Response, err error)
DeleteRelation delete the case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name
func (CaseRelationsClient) DeleteRelationPreparer ¶
func (client CaseRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error)
DeleteRelationPreparer prepares the DeleteRelation request.
func (CaseRelationsClient) DeleteRelationResponder ¶
func (client CaseRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)
DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.
func (CaseRelationsClient) DeleteRelationSender ¶
DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.
func (CaseRelationsClient) GetRelation ¶
func (client CaseRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result CaseRelation, err error)
GetRelation gets a case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name
func (CaseRelationsClient) GetRelationPreparer ¶
func (client CaseRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error)
GetRelationPreparer prepares the GetRelation request.
func (CaseRelationsClient) GetRelationResponder ¶
func (client CaseRelationsClient) GetRelationResponder(resp *http.Response) (result CaseRelation, err error)
GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.
func (CaseRelationsClient) GetRelationSender ¶
GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.
func (CaseRelationsClient) List ¶
func (client CaseRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListPage, err error)
List gets all case relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (CaseRelationsClient) ListComplete ¶
func (client CaseRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (CaseRelationsClient) ListPreparer ¶
func (client CaseRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListPreparer prepares the List request.
func (CaseRelationsClient) ListResponder ¶
func (client CaseRelationsClient) ListResponder(resp *http.Response) (result CaseRelationList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (CaseRelationsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type CaseSeverity ¶
type CaseSeverity string
CaseSeverity enumerates the values for case severity.
const ( // CaseSeverityCritical Critical severity CaseSeverityCritical CaseSeverity = "Critical" // CaseSeverityHigh High severity CaseSeverityHigh CaseSeverity = "High" // CaseSeverityInformational Informational severity CaseSeverityInformational CaseSeverity = "Informational" // CaseSeverityLow Low severity CaseSeverityLow CaseSeverity = "Low" // CaseSeverityMedium Medium severity CaseSeverityMedium CaseSeverity = "Medium" )
func PossibleCaseSeverityValues ¶
func PossibleCaseSeverityValues() []CaseSeverity
PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type.
type CaseStatus ¶
type CaseStatus string
CaseStatus enumerates the values for case status.
const ( // CaseStatusClosed A non active case CaseStatusClosed CaseStatus = "Closed" // CaseStatusDraft Case that wasn't promoted yet to active CaseStatusDraft CaseStatus = "Draft" // CaseStatusInProgress An active case which is handled CaseStatusInProgress CaseStatus = "InProgress" // CaseStatusNew An active case which isn't handled currently CaseStatusNew CaseStatus = "New" )
func PossibleCaseStatusValues ¶
func PossibleCaseStatusValues() []CaseStatus
PossibleCaseStatusValues returns an array of possible values for the CaseStatus const type.
type CasesAggregation ¶
type CasesAggregation struct { // CasesAggregationProperties - Properties of aggregations results of cases. *CasesAggregationProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation' Kind Kind `json:"kind,omitempty"` }
CasesAggregation represents aggregations results for cases.
func (CasesAggregation) AsAggregations ¶
func (ca CasesAggregation) AsAggregations() (*Aggregations, bool)
AsAggregations is the BasicAggregations implementation for CasesAggregation.
func (CasesAggregation) AsBasicAggregations ¶
func (ca CasesAggregation) AsBasicAggregations() (BasicAggregations, bool)
AsBasicAggregations is the BasicAggregations implementation for CasesAggregation.
func (CasesAggregation) AsCasesAggregation ¶
func (ca CasesAggregation) AsCasesAggregation() (*CasesAggregation, bool)
AsCasesAggregation is the BasicAggregations implementation for CasesAggregation.
func (CasesAggregation) MarshalJSON ¶
func (ca CasesAggregation) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CasesAggregation.
func (*CasesAggregation) UnmarshalJSON ¶
func (ca *CasesAggregation) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for CasesAggregation struct.
type CasesAggregationBySeverityProperties ¶
type CasesAggregationBySeverityProperties struct { // TotalCriticalSeverity - READ-ONLY; Total amount of open cases with severity Critical TotalCriticalSeverity *int32 `json:"totalCriticalSeverity,omitempty"` // TotalHighSeverity - READ-ONLY; Total amount of open cases with severity High TotalHighSeverity *int32 `json:"totalHighSeverity,omitempty"` // TotalInformationalSeverity - READ-ONLY; Total amount of open cases with severity Informational TotalInformationalSeverity *int32 `json:"totalInformationalSeverity,omitempty"` // TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"` // TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"` }
CasesAggregationBySeverityProperties aggregative results of cases by severity property bag.
type CasesAggregationByStatusProperties ¶
type CasesAggregationByStatusProperties struct { // TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"` // TotalInProgressStatus - READ-ONLY; Total amount of open cases with status InProgress TotalInProgressStatus *int32 `json:"totalInProgressStatus,omitempty"` // TotalNewStatus - READ-ONLY; Total amount of open cases with status New TotalNewStatus *int32 `json:"totalNewStatus,omitempty"` // TotalResolvedStatus - READ-ONLY; Total amount of open cases with status Resolved TotalResolvedStatus *int32 `json:"totalResolvedStatus,omitempty"` }
CasesAggregationByStatusProperties aggregative results of cases by status property bag.
type CasesAggregationProperties ¶
type CasesAggregationProperties struct { // AggregationBySeverity - Aggregations results by case severity. AggregationBySeverity *CasesAggregationBySeverityProperties `json:"aggregationBySeverity,omitempty"` // AggregationByStatus - Aggregations results by case status. AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"` }
CasesAggregationProperties aggregative results of cases property bag.
type CasesAggregationsClient ¶
type CasesAggregationsClient struct {
BaseClient
}
CasesAggregationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewCasesAggregationsClient ¶
func NewCasesAggregationsClient(subscriptionID string) CasesAggregationsClient
NewCasesAggregationsClient creates an instance of the CasesAggregationsClient client.
func NewCasesAggregationsClientWithBaseURI ¶
func NewCasesAggregationsClientWithBaseURI(baseURI string, subscriptionID string) CasesAggregationsClient
NewCasesAggregationsClientWithBaseURI creates an instance of the CasesAggregationsClient client.
func (CasesAggregationsClient) Get ¶
func (client CasesAggregationsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (result AggregationsModel, err error)
Get get aggregative result for the given resources under the defined workspace Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. aggregationsName - the aggregation name. Supports - Cases
func (CasesAggregationsClient) GetPreparer ¶
func (client CasesAggregationsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (*http.Request, error)
GetPreparer prepares the Get request.
func (CasesAggregationsClient) GetResponder ¶
func (client CasesAggregationsClient) GetResponder(resp *http.Response) (result AggregationsModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
type CasesClient ¶
type CasesClient struct {
BaseClient
}
CasesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewCasesClient ¶
func NewCasesClient(subscriptionID string) CasesClient
NewCasesClient creates an instance of the CasesClient client.
func NewCasesClientWithBaseURI ¶
func NewCasesClientWithBaseURI(baseURI string, subscriptionID string) CasesClient
NewCasesClientWithBaseURI creates an instance of the CasesClient client.
func (CasesClient) CreateOrUpdate ¶
func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (result Case, err error)
CreateOrUpdate creates or updates the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseParameter - the case
func (CasesClient) CreateOrUpdatePreparer ¶
func (client CasesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (*http.Request, error)
CreateOrUpdatePreparer prepares the CreateOrUpdate request.
func (CasesClient) CreateOrUpdateResponder ¶
func (client CasesClient) CreateOrUpdateResponder(resp *http.Response) (result Case, err error)
CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.
func (CasesClient) CreateOrUpdateSender ¶
CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.
func (CasesClient) Delete ¶
func (client CasesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result autorest.Response, err error)
Delete delete the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID
func (CasesClient) DeletePreparer ¶
func (client CasesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (CasesClient) DeleteResponder ¶
func (client CasesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (CasesClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (CasesClient) Get ¶
func (client CasesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result Case, err error)
Get gets a case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID
func (CasesClient) GetComment ¶
func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result CaseComment, err error)
GetComment gets a case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID
func (CasesClient) GetCommentPreparer ¶
func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (*http.Request, error)
GetCommentPreparer prepares the GetComment request.
func (CasesClient) GetCommentResponder ¶
func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error)
GetCommentResponder handles the response to the GetComment request. The method always closes the http.Response Body.
func (CasesClient) GetCommentSender ¶
GetCommentSender sends the GetComment request. The method will close the http.Response Body if it receives an error.
func (CasesClient) GetPreparer ¶
func (client CasesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (CasesClient) GetResponder ¶
func (client CasesClient) GetResponder(resp *http.Response) (result Case, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (CasesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (CasesClient) List ¶
func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListPage, err error)
List gets all cases. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (CasesClient) ListComplete ¶
func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (CasesClient) ListPreparer ¶
func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListPreparer prepares the List request.
func (CasesClient) ListResponder ¶
func (client CasesClient) ListResponder(resp *http.Response) (result CaseList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (CasesClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type CloseReason ¶
type CloseReason string
CloseReason enumerates the values for close reason.
const ( // Dismissed Case was dismissed Dismissed CloseReason = "Dismissed" // FalsePositive Case was false positive FalsePositive CloseReason = "FalsePositive" // Other Case was closed for another reason Other CloseReason = "Other" // Resolved Case was resolved Resolved CloseReason = "Resolved" // TruePositive Case was true positive TruePositive CloseReason = "TruePositive" )
func PossibleCloseReasonValues ¶
func PossibleCloseReasonValues() []CloseReason
PossibleCloseReasonValues returns an array of possible values for the CloseReason const type.
type CloudApplicationEntity ¶
type CloudApplicationEntity struct { // CloudApplicationEntityProperties - CloudApplication entity properties *CloudApplicationEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
CloudApplicationEntity represents a cloud application entity.
func (CloudApplicationEntity) AsAccountEntity ¶
func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsAzureResourceEntity ¶
func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsBasicEntity ¶
func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsCloudApplicationEntity ¶
func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsDNSEntity ¶
func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsEntity ¶
func (cae CloudApplicationEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsFileEntity ¶
func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsFileHashEntity ¶
func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsHostEntity ¶
func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsIPEntity ¶
func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsMalwareEntity ¶
func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsProcessEntity ¶
func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsRegistryKeyEntity ¶
func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsRegistryValueEntity ¶
func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsSecurityAlert ¶
func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsSecurityGroupEntity ¶
func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) AsURLEntity ¶
func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for CloudApplicationEntity.
func (CloudApplicationEntity) MarshalJSON ¶
func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CloudApplicationEntity.
func (*CloudApplicationEntity) UnmarshalJSON ¶
func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct.
type CloudApplicationEntityProperties ¶
type CloudApplicationEntityProperties struct { // AppID - READ-ONLY; The technical identifier of the application. AppID *int32 `json:"appId,omitempty"` // AppName - READ-ONLY; The name of the related cloud application. AppName *string `json:"appName,omitempty"` // InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has. InstanceName *string `json:"instanceName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
CloudApplicationEntityProperties cloudApplication entity property bag.
func (CloudApplicationEntityProperties) MarshalJSON ¶
func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CloudApplicationEntityProperties.
type CloudError ¶
type CloudError struct { // CloudErrorBody - Error data *CloudErrorBody `json:"error,omitempty"` }
CloudError error response structure.
func (CloudError) MarshalJSON ¶
func (ce CloudError) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for CloudError.
func (*CloudError) UnmarshalJSON ¶
func (ce *CloudError) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for CloudError struct.
type CloudErrorBody ¶
type CloudErrorBody struct { // Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically. Code *string `json:"code,omitempty"` // Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface. Message *string `json:"message,omitempty"` }
CloudErrorBody error details.
type CommentsClient ¶
type CommentsClient struct {
BaseClient
}
CommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewCommentsClient ¶
func NewCommentsClient(subscriptionID string) CommentsClient
NewCommentsClient creates an instance of the CommentsClient client.
func NewCommentsClientWithBaseURI ¶
func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient
NewCommentsClientWithBaseURI creates an instance of the CommentsClient client.
func (CommentsClient) ListByCase ¶
func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListPage, err error)
ListByCase gets all case comments. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.
func (CommentsClient) ListByCaseComplete ¶
func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListIterator, err error)
ListByCaseComplete enumerates all values, automatically crossing page boundaries as required.
func (CommentsClient) ListByCasePreparer ¶
func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)
ListByCasePreparer prepares the ListByCase request.
func (CommentsClient) ListByCaseResponder ¶
func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error)
ListByCaseResponder handles the response to the ListByCase request. The method always closes the http.Response Body.
func (CommentsClient) ListByCaseSender ¶
ListByCaseSender sends the ListByCase request. The method will close the http.Response Body if it receives an error.
type ConfidenceLevel ¶
type ConfidenceLevel string
ConfidenceLevel enumerates the values for confidence level.
const ( // ConfidenceLevelHigh High confidence that the alert is true positive malicious ConfidenceLevelHigh ConfidenceLevel = "High" // ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an // attack ConfidenceLevelLow ConfidenceLevel = "Low" // ConfidenceLevelUnknown Unknown confidence, the is the default value ConfidenceLevelUnknown ConfidenceLevel = "Unknown" )
func PossibleConfidenceLevelValues ¶
func PossibleConfidenceLevelValues() []ConfidenceLevel
PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type.
type ConfidenceScoreStatus ¶
type ConfidenceScoreStatus string
ConfidenceScoreStatus enumerates the values for confidence score status.
const ( // Final Final score was calculated and available Final ConfidenceScoreStatus = "Final" // InProcess No score was set yet and calculation is in progress InProcess ConfidenceScoreStatus = "InProcess" // NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst NotApplicable ConfidenceScoreStatus = "NotApplicable" // NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time // following the processing of additional data NotFinal ConfidenceScoreStatus = "NotFinal" )
func PossibleConfidenceScoreStatusValues ¶
func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus
PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type.
type DNSEntity ¶
type DNSEntity struct { // DNSEntityProperties - Dns entity properties *DNSEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
DNSEntity represents a dns entity.
func (DNSEntity) AsAccountEntity ¶
func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsAzureResourceEntity ¶
func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsBasicEntity ¶
func (de DNSEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsCloudApplicationEntity ¶
func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsDNSEntity ¶
AsDNSEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsFileEntity ¶
func (de DNSEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsFileHashEntity ¶
func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsHostEntity ¶
func (de DNSEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsIPEntity ¶
AsIPEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsMalwareEntity ¶
func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsProcessEntity ¶
func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsRegistryKeyEntity ¶
func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsRegistryValueEntity ¶
func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsSecurityAlert ¶
func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsSecurityGroupEntity ¶
func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) AsURLEntity ¶
AsURLEntity is the BasicEntity implementation for DNSEntity.
func (DNSEntity) MarshalJSON ¶
MarshalJSON is the custom marshaler for DNSEntity.
func (*DNSEntity) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for DNSEntity struct.
type DNSEntityProperties ¶
type DNSEntityProperties struct { // DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"` // DomainName - READ-ONLY; The name of the dns record associated with the alert DomainName *string `json:"domainName,omitempty"` // HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"` // IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address. IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
DNSEntityProperties dns entity property bag.
func (DNSEntityProperties) MarshalJSON ¶
func (dep DNSEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for DNSEntityProperties.
type DataConnector ¶
type DataConnector struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` }
DataConnector data connector.
func (DataConnector) AsAADDataConnector ¶
func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsAATPDataConnector ¶
func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsASCDataConnector ¶
func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsAwsCloudTrailDataConnector ¶
func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsBasicDataConnector ¶
func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsDataConnector ¶
func (dc DataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsMCASDataConnector ¶
func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsMDATPDataConnector ¶
func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsOfficeDataConnector ¶
func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) AsTIDataConnector ¶
func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for DataConnector.
func (DataConnector) MarshalJSON ¶
func (dc DataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for DataConnector.
type DataConnectorDataTypeCommon ¶
type DataConnectorDataTypeCommon struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
DataConnectorDataTypeCommon common field for data type in data connectors.
type DataConnectorKind ¶
type DataConnectorKind string
DataConnectorKind enumerates the values for data connector kind.
const ( // DataConnectorKindAmazonWebServicesCloudTrail ... DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail" // DataConnectorKindAzureActiveDirectory ... DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory" // DataConnectorKindAzureAdvancedThreatProtection ... DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection" // DataConnectorKindAzureSecurityCenter ... DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter" // DataConnectorKindMicrosoftCloudAppSecurity ... DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity" // DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ... DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection" // DataConnectorKindOffice365 ... DataConnectorKindOffice365 DataConnectorKind = "Office365" // DataConnectorKindThreatIntelligence ... DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence" )
func PossibleDataConnectorKindValues ¶
func PossibleDataConnectorKindValues() []DataConnectorKind
PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.
type DataConnectorKind1 ¶
type DataConnectorKind1 struct { // Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection' Kind DataConnectorKind `json:"kind,omitempty"` }
DataConnectorKind1 describes an Azure resource with kind.
type DataConnectorList ¶
type DataConnectorList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of data connectors. NextLink *string `json:"nextLink,omitempty"` // Value - Array of data connectors. Value *[]BasicDataConnector `json:"value,omitempty"` }
DataConnectorList list all the data connectors.
func (DataConnectorList) IsEmpty ¶
func (dcl DataConnectorList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (*DataConnectorList) UnmarshalJSON ¶
func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for DataConnectorList struct.
type DataConnectorListIterator ¶
type DataConnectorListIterator struct {
// contains filtered or unexported fields
}
DataConnectorListIterator provides access to a complete listing of DataConnector values.
func NewDataConnectorListIterator ¶
func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator
Creates a new instance of the DataConnectorListIterator type.
func (*DataConnectorListIterator) Next ¶
func (iter *DataConnectorListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*DataConnectorListIterator) NextWithContext ¶
func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (DataConnectorListIterator) NotDone ¶
func (iter DataConnectorListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (DataConnectorListIterator) Response ¶
func (iter DataConnectorListIterator) Response() DataConnectorList
Response returns the raw server response from the last page request.
func (DataConnectorListIterator) Value ¶
func (iter DataConnectorListIterator) Value() BasicDataConnector
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type DataConnectorListPage ¶
type DataConnectorListPage struct {
// contains filtered or unexported fields
}
DataConnectorListPage contains a page of BasicDataConnector values.
func NewDataConnectorListPage ¶
func NewDataConnectorListPage(getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage
Creates a new instance of the DataConnectorListPage type.
func (*DataConnectorListPage) Next ¶
func (page *DataConnectorListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*DataConnectorListPage) NextWithContext ¶
func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (DataConnectorListPage) NotDone ¶
func (page DataConnectorListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (DataConnectorListPage) Response ¶
func (page DataConnectorListPage) Response() DataConnectorList
Response returns the raw server response from the last page request.
func (DataConnectorListPage) Values ¶
func (page DataConnectorListPage) Values() []BasicDataConnector
Values returns the slice of values for the current page or nil if there are no values.
type DataConnectorModel ¶
type DataConnectorModel struct { autorest.Response `json:"-"` Value BasicDataConnector `json:"value,omitempty"` }
DataConnectorModel ...
func (*DataConnectorModel) UnmarshalJSON ¶
func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for DataConnectorModel struct.
type DataConnectorStatus ¶
type DataConnectorStatus struct { // ConnectorID - the connector id ConnectorID *string `json:"connectorId,omitempty"` // DataTypes - The data types availability map DataTypes map[string]*DataTypeStatus `json:"dataTypes"` }
DataConnectorStatus alert rule template data connector status
func (DataConnectorStatus) MarshalJSON ¶
func (dcs DataConnectorStatus) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for DataConnectorStatus.
type DataConnectorTenantID ¶
type DataConnectorTenantID struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
DataConnectorTenantID properties data connector on tenant level.
type DataConnectorWithAlertsProperties ¶
type DataConnectorWithAlertsProperties struct { // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
DataConnectorWithAlertsProperties data connector properties.
type DataConnectorsClient ¶
type DataConnectorsClient struct {
BaseClient
}
DataConnectorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewDataConnectorsClient ¶
func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient
NewDataConnectorsClient creates an instance of the DataConnectorsClient client.
func NewDataConnectorsClientWithBaseURI ¶
func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient
NewDataConnectorsClientWithBaseURI creates an instance of the DataConnectorsClient client.
func (DataConnectorsClient) CreateOrUpdate ¶
func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (result DataConnectorModel, err error)
CreateOrUpdate creates or updates the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID dataConnector - the data connector
func (DataConnectorsClient) CreateOrUpdatePreparer ¶
func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (*http.Request, error)
CreateOrUpdatePreparer prepares the CreateOrUpdate request.
func (DataConnectorsClient) CreateOrUpdateResponder ¶
func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error)
CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.
func (DataConnectorsClient) CreateOrUpdateSender ¶
CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.
func (DataConnectorsClient) Delete ¶
func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result autorest.Response, err error)
Delete delete the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID
func (DataConnectorsClient) DeletePreparer ¶
func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (DataConnectorsClient) DeleteResponder ¶
func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (DataConnectorsClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (DataConnectorsClient) Get ¶
func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result DataConnectorModel, err error)
Get gets a data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID
func (DataConnectorsClient) GetPreparer ¶
func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (DataConnectorsClient) GetResponder ¶
func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (DataConnectorsClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (DataConnectorsClient) List ¶
func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListPage, err error)
List gets all data connectors. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (DataConnectorsClient) ListComplete ¶
func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (DataConnectorsClient) ListPreparer ¶
func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (DataConnectorsClient) ListResponder ¶
func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (DataConnectorsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type DataTypeState ¶
type DataTypeState string
DataTypeState enumerates the values for data type state.
const ( // Disabled ... Disabled DataTypeState = "Disabled" // Enabled ... Enabled DataTypeState = "Enabled" )
func PossibleDataTypeStateValues ¶
func PossibleDataTypeStateValues() []DataTypeState
PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type.
type DataTypeStatus ¶
type DataTypeStatus string
DataTypeStatus enumerates the values for data type status.
const ( // Exist ... Exist DataTypeStatus = "Exist" // NotExist ... NotExist DataTypeStatus = "NotExist" )
func PossibleDataTypeStatusValues ¶
func PossibleDataTypeStatusValues() []DataTypeStatus
PossibleDataTypeStatusValues returns an array of possible values for the DataTypeStatus const type.
type ElevationToken ¶
type ElevationToken string
ElevationToken enumerates the values for elevation token.
const ( // Default Default elevation token Default ElevationToken = "Default" // Full Full elevation token Full ElevationToken = "Full" // Limited Limited elevation token Limited ElevationToken = "Limited" )
func PossibleElevationTokenValues ¶
func PossibleElevationTokenValues() []ElevationToken
PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type.
type EntitiesClient ¶
type EntitiesClient struct {
BaseClient
}
EntitiesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewEntitiesClient ¶
func NewEntitiesClient(subscriptionID string) EntitiesClient
NewEntitiesClient creates an instance of the EntitiesClient client.
func NewEntitiesClientWithBaseURI ¶
func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) EntitiesClient
NewEntitiesClientWithBaseURI creates an instance of the EntitiesClient client.
func (EntitiesClient) Expand ¶
func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error)
Expand expands an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an expand operation on the given entity.
func (EntitiesClient) ExpandPreparer ¶
func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error)
ExpandPreparer prepares the Expand request.
func (EntitiesClient) ExpandResponder ¶
func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error)
ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.
func (EntitiesClient) ExpandSender ¶
ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.
func (EntitiesClient) Get ¶
func (client EntitiesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (result EntityModel, err error)
Get gets an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID
func (EntitiesClient) GetPreparer ¶
func (client EntitiesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (EntitiesClient) GetResponder ¶
func (client EntitiesClient) GetResponder(resp *http.Response) (result EntityModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (EntitiesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (EntitiesClient) List ¶
func (client EntitiesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListPage, err error)
List gets all entities. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (EntitiesClient) ListComplete ¶
func (client EntitiesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (EntitiesClient) ListPreparer ¶
func (client EntitiesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (EntitiesClient) ListResponder ¶
func (client EntitiesClient) ListResponder(resp *http.Response) (result EntityList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (EntitiesClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type Entity ¶
type Entity struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
Entity specific entity.
func (Entity) AsAccountEntity ¶
func (e Entity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for Entity.
func (Entity) AsAzureResourceEntity ¶
func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for Entity.
func (Entity) AsBasicEntity ¶
func (e Entity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for Entity.
func (Entity) AsCloudApplicationEntity ¶
func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for Entity.
func (Entity) AsDNSEntity ¶
AsDNSEntity is the BasicEntity implementation for Entity.
func (Entity) AsFileEntity ¶
func (e Entity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for Entity.
func (Entity) AsFileHashEntity ¶
func (e Entity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for Entity.
func (Entity) AsHostEntity ¶
func (e Entity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for Entity.
func (Entity) AsIPEntity ¶
AsIPEntity is the BasicEntity implementation for Entity.
func (Entity) AsMalwareEntity ¶
func (e Entity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for Entity.
func (Entity) AsProcessEntity ¶
func (e Entity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for Entity.
func (Entity) AsRegistryKeyEntity ¶
func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for Entity.
func (Entity) AsRegistryValueEntity ¶
func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for Entity.
func (Entity) AsSecurityAlert ¶
func (e Entity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for Entity.
func (Entity) AsSecurityGroupEntity ¶
func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for Entity.
func (Entity) AsURLEntity ¶
AsURLEntity is the BasicEntity implementation for Entity.
func (Entity) MarshalJSON ¶
MarshalJSON is the custom marshaler for Entity.
type EntityCommonProperties ¶
type EntityCommonProperties struct { // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
EntityCommonProperties entity common property bag.
func (EntityCommonProperties) MarshalJSON ¶
func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for EntityCommonProperties.
type EntityExpandParameters ¶
type EntityExpandParameters struct { // EndTime - The end date filter, so the only expansion results returned are before this date. EndTime *date.Time `json:"endTime,omitempty"` // ExpansionID - The Id of the expansion to perform. ExpansionID *uuid.UUID `json:"expansionId,omitempty"` // StartTime - The start date filter, so the only expansion results returned are after this date. StartTime *date.Time `json:"startTime,omitempty"` }
EntityExpandParameters the parameters required to execute an expand operation on the given entity.
type EntityExpandResponse ¶
type EntityExpandResponse struct { autorest.Response `json:"-"` // MetaData - The metadata from the expansion operation results. MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"` // Value - The expansion result values. Value *EntityExpandResponseValue `json:"value,omitempty"` }
EntityExpandResponse the entity expansion result operation response.
type EntityExpandResponseValue ¶
type EntityExpandResponseValue struct { // Entities - Array of the expansion result entities. Entities *[]BasicEntity `json:"entities,omitempty"` }
EntityExpandResponseValue the expansion result values.
func (*EntityExpandResponseValue) UnmarshalJSON ¶
func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct.
type EntityKind ¶
type EntityKind string
EntityKind enumerates the values for entity kind.
const ( // EntityKindAccount Entity represents account in the system. EntityKindAccount EntityKind = "Account" // EntityKindAzureResource Entity represents azure resource in the system. EntityKindAzureResource EntityKind = "AzureResource" // EntityKindBookmark Entity represents bookmark in the system. EntityKindBookmark EntityKind = "Bookmark" // EntityKindCloudApplication Entity represents cloud application in the system. EntityKindCloudApplication EntityKind = "CloudApplication" // EntityKindDNSResolution Entity represents dns resolution in the system. EntityKindDNSResolution EntityKind = "DnsResolution" // EntityKindFile Entity represents file in the system. EntityKindFile EntityKind = "File" // EntityKindFileHash Entity represents file hash in the system. EntityKindFileHash EntityKind = "FileHash" // EntityKindHost Entity represents host in the system. EntityKindHost EntityKind = "Host" // EntityKindIP Entity represents ip in the system. EntityKindIP EntityKind = "Ip" // EntityKindMalware Entity represents malware in the system. EntityKindMalware EntityKind = "Malware" // EntityKindProcess Entity represents process in the system. EntityKindProcess EntityKind = "Process" // EntityKindRegistryKey Entity represents registry key in the system. EntityKindRegistryKey EntityKind = "RegistryKey" // EntityKindRegistryValue Entity represents registry value in the system. EntityKindRegistryValue EntityKind = "RegistryValue" // EntityKindSecurityAlert Entity represents security alert in the system. EntityKindSecurityAlert EntityKind = "SecurityAlert" // EntityKindSecurityGroup Entity represents security group in the system. EntityKindSecurityGroup EntityKind = "SecurityGroup" // EntityKindURL Entity represents url in the system. EntityKindURL EntityKind = "Url" )
func PossibleEntityKindValues ¶
func PossibleEntityKindValues() []EntityKind
PossibleEntityKindValues returns an array of possible values for the EntityKind const type.
type EntityKind1 ¶
type EntityKind1 struct { // Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' Kind EntityKind `json:"kind,omitempty"` }
EntityKind1 describes an entity with kind.
type EntityList ¶
type EntityList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of entities. NextLink *string `json:"nextLink,omitempty"` // Value - Array of entities. Value *[]BasicEntity `json:"value,omitempty"` }
EntityList list of all the entities.
func (EntityList) IsEmpty ¶
func (el EntityList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
func (*EntityList) UnmarshalJSON ¶
func (el *EntityList) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for EntityList struct.
type EntityListIterator ¶
type EntityListIterator struct {
// contains filtered or unexported fields
}
EntityListIterator provides access to a complete listing of Entity values.
func NewEntityListIterator ¶
func NewEntityListIterator(page EntityListPage) EntityListIterator
Creates a new instance of the EntityListIterator type.
func (*EntityListIterator) Next ¶
func (iter *EntityListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*EntityListIterator) NextWithContext ¶
func (iter *EntityListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (EntityListIterator) NotDone ¶
func (iter EntityListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (EntityListIterator) Response ¶
func (iter EntityListIterator) Response() EntityList
Response returns the raw server response from the last page request.
func (EntityListIterator) Value ¶
func (iter EntityListIterator) Value() BasicEntity
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type EntityListPage ¶
type EntityListPage struct {
// contains filtered or unexported fields
}
EntityListPage contains a page of BasicEntity values.
func NewEntityListPage ¶
func NewEntityListPage(getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage
Creates a new instance of the EntityListPage type.
func (*EntityListPage) Next ¶
func (page *EntityListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*EntityListPage) NextWithContext ¶
func (page *EntityListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (EntityListPage) NotDone ¶
func (page EntityListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (EntityListPage) Response ¶
func (page EntityListPage) Response() EntityList
Response returns the raw server response from the last page request.
func (EntityListPage) Values ¶
func (page EntityListPage) Values() []BasicEntity
Values returns the slice of values for the current page or nil if there are no values.
type EntityModel ¶
type EntityModel struct { autorest.Response `json:"-"` Value BasicEntity `json:"value,omitempty"` }
EntityModel ...
func (*EntityModel) UnmarshalJSON ¶
func (em *EntityModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for EntityModel struct.
type EntityQueriesClient ¶
type EntityQueriesClient struct {
BaseClient
}
EntityQueriesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewEntityQueriesClient ¶
func NewEntityQueriesClient(subscriptionID string) EntityQueriesClient
NewEntityQueriesClient creates an instance of the EntityQueriesClient client.
func NewEntityQueriesClientWithBaseURI ¶
func NewEntityQueriesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueriesClient
NewEntityQueriesClientWithBaseURI creates an instance of the EntityQueriesClient client.
func (EntityQueriesClient) Get ¶
func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (result EntityQuery, err error)
Get gets an entity query. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityQueryID - entity query ID
func (EntityQueriesClient) GetPreparer ¶
func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (EntityQueriesClient) GetResponder ¶
func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQuery, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (EntityQueriesClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (EntityQueriesClient) List ¶
func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListPage, err error)
List gets all entity queries. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (EntityQueriesClient) ListComplete ¶
func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (EntityQueriesClient) ListPreparer ¶
func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (EntityQueriesClient) ListResponder ¶
func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (EntityQueriesClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type EntityQuery ¶
type EntityQuery struct { autorest.Response `json:"-"` // EntityQueryProperties - Entity query properties *EntityQueryProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
EntityQuery specific entity query.
func (EntityQuery) MarshalJSON ¶
func (eq EntityQuery) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for EntityQuery.
func (*EntityQuery) UnmarshalJSON ¶
func (eq *EntityQuery) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for EntityQuery struct.
type EntityQueryList ¶
type EntityQueryList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of entity queries. NextLink *string `json:"nextLink,omitempty"` // Value - Array of entity queries. Value *[]EntityQuery `json:"value,omitempty"` }
EntityQueryList list of all the entity queries.
func (EntityQueryList) IsEmpty ¶
func (eql EntityQueryList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
type EntityQueryListIterator ¶
type EntityQueryListIterator struct {
// contains filtered or unexported fields
}
EntityQueryListIterator provides access to a complete listing of EntityQuery values.
func NewEntityQueryListIterator ¶
func NewEntityQueryListIterator(page EntityQueryListPage) EntityQueryListIterator
Creates a new instance of the EntityQueryListIterator type.
func (*EntityQueryListIterator) Next ¶
func (iter *EntityQueryListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*EntityQueryListIterator) NextWithContext ¶
func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (EntityQueryListIterator) NotDone ¶
func (iter EntityQueryListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (EntityQueryListIterator) Response ¶
func (iter EntityQueryListIterator) Response() EntityQueryList
Response returns the raw server response from the last page request.
func (EntityQueryListIterator) Value ¶
func (iter EntityQueryListIterator) Value() EntityQuery
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type EntityQueryListPage ¶
type EntityQueryListPage struct {
// contains filtered or unexported fields
}
EntityQueryListPage contains a page of EntityQuery values.
func NewEntityQueryListPage ¶
func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage
Creates a new instance of the EntityQueryListPage type.
func (*EntityQueryListPage) Next ¶
func (page *EntityQueryListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*EntityQueryListPage) NextWithContext ¶
func (page *EntityQueryListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (EntityQueryListPage) NotDone ¶
func (page EntityQueryListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (EntityQueryListPage) Response ¶
func (page EntityQueryListPage) Response() EntityQueryList
Response returns the raw server response from the last page request.
func (EntityQueryListPage) Values ¶
func (page EntityQueryListPage) Values() []EntityQuery
Values returns the slice of values for the current page or nil if there are no values.
type EntityQueryProperties ¶
type EntityQueryProperties struct { // DataSources - List of the data sources that are required to run the query DataSources *[]string `json:"dataSources,omitempty"` // DisplayName - The query display name DisplayName *string `json:"displayName,omitempty"` // InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark' InputEntityType EntityType `json:"inputEntityType,omitempty"` // InputFields - List of the fields of the source entity that are required to run the query InputFields *[]string `json:"inputFields,omitempty"` // OutputEntityTypes - List of the desired output types to be constructed from the result OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"` // QueryTemplate - The template query string to be parsed and formatted QueryTemplate *string `json:"queryTemplate,omitempty"` }
EntityQueryProperties describes entity query properties
type EntityType ¶
type EntityType string
EntityType enumerates the values for entity type.
const ( // EntityTypeAccount Entity represents account in the system. EntityTypeAccount EntityType = "Account" // EntityTypeAzureResource Entity represents azure resource in the system. EntityTypeAzureResource EntityType = "AzureResource" // EntityTypeCloudApplication Entity represents cloud application in the system. EntityTypeCloudApplication EntityType = "CloudApplication" // EntityTypeDNS Entity represents dns in the system. EntityTypeDNS EntityType = "DNS" // EntityTypeFile Entity represents file in the system. EntityTypeFile EntityType = "File" // EntityTypeFileHash Entity represents file hash in the system. EntityTypeFileHash EntityType = "FileHash" // EntityTypeHost Entity represents host in the system. EntityTypeHost EntityType = "Host" // EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system. EntityTypeHuntingBookmark EntityType = "HuntingBookmark" // EntityTypeIP Entity represents ip in the system. EntityTypeIP EntityType = "IP" // EntityTypeMalware Entity represents malware in the system. EntityTypeMalware EntityType = "Malware" // EntityTypeProcess Entity represents process in the system. EntityTypeProcess EntityType = "Process" // EntityTypeRegistryKey Entity represents registry key in the system. EntityTypeRegistryKey EntityType = "RegistryKey" // EntityTypeRegistryValue Entity represents registry value in the system. EntityTypeRegistryValue EntityType = "RegistryValue" // EntityTypeSecurityAlert Entity represents security alert in the system. EntityTypeSecurityAlert EntityType = "SecurityAlert" // EntityTypeSecurityGroup Entity represents security group in the system. EntityTypeSecurityGroup EntityType = "SecurityGroup" // EntityTypeURL Entity represents url in the system. EntityTypeURL EntityType = "URL" )
func PossibleEntityTypeValues ¶
func PossibleEntityTypeValues() []EntityType
PossibleEntityTypeValues returns an array of possible values for the EntityType const type.
type ExpansionResultAggregation ¶
type ExpansionResultAggregation struct { // AggregationType - The common type of the aggregation. (for e.g. entity field name) AggregationType *string `json:"aggregationType,omitempty"` // Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result. Count *int32 `json:"count,omitempty"` // DisplayName - The display name of the aggregation by type. DisplayName *string `json:"displayName,omitempty"` // EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark' EntityKind EntityKind `json:"entityKind,omitempty"` }
ExpansionResultAggregation information of a specific aggregation in the expansion result.
type ExpansionResultsMetadata ¶
type ExpansionResultsMetadata struct { // Aggregations - Information of the aggregated nodes in the expansion result. Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"` }
ExpansionResultsMetadata expansion result metadata.
type FileEntity ¶
type FileEntity struct { // FileEntityProperties - File entity properties *FileEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
FileEntity represents a file entity.
func (FileEntity) AsAccountEntity ¶
func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsAzureResourceEntity ¶
func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsBasicEntity ¶
func (fe FileEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsCloudApplicationEntity ¶
func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsDNSEntity ¶
func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsEntity ¶
func (fe FileEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsFileEntity ¶
func (fe FileEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsFileHashEntity ¶
func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsHostEntity ¶
func (fe FileEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsIPEntity ¶
func (fe FileEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsMalwareEntity ¶
func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsProcessEntity ¶
func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsRegistryKeyEntity ¶
func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsRegistryValueEntity ¶
func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsSecurityAlert ¶
func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for FileEntity.
func (FileEntity) AsSecurityGroupEntity ¶
func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) AsURLEntity ¶
func (fe FileEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for FileEntity.
func (FileEntity) MarshalJSON ¶
func (fe FileEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FileEntity.
func (*FileEntity) UnmarshalJSON ¶
func (fe *FileEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for FileEntity struct.
type FileEntityProperties ¶
type FileEntityProperties struct { // Directory - READ-ONLY; The full path to the file. Directory *string `json:"directory,omitempty"` // FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"` // FileName - READ-ONLY; The file name without path (some alerts might not include path). FileName *string `json:"fileName,omitempty"` // HostEntityID - READ-ONLY; The Host entity id which the file belongs to HostEntityID *string `json:"hostEntityId,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
FileEntityProperties file entity property bag.
func (FileEntityProperties) MarshalJSON ¶
func (fep FileEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FileEntityProperties.
type FileHashAlgorithm ¶
type FileHashAlgorithm string
FileHashAlgorithm enumerates the values for file hash algorithm.
const ( // MD5 MD5 hash type MD5 FileHashAlgorithm = "MD5" // SHA1 SHA1 hash type SHA1 FileHashAlgorithm = "SHA1" // SHA256 SHA256 hash type SHA256 FileHashAlgorithm = "SHA256" // SHA256AC SHA256 Authenticode hash type SHA256AC FileHashAlgorithm = "SHA256AC" // Unknown Unknown hash algorithm Unknown FileHashAlgorithm = "Unknown" )
func PossibleFileHashAlgorithmValues ¶
func PossibleFileHashAlgorithmValues() []FileHashAlgorithm
PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type.
type FileHashEntity ¶
type FileHashEntity struct { // FileHashEntityProperties - FileHash entity properties *FileHashEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
FileHashEntity represents a file hash entity.
func (FileHashEntity) AsAccountEntity ¶
func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsAzureResourceEntity ¶
func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsBasicEntity ¶
func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsCloudApplicationEntity ¶
func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsDNSEntity ¶
func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsEntity ¶
func (fhe FileHashEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsFileEntity ¶
func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsFileHashEntity ¶
func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsHostEntity ¶
func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsIPEntity ¶
func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsMalwareEntity ¶
func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsProcessEntity ¶
func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsRegistryKeyEntity ¶
func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsRegistryValueEntity ¶
func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsSecurityAlert ¶
func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsSecurityGroupEntity ¶
func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) AsURLEntity ¶
func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for FileHashEntity.
func (FileHashEntity) MarshalJSON ¶
func (fhe FileHashEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FileHashEntity.
func (*FileHashEntity) UnmarshalJSON ¶
func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for FileHashEntity struct.
type FileHashEntityProperties ¶
type FileHashEntityProperties struct { // Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC' Algorithm FileHashAlgorithm `json:"algorithm,omitempty"` // HashValue - READ-ONLY; The file hash value. HashValue *string `json:"hashValue,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
FileHashEntityProperties fileHash entity property bag.
func (FileHashEntityProperties) MarshalJSON ¶
func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FileHashEntityProperties.
type FusionAlertRule ¶
type FusionAlertRule struct { // FusionAlertRuleProperties - Fusion alert rule properties *FusionAlertRuleProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' Kind KindBasicAlertRule `json:"kind,omitempty"` }
FusionAlertRule represents Fusion alert rule.
func (FusionAlertRule) AsAlertRule ¶
func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool)
AsAlertRule is the BasicAlertRule implementation for FusionAlertRule.
func (FusionAlertRule) AsBasicAlertRule ¶
func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
AsBasicAlertRule is the BasicAlertRule implementation for FusionAlertRule.
func (FusionAlertRule) AsFusionAlertRule ¶
func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
AsFusionAlertRule is the BasicAlertRule implementation for FusionAlertRule.
func (FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule ¶
func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for FusionAlertRule.
func (FusionAlertRule) AsScheduledAlertRule ¶
func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
AsScheduledAlertRule is the BasicAlertRule implementation for FusionAlertRule.
func (FusionAlertRule) MarshalJSON ¶
func (far FusionAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FusionAlertRule.
func (*FusionAlertRule) UnmarshalJSON ¶
func (far *FusionAlertRule) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for FusionAlertRule struct.
type FusionAlertRuleProperties ¶
type FusionAlertRuleProperties struct { // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // Description - READ-ONLY; The description of the alert rule. Description *string `json:"description,omitempty"` // DisplayName - READ-ONLY; The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty"` // Enabled - Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` // Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // Tactics - READ-ONLY; The tactics of the alert rule Tactics *[]AttackTactic `json:"tactics,omitempty"` }
FusionAlertRuleProperties fusion alert rule base property bag.
type FusionAlertRuleTemplate ¶
type FusionAlertRuleTemplate struct { // FusionAlertRuleTemplateProperties - Fusion alert rule template properties *FusionAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` }
FusionAlertRuleTemplate represents Fusion alert rule template.
func (FusionAlertRuleTemplate) AsAlertRuleTemplate ¶
func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) AsBasicAlertRuleTemplate ¶
func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) AsFusionAlertRuleTemplate ¶
func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate ¶
func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.
func (FusionAlertRuleTemplate) MarshalJSON ¶
func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for FusionAlertRuleTemplate.
func (*FusionAlertRuleTemplate) UnmarshalJSON ¶
func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct.
type FusionAlertRuleTemplateProperties ¶
type FusionAlertRuleTemplateProperties struct { // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` // DisplayName - The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' Status TemplateStatus `json:"status,omitempty"` // Tactics - The tactics of the alert rule template Tactics *[]AttackTactic `json:"tactics,omitempty"` }
FusionAlertRuleTemplateProperties fusion alert rule template properties
type GeoLocation ¶
type GeoLocation struct { // Asn - READ-ONLY; Autonomous System Number Asn *int32 `json:"asn,omitempty"` // City - READ-ONLY; City name City *string `json:"city,omitempty"` // CountryCode - READ-ONLY; The country code according to ISO 3166 format CountryCode *string `json:"countryCode,omitempty"` // CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name CountryName *string `json:"countryName,omitempty"` // Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code. Latitude *float64 `json:"latitude,omitempty"` // Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code. Longitude *float64 `json:"longitude,omitempty"` // State - READ-ONLY; State name State *string `json:"state,omitempty"` }
GeoLocation the geo-location context attached to the ip entity
type HostEntity ¶
type HostEntity struct { // HostEntityProperties - Host entity properties *HostEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
HostEntity represents a host entity.
func (HostEntity) AsAccountEntity ¶
func (he HostEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsAzureResourceEntity ¶
func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsBasicEntity ¶
func (he HostEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsCloudApplicationEntity ¶
func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsDNSEntity ¶
func (he HostEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsEntity ¶
func (he HostEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsFileEntity ¶
func (he HostEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsFileHashEntity ¶
func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsHostEntity ¶
func (he HostEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsIPEntity ¶
func (he HostEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsMalwareEntity ¶
func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsProcessEntity ¶
func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsRegistryKeyEntity ¶
func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsRegistryValueEntity ¶
func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsSecurityAlert ¶
func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for HostEntity.
func (HostEntity) AsSecurityGroupEntity ¶
func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) AsURLEntity ¶
func (he HostEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for HostEntity.
func (HostEntity) MarshalJSON ¶
func (he HostEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for HostEntity.
func (*HostEntity) UnmarshalJSON ¶
func (he *HostEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for HostEntity struct.
type HostEntityProperties ¶
type HostEntityProperties struct { // AzureID - READ-ONLY; The azure resource id of the VM. AzureID *string `json:"azureID,omitempty"` // DNSDomain - READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain DNSDomain *string `json:"dnsDomain,omitempty"` // HostName - READ-ONLY; The hostname without the domain suffix. HostName *string `json:"hostName,omitempty"` // IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain. IsDomainJoined *bool `json:"isDomainJoined,omitempty"` // NetBiosName - READ-ONLY; The host name (pre-windows2000). NetBiosName *string `json:"netBiosName,omitempty"` // NtDomain - READ-ONLY; The NT domain that this host belongs to. NtDomain *string `json:"ntDomain,omitempty"` // OmsAgentID - READ-ONLY; The OMS agent id, if the host has OMS agent installed. OmsAgentID *string `json:"omsAgentID,omitempty"` // OsFamily - The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS' OsFamily OSFamily `json:"osFamily,omitempty"` // OsVersion - READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration OsVersion *string `json:"osVersion,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
HostEntityProperties host entity property bag.
func (HostEntityProperties) MarshalJSON ¶
func (hep HostEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for HostEntityProperties.
type IPEntity ¶
type IPEntity struct { // IPEntityProperties - Ip entity properties *IPEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
IPEntity represents an ip entity.
func (IPEntity) AsAccountEntity ¶
func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsAzureResourceEntity ¶
func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsBasicEntity ¶
func (ie IPEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsCloudApplicationEntity ¶
func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsDNSEntity ¶
AsDNSEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsFileEntity ¶
func (ie IPEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsFileHashEntity ¶
func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsHostEntity ¶
func (ie IPEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsIPEntity ¶
AsIPEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsMalwareEntity ¶
func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsProcessEntity ¶
func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsRegistryKeyEntity ¶
func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsRegistryValueEntity ¶
func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsSecurityAlert ¶
func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for IPEntity.
func (IPEntity) AsSecurityGroupEntity ¶
func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) AsURLEntity ¶
AsURLEntity is the BasicEntity implementation for IPEntity.
func (IPEntity) MarshalJSON ¶
MarshalJSON is the custom marshaler for IPEntity.
func (*IPEntity) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for IPEntity struct.
type IPEntityProperties ¶
type IPEntityProperties struct { // Address - READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6) Address *string `json:"address,omitempty"` // Location - The geo-location context attached to the ip entity Location *GeoLocation `json:"location,omitempty"` // ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity. ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
IPEntityProperties ip entity property bag.
func (IPEntityProperties) MarshalJSON ¶
func (iep IPEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for IPEntityProperties.
type KillChainIntent ¶
type KillChainIntent string
KillChainIntent enumerates the values for kill chain intent.
const ( // KillChainIntentCollection Collection consists of techniques used to identify and gather information, // such as sensitive files, from a target network prior to exfiltration. This category also covers // locations on a system or network where the adversary may look for information to exfiltrate. KillChainIntentCollection KillChainIntent = "Collection" // KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate // with systems under their control within a target network. KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl" // KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or // control over system, domain, or service credentials that are used within an enterprise environment. // Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts // (local system administrator or domain users with administrator access) to use within the network. With // sufficient access within a network, an adversary can create accounts for later use within the // environment. KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess" // KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade // detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques // in other categories that have the added benefit of subverting a particular defense or mitigation. KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion" // KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge // about the system and internal network. When adversaries gain access to a new system, they must orient // themselves to what they now have control of and what benefits operating from that system give to their // current objective or overall goals during the intrusion. The operating system provides many native tools // that aid in this post-compromise information-gathering phase. KillChainIntentDiscovery KillChainIntent = "Discovery" // KillChainIntentExecution The execution tactic represents techniques that result in execution of // adversary-controlled code on a local or remote system. This tactic is often used in conjunction with // lateral movement to expand access to remote systems on a network. KillChainIntentExecution KillChainIntent = "Execution" // KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the // adversary removing files and information from a target network. This category also covers locations on a // system or network where the adversary may look for information to exfiltrate. KillChainIntentExfiltration KillChainIntent = "Exfiltration" // KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the // attacked resource. This stage is applicable not only for compute hosts, but also for resources such as // user accounts, certificates etc. Adversaries will often be able to control the resource after this // stage. KillChainIntentExploitation KillChainIntent = "Exploitation" // KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or // integrity of a system, service, or network; including manipulation of data to impact a business or // operational process. This would often refer to techniques such as ransom-ware, defacement, data // manipulation and others. KillChainIntentImpact KillChainIntent = "Impact" // KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to // access and control remote systems on a network and could, but does not necessarily, include execution of // tools on remote systems. The lateral movement techniques could allow an adversary to gather information // from a system without needing additional tools, such as a remote access tool. An adversary can use // lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems, // access to specific information or files, access to additional credentials, or to cause an effect. KillChainIntentLateralMovement KillChainIntent = "LateralMovement" // KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that // gives an adversary a persistent presence on that system. Adversaries will often need to maintain access // to systems through interruptions such as system restarts, loss of credentials, or other failures that // would require a remote access tool to restart or alternate backdoor for them to regain access. KillChainIntentPersistence KillChainIntent = "Persistence" // KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary // to obtain a higher level of permissions on a system or network. Certain tools or actions require a // higher level of privilege to work and are likely necessary at many points throughout an operation. User // accounts with permissions to access specific systems or perform specific functions necessary for // adversaries to achieve their objective may also be considered an escalation of privilege. KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation" // KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a // malicious intent or a failed attempt to gain access to a target system to gather information prior to // exploitation. This step is usually detected as an attempt originating from outside the network in // attempt to scan the target system and find a way in. KillChainIntentProbing KillChainIntent = "Probing" // KillChainIntentUnknown The default value. KillChainIntentUnknown KillChainIntent = "Unknown" )
func PossibleKillChainIntentValues ¶
func PossibleKillChainIntentValues() []KillChainIntent
PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type.
type Kind ¶
type Kind string
Kind enumerates the values for kind.
func PossibleKindValues ¶
func PossibleKindValues() []Kind
PossibleKindValues returns an array of possible values for the Kind const type.
type KindBasicAlertRule ¶
type KindBasicAlertRule string
KindBasicAlertRule enumerates the values for kind basic alert rule.
const ( // KindAlertRule ... KindAlertRule KindBasicAlertRule = "AlertRule" // KindFusion ... KindFusion KindBasicAlertRule = "Fusion" // KindMicrosoftSecurityIncidentCreation ... KindMicrosoftSecurityIncidentCreation KindBasicAlertRule = "MicrosoftSecurityIncidentCreation" // KindScheduled ... KindScheduled KindBasicAlertRule = "Scheduled" )
func PossibleKindBasicAlertRuleValues ¶
func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule
PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type.
type KindBasicAlertRuleTemplate ¶
type KindBasicAlertRuleTemplate string
KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template.
const ( // KindBasicAlertRuleTemplateKindAlertRuleTemplate ... KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate" // KindBasicAlertRuleTemplateKindFusion ... KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion" // KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ... KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation" // KindBasicAlertRuleTemplateKindScheduled ... KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled" )
func PossibleKindBasicAlertRuleTemplateValues ¶
func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate
PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type.
type KindBasicDataConnector ¶
type KindBasicDataConnector string
KindBasicDataConnector enumerates the values for kind basic data connector.
const ( // KindAmazonWebServicesCloudTrail ... KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail" // KindAzureActiveDirectory ... KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory" // KindAzureAdvancedThreatProtection ... KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection" // KindAzureSecurityCenter ... KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter" // KindDataConnector ... KindDataConnector KindBasicDataConnector = "DataConnector" // KindMicrosoftCloudAppSecurity ... KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity" // KindMicrosoftDefenderAdvancedThreatProtection ... KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection" // KindOffice365 ... KindOffice365 KindBasicDataConnector = "Office365" // KindThreatIntelligence ... KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence" )
func PossibleKindBasicDataConnectorValues ¶
func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector
PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type.
type KindBasicEntity ¶
type KindBasicEntity string
KindBasicEntity enumerates the values for kind basic entity.
const ( // KindAccount ... KindAccount KindBasicEntity = "Account" // KindAzureResource ... KindAzureResource KindBasicEntity = "AzureResource" // KindCloudApplication ... KindCloudApplication KindBasicEntity = "CloudApplication" // KindDNSResolution ... KindDNSResolution KindBasicEntity = "DnsResolution" // KindEntity ... KindEntity KindBasicEntity = "Entity" // KindFile ... KindFile KindBasicEntity = "File" // KindFileHash ... KindFileHash KindBasicEntity = "FileHash" // KindHost ... KindHost KindBasicEntity = "Host" // KindIP ... KindIP KindBasicEntity = "Ip" // KindMalware ... KindMalware KindBasicEntity = "Malware" // KindProcess ... KindProcess KindBasicEntity = "Process" // KindRegistryKey ... KindRegistryKey KindBasicEntity = "RegistryKey" // KindRegistryValue ... KindRegistryValue KindBasicEntity = "RegistryValue" // KindSecurityAlert ... KindSecurityAlert KindBasicEntity = "SecurityAlert" // KindSecurityGroup ... KindSecurityGroup KindBasicEntity = "SecurityGroup" // KindURL ... KindURL KindBasicEntity = "Url" )
func PossibleKindBasicEntityValues ¶
func PossibleKindBasicEntityValues() []KindBasicEntity
PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type.
type KindBasicSettings ¶
type KindBasicSettings string
KindBasicSettings enumerates the values for kind basic settings.
const ( // KindSettings ... KindSettings KindBasicSettings = "Settings" // KindToggleSettings ... KindToggleSettings KindBasicSettings = "ToggleSettings" // KindUebaSettings ... KindUebaSettings KindBasicSettings = "UebaSettings" )
func PossibleKindBasicSettingsValues ¶
func PossibleKindBasicSettingsValues() []KindBasicSettings
PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type.
type LicenseStatus ¶
type LicenseStatus string
LicenseStatus enumerates the values for license status.
const ( // LicenseStatusDisabled ... LicenseStatusDisabled LicenseStatus = "Disabled" // LicenseStatusEnabled ... LicenseStatusEnabled LicenseStatus = "Enabled" )
func PossibleLicenseStatusValues ¶
func PossibleLicenseStatusValues() []LicenseStatus
PossibleLicenseStatusValues returns an array of possible values for the LicenseStatus const type.
type MCASDataConnector ¶
type MCASDataConnector struct { // MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties. *MCASDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` }
MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector.
func (MCASDataConnector) AsAADDataConnector ¶
func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsAATPDataConnector ¶
func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsASCDataConnector ¶
func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsAwsCloudTrailDataConnector ¶
func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsBasicDataConnector ¶
func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsDataConnector ¶
func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsMCASDataConnector ¶
func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsMDATPDataConnector ¶
func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsOfficeDataConnector ¶
func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) AsTIDataConnector ¶
func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector.
func (MCASDataConnector) MarshalJSON ¶
func (mdc MCASDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MCASDataConnector.
func (*MCASDataConnector) UnmarshalJSON ¶
func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct.
type MCASDataConnectorDataTypes ¶
type MCASDataConnectorDataTypes struct { // DiscoveryLogs - Discovery log data type connection. DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"` // Alerts - Alerts data type connection. Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"` }
MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data connector.
type MCASDataConnectorDataTypesDiscoveryLogs ¶
type MCASDataConnectorDataTypesDiscoveryLogs struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection.
type MCASDataConnectorProperties ¶
type MCASDataConnectorProperties struct { // DataTypes - The available data types for the connector. DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"` // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties.
type MDATPDataConnector ¶
type MDATPDataConnector struct { // MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. *MDATPDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` }
MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.
func (MDATPDataConnector) AsAADDataConnector ¶
func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsAATPDataConnector ¶
func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsASCDataConnector ¶
func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsAwsCloudTrailDataConnector ¶
func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsBasicDataConnector ¶
func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsDataConnector ¶
func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsMCASDataConnector ¶
func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsMDATPDataConnector ¶
func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsOfficeDataConnector ¶
func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) AsTIDataConnector ¶
func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector.
func (MDATPDataConnector) MarshalJSON ¶
func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MDATPDataConnector.
func (*MDATPDataConnector) UnmarshalJSON ¶
func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct.
type MDATPDataConnectorProperties ¶
type MDATPDataConnectorProperties struct { // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` // DataTypes - The available data types for the connector. DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"` }
MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
type MalwareEntity ¶
type MalwareEntity struct { // MalwareEntityProperties - File entity properties *MalwareEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
MalwareEntity represents a malware entity.
func (MalwareEntity) AsAccountEntity ¶
func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsAzureResourceEntity ¶
func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsBasicEntity ¶
func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsCloudApplicationEntity ¶
func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsDNSEntity ¶
func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsEntity ¶
func (me MalwareEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsFileEntity ¶
func (me MalwareEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsFileHashEntity ¶
func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsHostEntity ¶
func (me MalwareEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsIPEntity ¶
func (me MalwareEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsMalwareEntity ¶
func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsProcessEntity ¶
func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsRegistryKeyEntity ¶
func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsRegistryValueEntity ¶
func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsSecurityAlert ¶
func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsSecurityGroupEntity ¶
func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) AsURLEntity ¶
func (me MalwareEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for MalwareEntity.
func (MalwareEntity) MarshalJSON ¶
func (me MalwareEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MalwareEntity.
func (*MalwareEntity) UnmarshalJSON ¶
func (me *MalwareEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MalwareEntity struct.
type MalwareEntityProperties ¶
type MalwareEntityProperties struct { // Category - READ-ONLY; The malware category by the vendor, e.g. Trojan Category *string `json:"category,omitempty"` // FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found FileEntityIds *[]string `json:"fileEntityIds,omitempty"` // MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn MalwareName *string `json:"malwareName,omitempty"` // ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found. ProcessEntityIds *[]string `json:"processEntityIds,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
MalwareEntityProperties malware entity property bag.
func (MalwareEntityProperties) MarshalJSON ¶
func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MalwareEntityProperties.
type MicrosoftSecurityIncidentCreationAlertRule ¶
type MicrosoftSecurityIncidentCreationAlertRule struct { // MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' Kind KindBasicAlertRule `json:"kind,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRule represents MicrosoftSecurityIncidentCreation rule.
func (MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool)
AsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
AsBasicAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
AsFusionAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
AsScheduledAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.
func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON ¶
func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRule.
func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON ¶
func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRule struct.
type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct { // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRuleCommonProperties microsoftSecurityIncidentCreation rule common property bag.
type MicrosoftSecurityIncidentCreationAlertRuleProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleProperties struct { // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // Description - The description of the alert rule. Description *string `json:"description,omitempty"` // DisplayName - The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty"` // Enabled - Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // LastModifiedUtc - READ-ONLY; The last time that this alert has been modified. LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` // Tactics - The tactics of the alert rule Tactics *[]AttackTactic `json:"tactics,omitempty"` // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property bag.
type MicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct { // MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRuleTemplate represents MicrosoftSecurityIncidentCreation rule template.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON ¶
func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate.
func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON ¶
func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate struct.
type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties ¶
type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct { // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` // DisplayName - The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' Status TemplateStatus `json:"status,omitempty"` // Tactics - The tactics of the alert rule template Tactics *[]AttackTactic `json:"tactics,omitempty"` // DisplayNamesFilter - the alerts' displayNames on which the cases will be generated DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"` // ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection' ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"` // SeveritiesFilter - the alerts' severities on which the cases will be generated SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"` }
MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule template properties
type MicrosoftSecurityProductName ¶
type MicrosoftSecurityProductName string
MicrosoftSecurityProductName enumerates the values for microsoft security product name.
const ( // AzureActiveDirectoryIdentityProtection ... AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection" // AzureAdvancedThreatProtection ... AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection" // AzureSecurityCenter ... AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center" // MicrosoftCloudAppSecurity ... MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security" )
func PossibleMicrosoftSecurityProductNameValues ¶
func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName
PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type.
type OSFamily ¶
type OSFamily string
OSFamily enumerates the values for os family.
func PossibleOSFamilyValues ¶
func PossibleOSFamilyValues() []OSFamily
PossibleOSFamilyValues returns an array of possible values for the OSFamily const type.
type OfficeConsent ¶
type OfficeConsent struct { autorest.Response `json:"-"` // OfficeConsentProperties - Office consent properties *OfficeConsentProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
OfficeConsent consent for Office365 tenant that already made.
func (OfficeConsent) MarshalJSON ¶
func (oc OfficeConsent) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for OfficeConsent.
func (*OfficeConsent) UnmarshalJSON ¶
func (oc *OfficeConsent) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for OfficeConsent struct.
type OfficeConsentList ¶
type OfficeConsentList struct { autorest.Response `json:"-"` // NextLink - READ-ONLY; URL to fetch the next set of office consents. NextLink *string `json:"nextLink,omitempty"` // Value - Array of the consents. Value *[]OfficeConsent `json:"value,omitempty"` }
OfficeConsentList list of all the office365 consents.
func (OfficeConsentList) IsEmpty ¶
func (ocl OfficeConsentList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
type OfficeConsentListIterator ¶
type OfficeConsentListIterator struct {
// contains filtered or unexported fields
}
OfficeConsentListIterator provides access to a complete listing of OfficeConsent values.
func NewOfficeConsentListIterator ¶
func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator
Creates a new instance of the OfficeConsentListIterator type.
func (*OfficeConsentListIterator) Next ¶
func (iter *OfficeConsentListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*OfficeConsentListIterator) NextWithContext ¶
func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (OfficeConsentListIterator) NotDone ¶
func (iter OfficeConsentListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (OfficeConsentListIterator) Response ¶
func (iter OfficeConsentListIterator) Response() OfficeConsentList
Response returns the raw server response from the last page request.
func (OfficeConsentListIterator) Value ¶
func (iter OfficeConsentListIterator) Value() OfficeConsent
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type OfficeConsentListPage ¶
type OfficeConsentListPage struct {
// contains filtered or unexported fields
}
OfficeConsentListPage contains a page of OfficeConsent values.
func NewOfficeConsentListPage ¶
func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage
Creates a new instance of the OfficeConsentListPage type.
func (*OfficeConsentListPage) Next ¶
func (page *OfficeConsentListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*OfficeConsentListPage) NextWithContext ¶
func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (OfficeConsentListPage) NotDone ¶
func (page OfficeConsentListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (OfficeConsentListPage) Response ¶
func (page OfficeConsentListPage) Response() OfficeConsentList
Response returns the raw server response from the last page request.
func (OfficeConsentListPage) Values ¶
func (page OfficeConsentListPage) Values() []OfficeConsent
Values returns the slice of values for the current page or nil if there are no values.
type OfficeConsentProperties ¶
type OfficeConsentProperties struct { // TenantID - The tenantId of the Office365 with the consent. TenantID *string `json:"tenantId,omitempty"` // TenantName - READ-ONLY; The tenant name of the Office365 with the consent. TenantName *string `json:"tenantName,omitempty"` }
OfficeConsentProperties consent property bag.
type OfficeConsentsClient ¶
type OfficeConsentsClient struct {
BaseClient
}
OfficeConsentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewOfficeConsentsClient ¶
func NewOfficeConsentsClient(subscriptionID string) OfficeConsentsClient
NewOfficeConsentsClient creates an instance of the OfficeConsentsClient client.
func NewOfficeConsentsClientWithBaseURI ¶
func NewOfficeConsentsClientWithBaseURI(baseURI string, subscriptionID string) OfficeConsentsClient
NewOfficeConsentsClientWithBaseURI creates an instance of the OfficeConsentsClient client.
func (OfficeConsentsClient) Delete ¶
func (client OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result autorest.Response, err error)
Delete delete the office365 consent. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. consentID - consent ID
func (OfficeConsentsClient) DeletePreparer ¶
func (client OfficeConsentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (*http.Request, error)
DeletePreparer prepares the Delete request.
func (OfficeConsentsClient) DeleteResponder ¶
func (client OfficeConsentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)
DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.
func (OfficeConsentsClient) DeleteSender ¶
DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.
func (OfficeConsentsClient) Get ¶
func (client OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result OfficeConsent, err error)
Get gets an office365 consent. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. consentID - consent ID
func (OfficeConsentsClient) GetPreparer ¶
func (client OfficeConsentsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (*http.Request, error)
GetPreparer prepares the Get request.
func (OfficeConsentsClient) GetResponder ¶
func (client OfficeConsentsClient) GetResponder(resp *http.Response) (result OfficeConsent, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (OfficeConsentsClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (OfficeConsentsClient) List ¶
func (client OfficeConsentsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result OfficeConsentListPage, err error)
List gets all office365 consents. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.
func (OfficeConsentsClient) ListComplete ¶
func (client OfficeConsentsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result OfficeConsentListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (OfficeConsentsClient) ListPreparer ¶
func (client OfficeConsentsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)
ListPreparer prepares the List request.
func (OfficeConsentsClient) ListResponder ¶
func (client OfficeConsentsClient) ListResponder(resp *http.Response) (result OfficeConsentList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (OfficeConsentsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type OfficeDataConnector ¶
type OfficeDataConnector struct { // OfficeDataConnectorProperties - Office data connector properties. *OfficeDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` }
OfficeDataConnector represents office data connector.
func (OfficeDataConnector) AsAADDataConnector ¶
func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsAATPDataConnector ¶
func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsASCDataConnector ¶
func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsAwsCloudTrailDataConnector ¶
func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsBasicDataConnector ¶
func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsDataConnector ¶
func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsMCASDataConnector ¶
func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsMDATPDataConnector ¶
func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsOfficeDataConnector ¶
func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) AsTIDataConnector ¶
func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector.
func (OfficeDataConnector) MarshalJSON ¶
func (odc OfficeDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for OfficeDataConnector.
func (*OfficeDataConnector) UnmarshalJSON ¶
func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct.
type OfficeDataConnectorDataTypes ¶
type OfficeDataConnectorDataTypes struct { // Exchange - Exchange data type connection. Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"` SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"` }
OfficeDataConnectorDataTypes the available data types for office data connector.
type OfficeDataConnectorDataTypesExchange ¶
type OfficeDataConnectorDataTypesExchange struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
OfficeDataConnectorDataTypesExchange exchange data type connection.
type OfficeDataConnectorDataTypesSharePoint ¶
type OfficeDataConnectorDataTypesSharePoint struct { DataTypeState `json:"state,omitempty"` }State
OfficeDataConnectorDataTypesSharePoint sharePoint data type connection.
type OfficeDataConnectorProperties ¶
type OfficeDataConnectorProperties struct { // DataTypes - The available data types for the connector. DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"` // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
OfficeDataConnectorProperties office data connector properties.
type Operation ¶
type Operation struct { // Display - Properties of the operation Display *OperationDisplay `json:"display,omitempty"` // Name - Name of the operation Name *string `json:"name,omitempty"` }
Operation operation provided by provider
type OperationDisplay ¶
type OperationDisplay struct { // Description - Description of the operation Description *string `json:"description,omitempty"` // Operation - Operation name Operation *string `json:"operation,omitempty"` // Provider - Provider name Provider *string `json:"provider,omitempty"` // Resource - Resource name Resource *string `json:"resource,omitempty"` }
OperationDisplay properties of the operation
type OperationsClient ¶
type OperationsClient struct {
BaseClient
}
OperationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewOperationsClient ¶
func NewOperationsClient(subscriptionID string) OperationsClient
NewOperationsClient creates an instance of the OperationsClient client.
func NewOperationsClientWithBaseURI ¶
func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient
NewOperationsClientWithBaseURI creates an instance of the OperationsClient client.
func (OperationsClient) List ¶
func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error)
List lists all operations available Azure Security Insights Resource Provider.
func (OperationsClient) ListComplete ¶
func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error)
ListComplete enumerates all values, automatically crossing page boundaries as required.
func (OperationsClient) ListPreparer ¶
ListPreparer prepares the List request.
func (OperationsClient) ListResponder ¶
func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error)
ListResponder handles the response to the List request. The method always closes the http.Response Body.
func (OperationsClient) ListSender ¶
ListSender sends the List request. The method will close the http.Response Body if it receives an error.
type OperationsList ¶
type OperationsList struct { autorest.Response `json:"-"` // NextLink - URL to fetch the next set of operations. NextLink *string `json:"nextLink,omitempty"` // Value - Array of operations Value *[]Operation `json:"value,omitempty"` }
OperationsList lists the operations available in the SecurityInsights RP.
func (OperationsList) IsEmpty ¶
func (ol OperationsList) IsEmpty() bool
IsEmpty returns true if the ListResult contains no values.
type OperationsListIterator ¶
type OperationsListIterator struct {
// contains filtered or unexported fields
}
OperationsListIterator provides access to a complete listing of Operation values.
func NewOperationsListIterator ¶
func NewOperationsListIterator(page OperationsListPage) OperationsListIterator
Creates a new instance of the OperationsListIterator type.
func (*OperationsListIterator) Next ¶
func (iter *OperationsListIterator) Next() error
Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*OperationsListIterator) NextWithContext ¶
func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.
func (OperationsListIterator) NotDone ¶
func (iter OperationsListIterator) NotDone() bool
NotDone returns true if the enumeration should be started or is not yet complete.
func (OperationsListIterator) Response ¶
func (iter OperationsListIterator) Response() OperationsList
Response returns the raw server response from the last page request.
func (OperationsListIterator) Value ¶
func (iter OperationsListIterator) Value() Operation
Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.
type OperationsListPage ¶
type OperationsListPage struct {
// contains filtered or unexported fields
}
OperationsListPage contains a page of Operation values.
func NewOperationsListPage ¶
func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage
Creates a new instance of the OperationsListPage type.
func (*OperationsListPage) Next ¶
func (page *OperationsListPage) Next() error
Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.
func (*OperationsListPage) NextWithContext ¶
func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error)
NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.
func (OperationsListPage) NotDone ¶
func (page OperationsListPage) NotDone() bool
NotDone returns true if the page enumeration should be started or is not yet complete.
func (OperationsListPage) Response ¶
func (page OperationsListPage) Response() OperationsList
Response returns the raw server response from the last page request.
func (OperationsListPage) Values ¶
func (page OperationsListPage) Values() []Operation
Values returns the slice of values for the current page or nil if there are no values.
type ProcessEntity ¶
type ProcessEntity struct { // ProcessEntityProperties - Process entity properties *ProcessEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
ProcessEntity represents a process entity.
func (ProcessEntity) AsAccountEntity ¶
func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsAzureResourceEntity ¶
func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsBasicEntity ¶
func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsCloudApplicationEntity ¶
func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsDNSEntity ¶
func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsEntity ¶
func (peVar ProcessEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsFileEntity ¶
func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsFileHashEntity ¶
func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsHostEntity ¶
func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsIPEntity ¶
func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsMalwareEntity ¶
func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsProcessEntity ¶
func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsRegistryKeyEntity ¶
func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsRegistryValueEntity ¶
func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsSecurityAlert ¶
func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsSecurityGroupEntity ¶
func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) AsURLEntity ¶
func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for ProcessEntity.
func (ProcessEntity) MarshalJSON ¶
func (peVar ProcessEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ProcessEntity.
func (*ProcessEntity) UnmarshalJSON ¶
func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ProcessEntity struct.
type ProcessEntityProperties ¶
type ProcessEntityProperties struct { // AccountEntityID - READ-ONLY; The account entity id running the processes. AccountEntityID *string `json:"accountEntityId,omitempty"` // CommandLine - READ-ONLY; The command line used to create the process CommandLine *string `json:"commandLine,omitempty"` // CreationTimeUtc - READ-ONLY; The time when the process started to run CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"` // ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited' ElevationToken ElevationToken `json:"elevationToken,omitempty"` // HostEntityID - READ-ONLY; The host entity id on which the process was running HostEntityID *string `json:"hostEntityId,omitempty"` // HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"` // ImageFileEntityID - READ-ONLY; Image file entity id ImageFileEntityID *string `json:"imageFileEntityId,omitempty"` // ParentProcessEntityID - READ-ONLY; The parent process entity id. ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"` // ProcessID - READ-ONLY; The process ID ProcessID *string `json:"processId,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
ProcessEntityProperties process entity property bag.
func (ProcessEntityProperties) MarshalJSON ¶
func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ProcessEntityProperties.
type ProductSettingsClient ¶
type ProductSettingsClient struct {
BaseClient
}
ProductSettingsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider
func NewProductSettingsClient ¶
func NewProductSettingsClient(subscriptionID string) ProductSettingsClient
NewProductSettingsClient creates an instance of the ProductSettingsClient client.
func NewProductSettingsClientWithBaseURI ¶
func NewProductSettingsClientWithBaseURI(baseURI string, subscriptionID string) ProductSettingsClient
NewProductSettingsClientWithBaseURI creates an instance of the ProductSettingsClient client.
func (ProductSettingsClient) Get ¶
func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result SettingsModel, err error)
Get gets a setting. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports- Fusion, UEBA
func (ProductSettingsClient) GetPreparer ¶
func (client ProductSettingsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (*http.Request, error)
GetPreparer prepares the Get request.
func (ProductSettingsClient) GetResponder ¶
func (client ProductSettingsClient) GetResponder(resp *http.Response) (result SettingsModel, err error)
GetResponder handles the response to the Get request. The method always closes the http.Response Body.
func (ProductSettingsClient) GetSender ¶
GetSender sends the Get request. The method will close the http.Response Body if it receives an error.
func (ProductSettingsClient) Update ¶
func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (result SettingsModel, err error)
Update updates the setting. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports- Fusion, UEBA settings - the setting
func (ProductSettingsClient) UpdatePreparer ¶
func (client ProductSettingsClient) UpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (*http.Request, error)
UpdatePreparer prepares the Update request.
func (ProductSettingsClient) UpdateResponder ¶
func (client ProductSettingsClient) UpdateResponder(resp *http.Response) (result SettingsModel, err error)
UpdateResponder handles the response to the Update request. The method always closes the http.Response Body.
func (ProductSettingsClient) UpdateSender ¶
UpdateSender sends the Update request. The method will close the http.Response Body if it receives an error.
type RegistryHive ¶
type RegistryHive string
RegistryHive enumerates the values for registry hive.
const ( // HKEYA HKEY_A HKEYA RegistryHive = "HKEY_A" // HKEYCLASSESROOT HKEY_CLASSES_ROOT HKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT" // HKEYCURRENTCONFIG HKEY_CURRENT_CONFIG HKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG" // HKEYCURRENTUSER HKEY_CURRENT_USER HKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER" // HKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS HKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS" // HKEYLOCALMACHINE HKEY_LOCAL_MACHINE HKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE" // HKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA HKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA" // HKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT HKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT" // HKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT HKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT" // HKEYUSERS HKEY_USERS HKEYUSERS RegistryHive = "HKEY_USERS" )
func PossibleRegistryHiveValues ¶
func PossibleRegistryHiveValues() []RegistryHive
PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type.
type RegistryKeyEntity ¶
type RegistryKeyEntity struct { // RegistryKeyEntityProperties - RegistryKey entity properties *RegistryKeyEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
RegistryKeyEntity represents a registry key entity.
func (RegistryKeyEntity) AsAccountEntity ¶
func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsAzureResourceEntity ¶
func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsBasicEntity ¶
func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsCloudApplicationEntity ¶
func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsDNSEntity ¶
func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsEntity ¶
func (rke RegistryKeyEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsFileEntity ¶
func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsFileHashEntity ¶
func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsHostEntity ¶
func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsIPEntity ¶
func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsMalwareEntity ¶
func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsProcessEntity ¶
func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsRegistryKeyEntity ¶
func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsRegistryValueEntity ¶
func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsSecurityAlert ¶
func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsSecurityGroupEntity ¶
func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) AsURLEntity ¶
func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for RegistryKeyEntity.
func (RegistryKeyEntity) MarshalJSON ¶
func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RegistryKeyEntity.
func (*RegistryKeyEntity) UnmarshalJSON ¶
func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for RegistryKeyEntity struct.
type RegistryKeyEntityProperties ¶
type RegistryKeyEntityProperties struct { // Hive - READ-ONLY; the hive that holds the registry key. Possible values include: 'HKEYLOCALMACHINE', 'HKEYCLASSESROOT', 'HKEYCURRENTCONFIG', 'HKEYUSERS', 'HKEYCURRENTUSERLOCALSETTINGS', 'HKEYPERFORMANCEDATA', 'HKEYPERFORMANCENLSTEXT', 'HKEYPERFORMANCETEXT', 'HKEYA', 'HKEYCURRENTUSER' Hive RegistryHive `json:"hive,omitempty"` // Key - READ-ONLY; The registry key path. Key *string `json:"key,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
RegistryKeyEntityProperties registryKey entity property bag.
func (RegistryKeyEntityProperties) MarshalJSON ¶
func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RegistryKeyEntityProperties.
type RegistryValueEntity ¶
type RegistryValueEntity struct { // RegistryValueEntityProperties - RegistryKey entity properties *RegistryValueEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
RegistryValueEntity represents a registry value entity.
func (RegistryValueEntity) AsAccountEntity ¶
func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsAzureResourceEntity ¶
func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsBasicEntity ¶
func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsCloudApplicationEntity ¶
func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsDNSEntity ¶
func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsEntity ¶
func (rve RegistryValueEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsFileEntity ¶
func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsFileHashEntity ¶
func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsHostEntity ¶
func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsIPEntity ¶
func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsMalwareEntity ¶
func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsProcessEntity ¶
func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsRegistryKeyEntity ¶
func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsRegistryValueEntity ¶
func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsSecurityAlert ¶
func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsSecurityGroupEntity ¶
func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) AsURLEntity ¶
func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for RegistryValueEntity.
func (RegistryValueEntity) MarshalJSON ¶
func (rve RegistryValueEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RegistryValueEntity.
func (*RegistryValueEntity) UnmarshalJSON ¶
func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct.
type RegistryValueEntityProperties ¶
type RegistryValueEntityProperties struct { // KeyEntityID - READ-ONLY; The registry key entity id. KeyEntityID *string `json:"keyEntityId,omitempty"` // ValueData - READ-ONLY; String formatted representation of the value data. ValueData *string `json:"valueData,omitempty"` // ValueName - READ-ONLY; The registry value name. ValueName *string `json:"valueName,omitempty"` // ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord' ValueType RegistryValueKind `json:"valueType,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
RegistryValueEntityProperties registryValue entity property bag.
func (RegistryValueEntityProperties) MarshalJSON ¶
func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RegistryValueEntityProperties.
type RegistryValueKind ¶
type RegistryValueKind string
RegistryValueKind enumerates the values for registry value kind.
const ( // RegistryValueKindBinary Binary value type RegistryValueKindBinary RegistryValueKind = "Binary" // RegistryValueKindDWord DWord value type RegistryValueKindDWord RegistryValueKind = "DWord" // RegistryValueKindExpandString ExpandString value type RegistryValueKindExpandString RegistryValueKind = "ExpandString" // RegistryValueKindMultiString MultiString value type RegistryValueKindMultiString RegistryValueKind = "MultiString" // RegistryValueKindNone None RegistryValueKindNone RegistryValueKind = "None" // RegistryValueKindQWord QWord value type RegistryValueKindQWord RegistryValueKind = "QWord" // RegistryValueKindString String value type RegistryValueKindString RegistryValueKind = "String" // RegistryValueKindUnknown Unknown value type RegistryValueKindUnknown RegistryValueKind = "Unknown" )
func PossibleRegistryValueKindValues ¶
func PossibleRegistryValueKindValues() []RegistryValueKind
PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type.
type RelationBase ¶
type RelationBase struct { // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' Kind RelationTypes `json:"kind,omitempty"` // Etag - ETag for relation Etag *string `json:"etag,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
RelationBase represents a relation
type RelationNode ¶
type RelationNode struct { // RelationNodeID - Relation Node Id RelationNodeID *string `json:"relationNodeId,omitempty"` // RelationNodeKind - READ-ONLY; The type of relation node. Possible values include: 'RelationNodeKindCase', 'RelationNodeKindBookmark' RelationNodeKind RelationNodeKind `json:"relationNodeKind,omitempty"` // Etag - Etag for relation node Etag *string `json:"etag,omitempty"` // RelationAdditionalProperties - Additional set of properties RelationAdditionalProperties map[string]*string `json:"relationAdditionalProperties"` }
RelationNode relation node
func (RelationNode) MarshalJSON ¶
func (rn RelationNode) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RelationNode.
type RelationNodeKind ¶
type RelationNodeKind string
RelationNodeKind enumerates the values for relation node kind.
const ( // RelationNodeKindBookmark Bookmark node part of the relation RelationNodeKindBookmark RelationNodeKind = "Bookmark" // RelationNodeKindCase Case node part of the relation RelationNodeKindCase RelationNodeKind = "Case" )
func PossibleRelationNodeKindValues ¶
func PossibleRelationNodeKindValues() []RelationNodeKind
PossibleRelationNodeKindValues returns an array of possible values for the RelationNodeKind const type.
type RelationTypes ¶
type RelationTypes string
RelationTypes enumerates the values for relation types.
const ( // CasesToBookmarks Relations between cases and bookmarks CasesToBookmarks RelationTypes = "CasesToBookmarks" )
func PossibleRelationTypesValues ¶
func PossibleRelationTypesValues() []RelationTypes
PossibleRelationTypesValues returns an array of possible values for the RelationTypes const type.
type RelationsModelInput ¶
type RelationsModelInput struct { // RelationsModelInputProperties - Relation input properties *RelationsModelInputProperties `json:"properties,omitempty"` // Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks' Kind RelationTypes `json:"kind,omitempty"` // Etag - ETag for relation Etag *string `json:"etag,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
RelationsModelInput relation input model
func (RelationsModelInput) MarshalJSON ¶
func (rmi RelationsModelInput) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for RelationsModelInput.
func (*RelationsModelInput) UnmarshalJSON ¶
func (rmi *RelationsModelInput) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for RelationsModelInput struct.
type RelationsModelInputProperties ¶
type RelationsModelInputProperties struct { // RelationName - Name of relation RelationName *string `json:"relationName,omitempty"` // SourceRelationNode - Relation source node SourceRelationNode *RelationNode `json:"sourceRelationNode,omitempty"` // TargetRelationNode - Relation target node TargetRelationNode *RelationNode `json:"targetRelationNode,omitempty"` }
RelationsModelInputProperties relation input properties
type Resource ¶
type Resource struct { // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` }
Resource an azure resource object
type ResourceWithEtag ¶
type ResourceWithEtag struct { // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` }
ResourceWithEtag an azure resource object with an Etag property
type ScheduledAlertRule ¶
type ScheduledAlertRule struct { // ScheduledAlertRuleProperties - Scheduled alert rule properties *ScheduledAlertRuleProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled' Kind KindBasicAlertRule `json:"kind,omitempty"` }
ScheduledAlertRule represents scheduled alert rule.
func (ScheduledAlertRule) AsAlertRule ¶
func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool)
AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.
func (ScheduledAlertRule) AsBasicAlertRule ¶
func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)
AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.
func (ScheduledAlertRule) AsFusionAlertRule ¶
func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)
AsFusionAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.
func (ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule ¶
func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.
func (ScheduledAlertRule) AsScheduledAlertRule ¶
func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)
AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.
func (ScheduledAlertRule) MarshalJSON ¶
func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ScheduledAlertRule.
func (*ScheduledAlertRule) UnmarshalJSON ¶
func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct.
type ScheduledAlertRuleCommonProperties ¶
type ScheduledAlertRuleCommonProperties struct { // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` }
ScheduledAlertRuleCommonProperties schedule alert rule template property bag.
type ScheduledAlertRuleProperties ¶
type ScheduledAlertRuleProperties struct { // AlertRuleTemplateName - The Name of the alert rule template used to create this rule. AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"` // Description - The description of the alert rule. Description *string `json:"description,omitempty"` // DisplayName - The display name for alerts created by this alert rule. DisplayName *string `json:"displayName,omitempty"` // Enabled - Determines whether this alert rule is enabled or disabled. Enabled *bool `json:"enabled,omitempty"` // LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified. LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"` // SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. SuppressionDuration *string `json:"suppressionDuration,omitempty"` // SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled. SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"` // Tactics - The tactics of the alert rule Tactics *[]AttackTactic `json:"tactics,omitempty"` // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` }
ScheduledAlertRuleProperties scheduled alert rule base property bag.
type ScheduledAlertRuleTemplate ¶
type ScheduledAlertRuleTemplate struct { // ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled' Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"` }
ScheduledAlertRuleTemplate represents scheduled alert rule template.
func (ScheduledAlertRuleTemplate) AsAlertRuleTemplate ¶
func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate ¶
func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)
AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate ¶
func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate ¶
func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate ¶
func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.
func (ScheduledAlertRuleTemplate) MarshalJSON ¶
func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate.
func (*ScheduledAlertRuleTemplate) UnmarshalJSON ¶
func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct.
type ScheduledAlertRuleTemplateProperties ¶
type ScheduledAlertRuleTemplateProperties struct { // AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"` // CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added. CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"` // Description - The description of the alert rule template. Description *string `json:"description,omitempty"` // DisplayName - The display name for alert rule template. DisplayName *string `json:"displayName,omitempty"` // RequiredDataConnectors - The required data connectors for this template RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"` // Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable' Status TemplateStatus `json:"status,omitempty"` // Tactics - The tactics of the alert rule template Tactics *[]AttackTactic `json:"tactics,omitempty"` // Query - The query that creates alerts for this rule. Query *string `json:"query,omitempty"` // QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run. QueryFrequency *string `json:"queryFrequency,omitempty"` // QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at. QueryPeriod *string `json:"queryPeriod,omitempty"` // Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual' TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"` // TriggerThreshold - The threshold triggers this alert rule. TriggerThreshold *int32 `json:"triggerThreshold,omitempty"` }
ScheduledAlertRuleTemplateProperties scheduled alert rule template properties
type SecurityAlert ¶
type SecurityAlert struct { // SecurityAlertProperties - SecurityAlert entity properties *SecurityAlertProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
SecurityAlert represents a security alert entity.
func (SecurityAlert) AsAccountEntity ¶
func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsAzureResourceEntity ¶
func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsBasicEntity ¶
func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsCloudApplicationEntity ¶
func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsDNSEntity ¶
func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsEntity ¶
func (sa SecurityAlert) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsFileEntity ¶
func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsFileHashEntity ¶
func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsHostEntity ¶
func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsIPEntity ¶
func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsMalwareEntity ¶
func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsProcessEntity ¶
func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsRegistryKeyEntity ¶
func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsRegistryValueEntity ¶
func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsSecurityAlert ¶
func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsSecurityGroupEntity ¶
func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) AsURLEntity ¶
func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for SecurityAlert.
func (SecurityAlert) MarshalJSON ¶
func (sa SecurityAlert) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for SecurityAlert.
func (*SecurityAlert) UnmarshalJSON ¶
func (sa *SecurityAlert) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for SecurityAlert struct.
type SecurityAlertProperties ¶
type SecurityAlertProperties struct { // AlertDisplayName - READ-ONLY; The display name of the alert. AlertDisplayName *string `json:"alertDisplayName,omitempty"` // AlertType - READ-ONLY; The type name of the alert. AlertType *string `json:"alertType,omitempty"` // CompromisedEntity - READ-ONLY; Display name of the main entity being reported on. CompromisedEntity *string `json:"compromisedEntity,omitempty"` // ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh' ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"` // ConfidenceReasons - READ-ONLY; The confidence reasons ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"` // ConfidenceScore - READ-ONLY; The confidence score of the alert. ConfidenceScore *float64 `json:"confidenceScore,omitempty"` // ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final' ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"` // Description - READ-ONLY; Alert description. Description *string `json:"description,omitempty"` // EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert). EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"` // Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact' Intent KillChainIntent `json:"intent,omitempty"` // ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption. ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"` // ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert. ProductComponentName *string `json:"productComponentName,omitempty"` // ProductName - READ-ONLY; The name of the product which published this alert. ProductName *string `json:"productName,omitempty"` // ProductVersion - READ-ONLY; The version of the product generating the alert. ProductVersion *string `json:"productVersion,omitempty"` // RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert. RemediationSteps *[]string `json:"remediationSteps,omitempty"` // Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational' Severity AlertSeverity `json:"severity,omitempty"` // StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert). StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"` // Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress' Status AlertStatus `json:"status,omitempty"` // SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product. SystemAlertID *string `json:"systemAlertId,omitempty"` // TimeGenerated - READ-ONLY; The time the alert was generated. TimeGenerated *date.Time `json:"timeGenerated,omitempty"` // VendorName - READ-ONLY; The name of the vendor that raise the alert. VendorName *string `json:"vendorName,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
SecurityAlertProperties securityAlert entity property bag.
func (SecurityAlertProperties) MarshalJSON ¶
func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for SecurityAlertProperties.
type SecurityAlertPropertiesConfidenceReasonsItem ¶
type SecurityAlertPropertiesConfidenceReasonsItem struct { // Reason - READ-ONLY; The reason's description Reason *string `json:"reason,omitempty"` // ReasonType - READ-ONLY; The type (category) of the reason ReasonType *string `json:"reasonType,omitempty"` }
SecurityAlertPropertiesConfidenceReasonsItem confidence reason item
type SecurityGroupEntity ¶
type SecurityGroupEntity struct { // SecurityGroupEntityProperties - SecurityGroup entity properties *SecurityGroupEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
SecurityGroupEntity represents a security group entity.
func (SecurityGroupEntity) AsAccountEntity ¶
func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsAzureResourceEntity ¶
func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsBasicEntity ¶
func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsCloudApplicationEntity ¶
func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsDNSEntity ¶
func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool)
AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsEntity ¶
func (sge SecurityGroupEntity) AsEntity() (*Entity, bool)
AsEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsFileEntity ¶
func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsFileHashEntity ¶
func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsHostEntity ¶
func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsIPEntity ¶
func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool)
AsIPEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsMalwareEntity ¶
func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsProcessEntity ¶
func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsRegistryKeyEntity ¶
func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsRegistryValueEntity ¶
func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsSecurityAlert ¶
func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsSecurityGroupEntity ¶
func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) AsURLEntity ¶
func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool)
AsURLEntity is the BasicEntity implementation for SecurityGroupEntity.
func (SecurityGroupEntity) MarshalJSON ¶
func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for SecurityGroupEntity.
func (*SecurityGroupEntity) UnmarshalJSON ¶
func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for SecurityGroupEntity struct.
type SecurityGroupEntityProperties ¶
type SecurityGroupEntityProperties struct { // DistinguishedName - READ-ONLY; The group distinguished name DistinguishedName *string `json:"distinguishedName,omitempty"` // ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory. ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"` // Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group Sid *string `json:"sid,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
SecurityGroupEntityProperties securityGroup entity property bag.
func (SecurityGroupEntityProperties) MarshalJSON ¶
func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for SecurityGroupEntityProperties.
type SettingKind ¶
type SettingKind string
SettingKind enumerates the values for setting kind.
const ( // SettingKindToggleSettings ... SettingKindToggleSettings SettingKind = "ToggleSettings" // SettingKindUebaSettings ... SettingKindUebaSettings SettingKind = "UebaSettings" )
func PossibleSettingKindValues ¶
func PossibleSettingKindValues() []SettingKind
PossibleSettingKindValues returns an array of possible values for the SettingKind const type.
type Settings ¶
type Settings struct { autorest.Response `json:"-"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` }
Settings the Setting.
func (Settings) AsBasicSettings ¶
func (s Settings) AsBasicSettings() (BasicSettings, bool)
AsBasicSettings is the BasicSettings implementation for Settings.
func (Settings) AsSettings ¶
AsSettings is the BasicSettings implementation for Settings.
func (Settings) AsToggleSettings ¶
func (s Settings) AsToggleSettings() (*ToggleSettings, bool)
AsToggleSettings is the BasicSettings implementation for Settings.
func (Settings) AsUebaSettings ¶
func (s Settings) AsUebaSettings() (*UebaSettings, bool)
AsUebaSettings is the BasicSettings implementation for Settings.
func (Settings) MarshalJSON ¶
MarshalJSON is the custom marshaler for Settings.
type SettingsKind ¶
type SettingsKind struct { // Kind - The kind of the setting. Possible values include: 'SettingKindUebaSettings', 'SettingKindToggleSettings' Kind SettingKind `json:"kind,omitempty"` }
SettingsKind describes an Azure resource with kind.
type SettingsModel ¶
type SettingsModel struct { autorest.Response `json:"-"` Value BasicSettings `json:"value,omitempty"` }
SettingsModel ...
func (*SettingsModel) UnmarshalJSON ¶
func (sm *SettingsModel) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for SettingsModel struct.
type StatusInMcas ¶
type StatusInMcas string
StatusInMcas enumerates the values for status in mcas.
const ( // StatusInMcasDisabled ... StatusInMcasDisabled StatusInMcas = "Disabled" // StatusInMcasEnabled ... StatusInMcasEnabled StatusInMcas = "Enabled" )
func PossibleStatusInMcasValues ¶
func PossibleStatusInMcasValues() []StatusInMcas
PossibleStatusInMcasValues returns an array of possible values for the StatusInMcas const type.
type TIDataConnector ¶
type TIDataConnector struct { // TIDataConnectorProperties - TI (Threat Intelligence) data connector properties. *TIDataConnectorProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence' Kind KindBasicDataConnector `json:"kind,omitempty"` }
TIDataConnector represents threat intelligence data connector.
func (TIDataConnector) AsAADDataConnector ¶
func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)
AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsAATPDataConnector ¶
func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)
AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsASCDataConnector ¶
func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)
AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsAwsCloudTrailDataConnector ¶
func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsBasicDataConnector ¶
func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)
AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsDataConnector ¶
func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool)
AsDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsMCASDataConnector ¶
func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)
AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsMDATPDataConnector ¶
func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)
AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsOfficeDataConnector ¶
func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)
AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) AsTIDataConnector ¶
func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)
AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector.
func (TIDataConnector) MarshalJSON ¶
func (tdc TIDataConnector) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for TIDataConnector.
func (*TIDataConnector) UnmarshalJSON ¶
func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for TIDataConnector struct.
type TIDataConnectorDataTypes ¶
type TIDataConnectorDataTypes struct { // Indicators - Data type for indicators connection. Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"` }
TIDataConnectorDataTypes the available data types for TI (Threat Intelligence) data connector.
type TIDataConnectorDataTypesIndicators ¶
type TIDataConnectorDataTypesIndicators struct { // State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled' State DataTypeState `json:"state,omitempty"` }
TIDataConnectorDataTypesIndicators data type for indicators connection.
type TIDataConnectorProperties ¶
type TIDataConnectorProperties struct { // DataTypes - The available data types for the connector. DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"` // TenantID - The tenant id to connect to, and get the data from. TenantID *string `json:"tenantId,omitempty"` }
TIDataConnectorProperties TI (Threat Intelligence) data connector properties.
type TemplateStatus ¶
type TemplateStatus string
TemplateStatus enumerates the values for template status.
const ( // Available Alert rule template is available. Available TemplateStatus = "Available" // Installed Alert rule template installed. and can not use more then once Installed TemplateStatus = "Installed" // NotAvailable Alert rule template is not available NotAvailable TemplateStatus = "NotAvailable" )
func PossibleTemplateStatusValues ¶
func PossibleTemplateStatusValues() []TemplateStatus
PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type.
type ThreatIntelligence ¶
type ThreatIntelligence struct { // Confidence - READ-ONLY; Confidence (must be between 0 and 1) Confidence *float64 `json:"confidence,omitempty"` // ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received ProviderName *string `json:"providerName,omitempty"` // ReportLink - READ-ONLY; Report link ReportLink *string `json:"reportLink,omitempty"` // ThreatDescription - READ-ONLY; Threat description (free text) ThreatDescription *string `json:"threatDescription,omitempty"` // ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware") ThreatName *string `json:"threatName,omitempty"` // ThreatType - READ-ONLY; Threat type (e.g. "Botnet") ThreatType *string `json:"threatType,omitempty"` }
ThreatIntelligence threatIntelligence property bag.
type ToggleSettings ¶
type ToggleSettings struct { // ToggleSettingsProperties - toggle properties *ToggleSettingsProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` }
ToggleSettings settings with single toggle.
func (ToggleSettings) AsBasicSettings ¶
func (ts ToggleSettings) AsBasicSettings() (BasicSettings, bool)
AsBasicSettings is the BasicSettings implementation for ToggleSettings.
func (ToggleSettings) AsSettings ¶
func (ts ToggleSettings) AsSettings() (*Settings, bool)
AsSettings is the BasicSettings implementation for ToggleSettings.
func (ToggleSettings) AsToggleSettings ¶
func (ts ToggleSettings) AsToggleSettings() (*ToggleSettings, bool)
AsToggleSettings is the BasicSettings implementation for ToggleSettings.
func (ToggleSettings) AsUebaSettings ¶
func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool)
AsUebaSettings is the BasicSettings implementation for ToggleSettings.
func (ToggleSettings) MarshalJSON ¶
func (ts ToggleSettings) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for ToggleSettings.
func (*ToggleSettings) UnmarshalJSON ¶
func (ts *ToggleSettings) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for ToggleSettings struct.
type ToggleSettingsProperties ¶
type ToggleSettingsProperties struct { // IsEnabled - Determines whether the setting is enable or disabled. IsEnabled *bool `json:"isEnabled,omitempty"` }
ToggleSettingsProperties toggle property bag.
type TriggerOperator ¶
type TriggerOperator string
TriggerOperator enumerates the values for trigger operator.
const ( // Equal ... Equal TriggerOperator = "Equal" // GreaterThan ... GreaterThan TriggerOperator = "GreaterThan" // LessThan ... LessThan TriggerOperator = "LessThan" // NotEqual ... NotEqual TriggerOperator = "NotEqual" )
func PossibleTriggerOperatorValues ¶
func PossibleTriggerOperatorValues() []TriggerOperator
PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type.
type URLEntity ¶
type URLEntity struct { // URLEntityProperties - Url entity properties *URLEntityProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL' Kind KindBasicEntity `json:"kind,omitempty"` }
URLEntity represents a url entity.
func (URLEntity) AsAccountEntity ¶
func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool)
AsAccountEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsAzureResourceEntity ¶
func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)
AsAzureResourceEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsBasicEntity ¶
func (ue URLEntity) AsBasicEntity() (BasicEntity, bool)
AsBasicEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsCloudApplicationEntity ¶
func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
AsCloudApplicationEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsDNSEntity ¶
AsDNSEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsFileEntity ¶
func (ue URLEntity) AsFileEntity() (*FileEntity, bool)
AsFileEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsFileHashEntity ¶
func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool)
AsFileHashEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsHostEntity ¶
func (ue URLEntity) AsHostEntity() (*HostEntity, bool)
AsHostEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsIPEntity ¶
AsIPEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsMalwareEntity ¶
func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool)
AsMalwareEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsProcessEntity ¶
func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool)
AsProcessEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsRegistryKeyEntity ¶
func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
AsRegistryKeyEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsRegistryValueEntity ¶
func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)
AsRegistryValueEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsSecurityAlert ¶
func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool)
AsSecurityAlert is the BasicEntity implementation for URLEntity.
func (URLEntity) AsSecurityGroupEntity ¶
func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
AsSecurityGroupEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) AsURLEntity ¶
AsURLEntity is the BasicEntity implementation for URLEntity.
func (URLEntity) MarshalJSON ¶
MarshalJSON is the custom marshaler for URLEntity.
func (*URLEntity) UnmarshalJSON ¶
UnmarshalJSON is the custom unmarshaler for URLEntity struct.
type URLEntityProperties ¶
type URLEntityProperties struct { // URL - READ-ONLY; A full URL the entity points to URL *string `json:"url,omitempty"` // AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user. AdditionalData map[string]interface{} `json:"additionalData"` // FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. FriendlyName *string `json:"friendlyName,omitempty"` }
URLEntityProperties url entity property bag.
func (URLEntityProperties) MarshalJSON ¶
func (uep URLEntityProperties) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for URLEntityProperties.
type UebaSettings ¶
type UebaSettings struct { // UebaSettingsProperties - User and Entity Behavior Analytics settings properties *UebaSettingsProperties `json:"properties,omitempty"` // ID - READ-ONLY; Azure resource Id ID *string `json:"id,omitempty"` // Name - READ-ONLY; Azure resource name Name *string `json:"name,omitempty"` // Type - READ-ONLY; Azure resource type Type *string `json:"type,omitempty"` // Etag - Etag of the azure resource Etag *string `json:"etag,omitempty"` // Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings' Kind KindBasicSettings `json:"kind,omitempty"` }
UebaSettings represents settings for User and Entity Behavior Analytics enablement.
func (UebaSettings) AsBasicSettings ¶
func (us UebaSettings) AsBasicSettings() (BasicSettings, bool)
AsBasicSettings is the BasicSettings implementation for UebaSettings.
func (UebaSettings) AsSettings ¶
func (us UebaSettings) AsSettings() (*Settings, bool)
AsSettings is the BasicSettings implementation for UebaSettings.
func (UebaSettings) AsToggleSettings ¶
func (us UebaSettings) AsToggleSettings() (*ToggleSettings, bool)
AsToggleSettings is the BasicSettings implementation for UebaSettings.
func (UebaSettings) AsUebaSettings ¶
func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool)
AsUebaSettings is the BasicSettings implementation for UebaSettings.
func (UebaSettings) MarshalJSON ¶
func (us UebaSettings) MarshalJSON() ([]byte, error)
MarshalJSON is the custom marshaler for UebaSettings.
func (*UebaSettings) UnmarshalJSON ¶
func (us *UebaSettings) UnmarshalJSON(body []byte) error
UnmarshalJSON is the custom unmarshaler for UebaSettings struct.
type UebaSettingsProperties ¶
type UebaSettingsProperties struct { // AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled' AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"` // IsEnabled - Determines whether User and Entity Behavior Analytics is enabled for this workspace. IsEnabled *bool `json:"isEnabled,omitempty"` // StatusInMcas - READ-ONLY; Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: 'StatusInMcasEnabled', 'StatusInMcasDisabled' StatusInMcas StatusInMcas `json:"statusInMcas,omitempty"` }
UebaSettingsProperties user and Entity Behavior Analytics settings property bag.
type UserInfo ¶
type UserInfo struct { // Email - READ-ONLY; The email of the user. Email *string `json:"email,omitempty"` // Name - READ-ONLY; The name of the user. Name *string `json:"name,omitempty"` // ObjectID - The object id of the user. ObjectID *uuid.UUID `json:"objectId,omitempty"` }
UserInfo user information that made some action