securityinsight

package
v34.0.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 30, 2019 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package securityinsight implements the Azure ARM Securityinsight service API version 2019-01-01-preview.

API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

Index

Constants

View Source
const (
	// DefaultBaseURI is the default URI used for the service Securityinsight
	DefaultBaseURI = "https://management.azure.com"
)

Variables

This section is empty.

Functions

func UserAgent

func UserAgent() string

UserAgent returns the UserAgent string to use when sending http.Requests.

func Version

func Version() string

Version returns the semantic version (see http://semver.org) of the client.

Types

type AADDataConnector

type AADDataConnector struct {
	// AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties.
	*AADDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AADDataConnector represents AAD (Azure Active Directory) data connector.

func (AADDataConnector) AsAADDataConnector

func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAATPDataConnector

func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsASCDataConnector

func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAwsCloudTrailDataConnector

func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsBasicDataConnector

func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsDataConnector

func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMCASDataConnector

func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMDATPDataConnector

func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsOfficeDataConnector

func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsTIDataConnector

func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) MarshalJSON

func (adc AADDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AADDataConnector.

func (*AADDataConnector) UnmarshalJSON

func (adc *AADDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AADDataConnector struct.

type AADDataConnectorProperties

type AADDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AADDataConnectorProperties AAD (Azure Active Directory) data connector properties.

type AATPDataConnector

type AATPDataConnector struct {
	// AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties.
	*AATPDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector.

func (AATPDataConnector) AsAADDataConnector

func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAATPDataConnector

func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsASCDataConnector

func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAwsCloudTrailDataConnector

func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsBasicDataConnector

func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsDataConnector

func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMCASDataConnector

func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMDATPDataConnector

func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsOfficeDataConnector

func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsTIDataConnector

func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) MarshalJSON

func (adc AATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AATPDataConnector.

func (*AATPDataConnector) UnmarshalJSON

func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct.

type AATPDataConnectorProperties

type AATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties.

type ASCDataConnector

type ASCDataConnector struct {
	// ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties.
	*ASCDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

ASCDataConnector represents ASC (Azure Security Center) data connector.

func (ASCDataConnector) AsAADDataConnector

func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAATPDataConnector

func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsASCDataConnector

func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAwsCloudTrailDataConnector

func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsBasicDataConnector

func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsDataConnector

func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMCASDataConnector

func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMDATPDataConnector

func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsOfficeDataConnector

func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsTIDataConnector

func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) MarshalJSON

func (adc ASCDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ASCDataConnector.

func (*ASCDataConnector) UnmarshalJSON

func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ASCDataConnector struct.

type ASCDataConnectorProperties

type ASCDataConnectorProperties struct {
	// SubscriptionID - The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

ASCDataConnectorProperties ASC (Azure Security Center) data connector properties.

type AccountEntity

type AccountEntity struct {
	// AccountEntityProperties - Account entity properties
	*AccountEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

AccountEntity represents an account entity.

func (AccountEntity) AsAccountEntity

func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsAzureResourceEntity

func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsBasicEntity

func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsCloudApplicationEntity

func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsDNSEntity

func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsEntity

func (ae AccountEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsFileEntity

func (ae AccountEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsFileHashEntity

func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsHostEntity

func (ae AccountEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsIPEntity

func (ae AccountEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsMalwareEntity

func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsProcessEntity

func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsRegistryKeyEntity

func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsRegistryValueEntity

func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSecurityAlert

func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSecurityGroupEntity

func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsURLEntity

func (ae AccountEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) MarshalJSON

func (ae AccountEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AccountEntity.

func (*AccountEntity) UnmarshalJSON

func (ae *AccountEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AccountEntity struct.

type AccountEntityProperties

type AccountEntityProperties struct {
	// AadTenantID - READ-ONLY; The Azure Active Directory tenant id.
	AadTenantID *string `json:"aadTenantId,omitempty"`
	// AadUserID - READ-ONLY; The Azure Active Directory user id.
	AadUserID *string `json:"aadUserId,omitempty"`
	// AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.
	AccountName *string `json:"accountName,omitempty"`
	// DisplayName - READ-ONLY; The display name of the account.
	DisplayName *string `json:"displayName,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined)
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// IsDomainJoined - READ-ONLY; Determines whether this is a domain account.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty"`
	// NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY.
	NtDomain *string `json:"ntDomain,omitempty"`
	// ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"`
	// Puid - READ-ONLY; The Azure Active Directory Passport User ID.
	Puid *string `json:"puid,omitempty"`
	// Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18.
	Sid *string `json:"sid,omitempty"`
	// UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.
	UpnSuffix *string `json:"upnSuffix,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

AccountEntityProperties account entity property bag.

func (AccountEntityProperties) MarshalJSON

func (aep AccountEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AccountEntityProperties.

type ActionRequest

type ActionRequest struct {
	// ActionRequestProperties - Action properties for put request
	*ActionRequestProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ActionRequest action for alert rule.

func (ActionRequest) MarshalJSON

func (ar ActionRequest) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionRequest.

func (*ActionRequest) UnmarshalJSON

func (ar *ActionRequest) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActionRequest struct.

type ActionRequestProperties

type ActionRequestProperties struct {
	// TriggerURI - Logic App Callback URL for this specific workflow.
	TriggerURI *string `json:"triggerUri,omitempty"`
}

ActionRequestProperties action property bag.

type ActionResponse

type ActionResponse struct {
	autorest.Response `json:"-"`
	// Etag - Etag of the action.
	Etag *string `json:"etag,omitempty"`
	// ActionResponseProperties - Action properties for get request
	*ActionResponseProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

ActionResponse action for alert rule.

func (ActionResponse) MarshalJSON

func (ar ActionResponse) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionResponse.

func (*ActionResponse) UnmarshalJSON

func (ar *ActionResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActionResponse struct.

type ActionResponseProperties

type ActionResponseProperties struct {
	// WorkflowID - The name of the logic app's workflow.
	WorkflowID *string `json:"workflowId,omitempty"`
}

ActionResponseProperties action property bag.

type ActionsClient

type ActionsClient struct {
	BaseClient
}

ActionsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewActionsClient

func NewActionsClient(subscriptionID string) ActionsClient

NewActionsClient creates an instance of the ActionsClient client.

func NewActionsClientWithBaseURI

func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient

NewActionsClientWithBaseURI creates an instance of the ActionsClient client.

func (ActionsClient) ListByAlertRule

func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListPage, err error)

ListByAlertRule gets all actions of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (ActionsClient) ListByAlertRuleComplete

func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListIterator, err error)

ListByAlertRuleComplete enumerates all values, automatically crossing page boundaries as required.

func (ActionsClient) ListByAlertRulePreparer

func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

ListByAlertRulePreparer prepares the ListByAlertRule request.

func (ActionsClient) ListByAlertRuleResponder

func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error)

ListByAlertRuleResponder handles the response to the ListByAlertRule request. The method always closes the http.Response Body.

func (ActionsClient) ListByAlertRuleSender

func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error)

ListByAlertRuleSender sends the ListByAlertRule request. The method will close the http.Response Body if it receives an error.

type ActionsList

type ActionsList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of actions.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of actions.
	Value *[]ActionResponse `json:"value,omitempty"`
}

ActionsList list all the actions.

func (ActionsList) IsEmpty

func (al ActionsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type ActionsListIterator

type ActionsListIterator struct {
	// contains filtered or unexported fields
}

ActionsListIterator provides access to a complete listing of ActionResponse values.

func NewActionsListIterator

func NewActionsListIterator(page ActionsListPage) ActionsListIterator

Creates a new instance of the ActionsListIterator type.

func (*ActionsListIterator) Next

func (iter *ActionsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListIterator) NextWithContext

func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (ActionsListIterator) NotDone

func (iter ActionsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (ActionsListIterator) Response

func (iter ActionsListIterator) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListIterator) Value

func (iter ActionsListIterator) Value() ActionResponse

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type ActionsListPage

type ActionsListPage struct {
	// contains filtered or unexported fields
}

ActionsListPage contains a page of ActionResponse values.

func NewActionsListPage

func NewActionsListPage(getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage

Creates a new instance of the ActionsListPage type.

func (*ActionsListPage) Next

func (page *ActionsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListPage) NextWithContext

func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (ActionsListPage) NotDone

func (page ActionsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (ActionsListPage) Response

func (page ActionsListPage) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListPage) Values

func (page ActionsListPage) Values() []ActionResponse

Values returns the slice of values for the current page or nil if there are no values.

type Aggregations

type Aggregations struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation'
	Kind Kind `json:"kind,omitempty"`
}

Aggregations the aggregation.

func (Aggregations) AsAggregations

func (a Aggregations) AsAggregations() (*Aggregations, bool)

AsAggregations is the BasicAggregations implementation for Aggregations.

func (Aggregations) AsBasicAggregations

func (a Aggregations) AsBasicAggregations() (BasicAggregations, bool)

AsBasicAggregations is the BasicAggregations implementation for Aggregations.

func (Aggregations) AsCasesAggregation

func (a Aggregations) AsCasesAggregation() (*CasesAggregation, bool)

AsCasesAggregation is the BasicAggregations implementation for Aggregations.

func (Aggregations) MarshalJSON

func (a Aggregations) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Aggregations.

type AggregationsKind

type AggregationsKind string

AggregationsKind enumerates the values for aggregations kind.

const (
	// AggregationsKindCasesAggregation ...
	AggregationsKindCasesAggregation AggregationsKind = "CasesAggregation"
)

func PossibleAggregationsKindValues

func PossibleAggregationsKindValues() []AggregationsKind

PossibleAggregationsKindValues returns an array of possible values for the AggregationsKind const type.

type AggregationsKind1

type AggregationsKind1 struct {
	// Kind - The kind of the setting. Possible values include: 'AggregationsKindCasesAggregation'
	Kind AggregationsKind `json:"kind,omitempty"`
}

AggregationsKind1 describes an Azure resource with kind.

type AggregationsModel

type AggregationsModel struct {
	autorest.Response `json:"-"`
	Value             BasicAggregations `json:"value,omitempty"`
}

AggregationsModel ...

func (*AggregationsModel) UnmarshalJSON

func (am *AggregationsModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AggregationsModel struct.

type AlertRule

type AlertRule struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

AlertRule alert rule.

func (AlertRule) AsAlertRule

func (ar AlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsBasicAlertRule

func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsFusionAlertRule

func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule

func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsScheduledAlertRule

func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) MarshalJSON

func (ar AlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRule.

type AlertRuleKind

type AlertRuleKind string

AlertRuleKind enumerates the values for alert rule kind.

const (
	// Fusion ...
	Fusion AlertRuleKind = "Fusion"
	// MicrosoftSecurityIncidentCreation ...
	MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation"
	// Scheduled ...
	Scheduled AlertRuleKind = "Scheduled"
)

func PossibleAlertRuleKindValues

func PossibleAlertRuleKindValues() []AlertRuleKind

PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type.

type AlertRuleKind1

type AlertRuleKind1 struct {
	// Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion'
	Kind AlertRuleKind `json:"kind,omitempty"`
}

AlertRuleKind1 describes an Azure resource with kind.

type AlertRuleModel

type AlertRuleModel struct {
	autorest.Response `json:"-"`
	Value             BasicAlertRule `json:"value,omitempty"`
}

AlertRuleModel ...

func (*AlertRuleModel) UnmarshalJSON

func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleModel struct.

type AlertRuleTemplate

type AlertRuleTemplate struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

AlertRuleTemplate alert rule template.

func (AlertRuleTemplate) AsAlertRuleTemplate

func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsBasicAlertRuleTemplate

func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsFusionAlertRuleTemplate

func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate

func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsScheduledAlertRuleTemplate

func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) MarshalJSON

func (art AlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplate.

type AlertRuleTemplateModel

type AlertRuleTemplateModel struct {
	autorest.Response `json:"-"`
	Value             BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplateModel ...

func (*AlertRuleTemplateModel) UnmarshalJSON

func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct.

type AlertRuleTemplatePropertiesBase

type AlertRuleTemplatePropertiesBase struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data connectors for this template
	RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

AlertRuleTemplatePropertiesBase base alert rule template property bag.

type AlertRuleTemplatesClient

type AlertRuleTemplatesClient struct {
	BaseClient
}

AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRuleTemplatesClient

func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client.

func NewAlertRuleTemplatesClientWithBaseURI

func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client.

func (AlertRuleTemplatesClient) Get

func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error)

Get gets the alert rule template. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. alertRuleTemplateID - alert rule template ID

func (AlertRuleTemplatesClient) GetPreparer

func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRuleTemplatesClient) GetResponder

func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) GetSender

func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRuleTemplatesClient) List

func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListPage, err error)

List gets all alert rule templates. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (AlertRuleTemplatesClient) ListComplete

func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRuleTemplatesClient) ListPreparer

func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRuleTemplatesClient) ListResponder

func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) ListSender

func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRuleTemplatesList

type AlertRuleTemplatesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of alert rule templates.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of alert rule templates.
	Value *[]BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplatesList list all the alert rule templates.

func (AlertRuleTemplatesList) IsEmpty

func (artl AlertRuleTemplatesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (*AlertRuleTemplatesList) UnmarshalJSON

func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct.

type AlertRuleTemplatesListIterator

type AlertRuleTemplatesListIterator struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values.

func NewAlertRuleTemplatesListIterator

func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator

Creates a new instance of the AlertRuleTemplatesListIterator type.

func (*AlertRuleTemplatesListIterator) Next

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListIterator) NextWithContext

func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRuleTemplatesListIterator) NotDone

func (iter AlertRuleTemplatesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListIterator) Response

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRuleTemplatesListPage

type AlertRuleTemplatesListPage struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values.

func NewAlertRuleTemplatesListPage

func NewAlertRuleTemplatesListPage(getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage

Creates a new instance of the AlertRuleTemplatesListPage type.

func (*AlertRuleTemplatesListPage) Next

func (page *AlertRuleTemplatesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListPage) NextWithContext

func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRuleTemplatesListPage) NotDone

func (page AlertRuleTemplatesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListPage) Response

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListPage) Values

Values returns the slice of values for the current page or nil if there are no values.

type AlertRulesClient

type AlertRulesClient struct {
	BaseClient
}

AlertRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRulesClient

func NewAlertRulesClient(subscriptionID string) AlertRulesClient

NewAlertRulesClient creates an instance of the AlertRulesClient client.

func NewAlertRulesClientWithBaseURI

func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient

NewAlertRulesClientWithBaseURI creates an instance of the AlertRulesClient client.

func (AlertRulesClient) CreateOrUpdate

func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (result AlertRuleModel, err error)

CreateOrUpdate creates or updates the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID alertRule - the alert rule

func (AlertRulesClient) CreateOrUpdateAction

func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (result ActionResponse, err error)

CreateOrUpdateAction creates or updates the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID action - the action

func (AlertRulesClient) CreateOrUpdateActionPreparer

func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (*http.Request, error)

CreateOrUpdateActionPreparer prepares the CreateOrUpdateAction request.

func (AlertRulesClient) CreateOrUpdateActionResponder

func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error)

CreateOrUpdateActionResponder handles the response to the CreateOrUpdateAction request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateActionSender

func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error)

CreateOrUpdateActionSender sends the CreateOrUpdateAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) CreateOrUpdatePreparer

func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (AlertRulesClient) CreateOrUpdateResponder

func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateSender

func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Delete

func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result autorest.Response, err error)

Delete delete the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) DeleteAction

func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error)

DeleteAction delete the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (AlertRulesClient) DeleteActionPreparer

func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

DeleteActionPreparer prepares the DeleteAction request.

func (AlertRulesClient) DeleteActionResponder

func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error)

DeleteActionResponder handles the response to the DeleteAction request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteActionSender

func (client AlertRulesClient) DeleteActionSender(req *http.Request) (*http.Response, error)

DeleteActionSender sends the DeleteAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) DeletePreparer

func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (AlertRulesClient) DeleteResponder

func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteSender

func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Get

func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result AlertRuleModel, err error)

Get gets the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) GetAction

func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result ActionResponse, err error)

GetAction gets the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (AlertRulesClient) GetActionPreparer

func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

GetActionPreparer prepares the GetAction request.

func (AlertRulesClient) GetActionResponder

func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error)

GetActionResponder handles the response to the GetAction request. The method always closes the http.Response Body.

func (AlertRulesClient) GetActionSender

func (client AlertRulesClient) GetActionSender(req *http.Request) (*http.Response, error)

GetActionSender sends the GetAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) GetPreparer

func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRulesClient) GetResponder

func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRulesClient) GetSender

func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) List

func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListPage, err error)

List gets all alert rules. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (AlertRulesClient) ListComplete

func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRulesClient) ListPreparer

func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRulesClient) ListResponder

func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRulesClient) ListSender

func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRulesList

type AlertRulesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of alert rules.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of alert rules.
	Value *[]BasicAlertRule `json:"value,omitempty"`
}

AlertRulesList list all the alert rules.

func (AlertRulesList) IsEmpty

func (arl AlertRulesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (*AlertRulesList) UnmarshalJSON

func (arl *AlertRulesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRulesList struct.

type AlertRulesListIterator

type AlertRulesListIterator struct {
	// contains filtered or unexported fields
}

AlertRulesListIterator provides access to a complete listing of AlertRule values.

func NewAlertRulesListIterator

func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator

Creates a new instance of the AlertRulesListIterator type.

func (*AlertRulesListIterator) Next

func (iter *AlertRulesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListIterator) NextWithContext

func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRulesListIterator) NotDone

func (iter AlertRulesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRulesListIterator) Response

func (iter AlertRulesListIterator) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRulesListPage

type AlertRulesListPage struct {
	// contains filtered or unexported fields
}

AlertRulesListPage contains a page of BasicAlertRule values.

func NewAlertRulesListPage

func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage

Creates a new instance of the AlertRulesListPage type.

func (*AlertRulesListPage) Next

func (page *AlertRulesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListPage) NextWithContext

func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRulesListPage) NotDone

func (page AlertRulesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRulesListPage) Response

func (page AlertRulesListPage) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListPage) Values

func (page AlertRulesListPage) Values() []BasicAlertRule

Values returns the slice of values for the current page or nil if there are no values.

type AlertSeverity

type AlertSeverity string

AlertSeverity enumerates the values for alert severity.

const (
	// High High severity
	High AlertSeverity = "High"
	// Informational Informational severity
	Informational AlertSeverity = "Informational"
	// Low Low severity
	Low AlertSeverity = "Low"
	// Medium Medium severity
	Medium AlertSeverity = "Medium"
)

func PossibleAlertSeverityValues

func PossibleAlertSeverityValues() []AlertSeverity

PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type.

type AlertStatus

type AlertStatus string

AlertStatus enumerates the values for alert status.

const (
	// AlertStatusDismissed Alert dismissed as false positive
	AlertStatusDismissed AlertStatus = "Dismissed"
	// AlertStatusInProgress Alert is being handled
	AlertStatusInProgress AlertStatus = "InProgress"
	// AlertStatusNew New alert
	AlertStatusNew AlertStatus = "New"
	// AlertStatusResolved Alert closed after handling
	AlertStatusResolved AlertStatus = "Resolved"
	// AlertStatusUnknown Unknown value
	AlertStatusUnknown AlertStatus = "Unknown"
)

func PossibleAlertStatusValues

func PossibleAlertStatusValues() []AlertStatus

PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type.

type AlertsDataTypeOfDataConnector

type AlertsDataTypeOfDataConnector struct {
	// Alerts - Alerts data type connection.
	Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"`
}

AlertsDataTypeOfDataConnector alerts data type for data connectors.

type AlertsDataTypeOfDataConnectorAlerts

type AlertsDataTypeOfDataConnectorAlerts struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

AlertsDataTypeOfDataConnectorAlerts alerts data type connection.

type AttackTactic

type AttackTactic string

AttackTactic enumerates the values for attack tactic.

const (
	// Collection ...
	Collection AttackTactic = "Collection"
	// CommandAndControl ...
	CommandAndControl AttackTactic = "CommandAndControl"
	// CredentialAccess ...
	CredentialAccess AttackTactic = "CredentialAccess"
	// DefenseEvasion ...
	DefenseEvasion AttackTactic = "DefenseEvasion"
	// Discovery ...
	Discovery AttackTactic = "Discovery"
	// Execution ...
	Execution AttackTactic = "Execution"
	// Exfiltration ...
	Exfiltration AttackTactic = "Exfiltration"
	// Impact ...
	Impact AttackTactic = "Impact"
	// InitialAccess ...
	InitialAccess AttackTactic = "InitialAccess"
	// LateralMovement ...
	LateralMovement AttackTactic = "LateralMovement"
	// Persistence ...
	Persistence AttackTactic = "Persistence"
	// PrivilegeEscalation ...
	PrivilegeEscalation AttackTactic = "PrivilegeEscalation"
)

func PossibleAttackTacticValues

func PossibleAttackTacticValues() []AttackTactic

PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type.

type AwsCloudTrailDataConnector

type AwsCloudTrailDataConnector struct {
	// AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.
	*AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector.

func (AwsCloudTrailDataConnector) AsAADDataConnector

func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAATPDataConnector

func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsASCDataConnector

func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector

func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsBasicDataConnector

func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsDataConnector

func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMCASDataConnector

func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMDATPDataConnector

func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsOfficeDataConnector

func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsTIDataConnector

func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) MarshalJSON

func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector.

func (*AwsCloudTrailDataConnector) UnmarshalJSON

func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct.

type AwsCloudTrailDataConnectorDataTypes

type AwsCloudTrailDataConnectorDataTypes struct {
	// Logs - Logs data type.
	Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data connector.

type AwsCloudTrailDataConnectorDataTypesLogs

type AwsCloudTrailDataConnectorDataTypesLogs struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

AwsCloudTrailDataConnectorDataTypesLogs logs data type.

type AwsCloudTrailDataConnectorProperties

type AwsCloudTrailDataConnectorProperties struct {
	// AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
	AwsRoleArn *string `json:"awsRoleArn,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"`
}

AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties.

type AzureResourceEntity

type AzureResourceEntity struct {
	// AzureResourceEntityProperties - AzureResource entity properties
	*AzureResourceEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

AzureResourceEntity represents an azure resource entity.

func (AzureResourceEntity) AsAccountEntity

func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsAzureResourceEntity

func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsBasicEntity

func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsCloudApplicationEntity

func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsDNSEntity

func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsEntity

func (are AzureResourceEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsFileEntity

func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsFileHashEntity

func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsHostEntity

func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsIPEntity

func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsMalwareEntity

func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsProcessEntity

func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsRegistryKeyEntity

func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsRegistryValueEntity

func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSecurityAlert

func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSecurityGroupEntity

func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsURLEntity

func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) MarshalJSON

func (are AzureResourceEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureResourceEntity.

func (*AzureResourceEntity) UnmarshalJSON

func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct.

type AzureResourceEntityProperties

type AzureResourceEntityProperties struct {
	// ResourceID - READ-ONLY; The azure resource id of the resource
	ResourceID *string `json:"resourceId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

AzureResourceEntityProperties azureResource entity property bag.

func (AzureResourceEntityProperties) MarshalJSON

func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureResourceEntityProperties.

type BaseClient

type BaseClient struct {
	autorest.Client
	BaseURI        string
	SubscriptionID string
}

BaseClient is the base client for Securityinsight.

func New

func New(subscriptionID string) BaseClient

New creates an instance of the BaseClient client.

func NewWithBaseURI

func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient

NewWithBaseURI creates an instance of the BaseClient client.

type BasicAggregations

type BasicAggregations interface {
	AsCasesAggregation() (*CasesAggregation, bool)
	AsAggregations() (*Aggregations, bool)
}

BasicAggregations the aggregation.

type BasicAlertRule

type BasicAlertRule interface {
	AsFusionAlertRule() (*FusionAlertRule, bool)
	AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
	AsScheduledAlertRule() (*ScheduledAlertRule, bool)
	AsAlertRule() (*AlertRule, bool)
}

BasicAlertRule alert rule.

type BasicAlertRuleTemplate

type BasicAlertRuleTemplate interface {
	AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
	AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
	AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
	AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
}

BasicAlertRuleTemplate alert rule template.

type BasicDataConnector

type BasicDataConnector interface {
	AsAADDataConnector() (*AADDataConnector, bool)
	AsAATPDataConnector() (*AATPDataConnector, bool)
	AsASCDataConnector() (*ASCDataConnector, bool)
	AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
	AsMCASDataConnector() (*MCASDataConnector, bool)
	AsMDATPDataConnector() (*MDATPDataConnector, bool)
	AsOfficeDataConnector() (*OfficeDataConnector, bool)
	AsTIDataConnector() (*TIDataConnector, bool)
	AsDataConnector() (*DataConnector, bool)
}

BasicDataConnector data connector.

type BasicEntity

type BasicEntity interface {
	AsAccountEntity() (*AccountEntity, bool)
	AsAzureResourceEntity() (*AzureResourceEntity, bool)
	AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
	AsDNSEntity() (*DNSEntity, bool)
	AsFileEntity() (*FileEntity, bool)
	AsFileHashEntity() (*FileHashEntity, bool)
	AsHostEntity() (*HostEntity, bool)
	AsIPEntity() (*IPEntity, bool)
	AsMalwareEntity() (*MalwareEntity, bool)
	AsProcessEntity() (*ProcessEntity, bool)
	AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
	AsRegistryValueEntity() (*RegistryValueEntity, bool)
	AsSecurityAlert() (*SecurityAlert, bool)
	AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
	AsURLEntity() (*URLEntity, bool)
	AsEntity() (*Entity, bool)
}

BasicEntity specific entity.

type BasicSettings

type BasicSettings interface {
	AsToggleSettings() (*ToggleSettings, bool)
	AsUebaSettings() (*UebaSettings, bool)
	AsSettings() (*Settings, bool)
}

BasicSettings the Setting.

type Bookmark

type Bookmark struct {
	autorest.Response `json:"-"`
	// BookmarkProperties - Bookmark properties
	*BookmarkProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Bookmark represents a bookmark in Azure Security Insights.

func (Bookmark) MarshalJSON

func (b Bookmark) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Bookmark.

func (*Bookmark) UnmarshalJSON

func (b *Bookmark) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Bookmark struct.

type BookmarkList

type BookmarkList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of cases.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of bookmarks.
	Value *[]Bookmark `json:"value,omitempty"`
}

BookmarkList list all the bookmarks.

func (BookmarkList) IsEmpty

func (bl BookmarkList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type BookmarkListIterator

type BookmarkListIterator struct {
	// contains filtered or unexported fields
}

BookmarkListIterator provides access to a complete listing of Bookmark values.

func NewBookmarkListIterator

func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator

Creates a new instance of the BookmarkListIterator type.

func (*BookmarkListIterator) Next

func (iter *BookmarkListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListIterator) NextWithContext

func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (BookmarkListIterator) NotDone

func (iter BookmarkListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (BookmarkListIterator) Response

func (iter BookmarkListIterator) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListIterator) Value

func (iter BookmarkListIterator) Value() Bookmark

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type BookmarkListPage

type BookmarkListPage struct {
	// contains filtered or unexported fields
}

BookmarkListPage contains a page of Bookmark values.

func NewBookmarkListPage

func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage

Creates a new instance of the BookmarkListPage type.

func (*BookmarkListPage) Next

func (page *BookmarkListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListPage) NextWithContext

func (page *BookmarkListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (BookmarkListPage) NotDone

func (page BookmarkListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (BookmarkListPage) Response

func (page BookmarkListPage) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListPage) Values

func (page BookmarkListPage) Values() []Bookmark

Values returns the slice of values for the current page or nil if there are no values.

type BookmarkProperties

type BookmarkProperties struct {
	// Created - The time the bookmark was created
	Created *date.Time `json:"created,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// DisplayName - The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// Query - The query of the bookmark.
	Query *string `json:"query,omitempty"`
	// QueryResult - The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`
	// Updated - The last time the bookmark was updated
	Updated *date.Time `json:"updated,omitempty"`
	// UpdatedBy - Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
}

BookmarkProperties describes bookmark properties

type BookmarkRelation

type BookmarkRelation struct {
	autorest.Response `json:"-"`
	// BookmarkRelationProperties - Bookmark relation properties
	*BookmarkRelationProperties `json:"properties,omitempty"`
	// Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks'
	Kind RelationTypes `json:"kind,omitempty"`
	// Etag - ETag for relation
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

BookmarkRelation represents a bookmark relation

func (BookmarkRelation) MarshalJSON

func (br BookmarkRelation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for BookmarkRelation.

func (*BookmarkRelation) UnmarshalJSON

func (br *BookmarkRelation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for BookmarkRelation struct.

type BookmarkRelationList

type BookmarkRelationList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of relations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of relations.
	Value *[]BookmarkRelation `json:"value,omitempty"`
}

BookmarkRelationList list of bookmark relations.

func (BookmarkRelationList) IsEmpty

func (brl BookmarkRelationList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type BookmarkRelationListIterator

type BookmarkRelationListIterator struct {
	// contains filtered or unexported fields
}

BookmarkRelationListIterator provides access to a complete listing of BookmarkRelation values.

func NewBookmarkRelationListIterator

func NewBookmarkRelationListIterator(page BookmarkRelationListPage) BookmarkRelationListIterator

Creates a new instance of the BookmarkRelationListIterator type.

func (*BookmarkRelationListIterator) Next

func (iter *BookmarkRelationListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkRelationListIterator) NextWithContext

func (iter *BookmarkRelationListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (BookmarkRelationListIterator) NotDone

func (iter BookmarkRelationListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (BookmarkRelationListIterator) Response

Response returns the raw server response from the last page request.

func (BookmarkRelationListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type BookmarkRelationListPage

type BookmarkRelationListPage struct {
	// contains filtered or unexported fields
}

BookmarkRelationListPage contains a page of BookmarkRelation values.

func NewBookmarkRelationListPage

func NewBookmarkRelationListPage(getNextPage func(context.Context, BookmarkRelationList) (BookmarkRelationList, error)) BookmarkRelationListPage

Creates a new instance of the BookmarkRelationListPage type.

func (*BookmarkRelationListPage) Next

func (page *BookmarkRelationListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkRelationListPage) NextWithContext

func (page *BookmarkRelationListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (BookmarkRelationListPage) NotDone

func (page BookmarkRelationListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (BookmarkRelationListPage) Response

Response returns the raw server response from the last page request.

func (BookmarkRelationListPage) Values

Values returns the slice of values for the current page or nil if there are no values.

type BookmarkRelationProperties

type BookmarkRelationProperties struct {
	// RelationName - Name of relation
	RelationName *string `json:"relationName,omitempty"`
	// BookmarkID - The case related bookmark id
	BookmarkID *string `json:"bookmarkId,omitempty"`
	// CaseIdentifier - The case identifier
	CaseIdentifier *string `json:"caseIdentifier,omitempty"`
	// CaseTitle - The case title
	CaseTitle *string `json:"caseTitle,omitempty"`
	// CaseSeverity - The case severity
	CaseSeverity *string `json:"caseSeverity,omitempty"`
}

BookmarkRelationProperties bookmark relation properties

type BookmarkRelationsClient

type BookmarkRelationsClient struct {
	BaseClient
}

BookmarkRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarkRelationsClient

func NewBookmarkRelationsClient(subscriptionID string) BookmarkRelationsClient

NewBookmarkRelationsClient creates an instance of the BookmarkRelationsClient client.

func NewBookmarkRelationsClientWithBaseURI

func NewBookmarkRelationsClientWithBaseURI(baseURI string, subscriptionID string) BookmarkRelationsClient

NewBookmarkRelationsClientWithBaseURI creates an instance of the BookmarkRelationsClient client.

func (BookmarkRelationsClient) CreateOrUpdateRelation

func (client BookmarkRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relationInputModel RelationsModelInput) (result BookmarkRelation, err error)

CreateOrUpdateRelation creates the bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name relationInputModel - the relation input model

func (BookmarkRelationsClient) CreateOrUpdateRelationPreparer

func (client BookmarkRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relationInputModel RelationsModelInput) (*http.Request, error)

CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.

func (BookmarkRelationsClient) CreateOrUpdateRelationResponder

func (client BookmarkRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result BookmarkRelation, err error)

CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) CreateOrUpdateRelationSender

func (client BookmarkRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)

CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) DeleteRelation

func (client BookmarkRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result autorest.Response, err error)

DeleteRelation delete the bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name

func (BookmarkRelationsClient) DeleteRelationPreparer

func (client BookmarkRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)

DeleteRelationPreparer prepares the DeleteRelation request.

func (BookmarkRelationsClient) DeleteRelationResponder

func (client BookmarkRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)

DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) DeleteRelationSender

func (client BookmarkRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)

DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) GetRelation

func (client BookmarkRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result BookmarkRelation, err error)

GetRelation gets a bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name

func (BookmarkRelationsClient) GetRelationPreparer

func (client BookmarkRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (BookmarkRelationsClient) GetRelationResponder

func (client BookmarkRelationsClient) GetRelationResponder(resp *http.Response) (result BookmarkRelation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) GetRelationSender

func (client BookmarkRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) List

func (client BookmarkRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result BookmarkRelationListPage, err error)

List gets all bookmark relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (BookmarkRelationsClient) ListComplete

func (client BookmarkRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result BookmarkRelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (BookmarkRelationsClient) ListPreparer

func (client BookmarkRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (BookmarkRelationsClient) ListResponder

func (client BookmarkRelationsClient) ListResponder(resp *http.Response) (result BookmarkRelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) ListSender

func (client BookmarkRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type BookmarksClient

type BookmarksClient struct {
	BaseClient
}

BookmarksClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarksClient

func NewBookmarksClient(subscriptionID string) BookmarksClient

NewBookmarksClient creates an instance of the BookmarksClient client.

func NewBookmarksClientWithBaseURI

func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient

NewBookmarksClientWithBaseURI creates an instance of the BookmarksClient client.

func (BookmarksClient) CreateOrUpdate

func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (result Bookmark, err error)

CreateOrUpdate creates or updates the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID bookmark - the bookmark

func (BookmarksClient) CreateOrUpdatePreparer

func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (BookmarksClient) CreateOrUpdateResponder

func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (BookmarksClient) CreateOrUpdateSender

func (client BookmarksClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Delete

func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result autorest.Response, err error)

Delete delete the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) DeletePreparer

func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (BookmarksClient) DeleteResponder

func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (BookmarksClient) DeleteSender

func (client BookmarksClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Get

func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result Bookmark, err error)

Get gets a bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) GetPreparer

func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (BookmarksClient) GetResponder

func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (BookmarksClient) GetSender

func (client BookmarksClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) List

func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListPage, err error)

List gets all bookmarks. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (BookmarksClient) ListComplete

func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (BookmarksClient) ListPreparer

func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (BookmarksClient) ListResponder

func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (BookmarksClient) ListSender

func (client BookmarksClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type Case

type Case struct {
	autorest.Response `json:"-"`
	// CaseProperties - Case properties
	*CaseProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Case represents a case in Azure Security Insights.

func (Case) MarshalJSON

func (c Case) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Case.

func (*Case) UnmarshalJSON

func (c *Case) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Case struct.

type CaseComment

type CaseComment struct {
	autorest.Response `json:"-"`
	// CaseCommentProperties - Case comment properties
	*CaseCommentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

CaseComment represents a case comment

func (CaseComment) MarshalJSON

func (cc CaseComment) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseComment.

func (*CaseComment) UnmarshalJSON

func (cc *CaseComment) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CaseComment struct.

type CaseCommentList

type CaseCommentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of comments.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of comments.
	Value *[]CaseComment `json:"value,omitempty"`
}

CaseCommentList list of case comments.

func (CaseCommentList) IsEmpty

func (ccl CaseCommentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type CaseCommentListIterator

type CaseCommentListIterator struct {
	// contains filtered or unexported fields
}

CaseCommentListIterator provides access to a complete listing of CaseComment values.

func NewCaseCommentListIterator

func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator

Creates a new instance of the CaseCommentListIterator type.

func (*CaseCommentListIterator) Next

func (iter *CaseCommentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseCommentListIterator) NextWithContext

func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseCommentListIterator) NotDone

func (iter CaseCommentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseCommentListIterator) Response

func (iter CaseCommentListIterator) Response() CaseCommentList

Response returns the raw server response from the last page request.

func (CaseCommentListIterator) Value

func (iter CaseCommentListIterator) Value() CaseComment

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseCommentListPage

type CaseCommentListPage struct {
	// contains filtered or unexported fields
}

CaseCommentListPage contains a page of CaseComment values.

func NewCaseCommentListPage

func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage

Creates a new instance of the CaseCommentListPage type.

func (*CaseCommentListPage) Next

func (page *CaseCommentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseCommentListPage) NextWithContext

func (page *CaseCommentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseCommentListPage) NotDone

func (page CaseCommentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseCommentListPage) Response

func (page CaseCommentListPage) Response() CaseCommentList

Response returns the raw server response from the last page request.

func (CaseCommentListPage) Values

func (page CaseCommentListPage) Values() []CaseComment

Values returns the slice of values for the current page or nil if there are no values.

type CaseCommentProperties

type CaseCommentProperties struct {
	// CreatedTimeUtc - READ-ONLY; The time the comment was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Message - The comment message
	Message *string `json:"message,omitempty"`
	// UserInfo - READ-ONLY; Describes the user that created the comment
	UserInfo *UserInfo `json:"userInfo,omitempty"`
}

CaseCommentProperties case comment property bag.

type CaseCommentsClient

type CaseCommentsClient struct {
	BaseClient
}

CaseCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCaseCommentsClient

func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient

NewCaseCommentsClient creates an instance of the CaseCommentsClient client.

func NewCaseCommentsClientWithBaseURI

func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient

NewCaseCommentsClientWithBaseURI creates an instance of the CaseCommentsClient client.

func (CaseCommentsClient) CreateComment

func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (result CaseComment, err error)

CreateComment creates the case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID caseComment - the case comment

func (CaseCommentsClient) CreateCommentPreparer

func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (*http.Request, error)

CreateCommentPreparer prepares the CreateComment request.

func (CaseCommentsClient) CreateCommentResponder

func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error)

CreateCommentResponder handles the response to the CreateComment request. The method always closes the http.Response Body.

func (CaseCommentsClient) CreateCommentSender

func (client CaseCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error)

CreateCommentSender sends the CreateComment request. The method will close the http.Response Body if it receives an error.

type CaseList

type CaseList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of cases.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of cases.
	Value *[]Case `json:"value,omitempty"`
}

CaseList list all the cases.

func (CaseList) IsEmpty

func (cl CaseList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type CaseListIterator

type CaseListIterator struct {
	// contains filtered or unexported fields
}

CaseListIterator provides access to a complete listing of Case values.

func NewCaseListIterator

func NewCaseListIterator(page CaseListPage) CaseListIterator

Creates a new instance of the CaseListIterator type.

func (*CaseListIterator) Next

func (iter *CaseListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseListIterator) NextWithContext

func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseListIterator) NotDone

func (iter CaseListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseListIterator) Response

func (iter CaseListIterator) Response() CaseList

Response returns the raw server response from the last page request.

func (CaseListIterator) Value

func (iter CaseListIterator) Value() Case

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseListPage

type CaseListPage struct {
	// contains filtered or unexported fields
}

CaseListPage contains a page of Case values.

func NewCaseListPage

func NewCaseListPage(getNextPage func(context.Context, CaseList) (CaseList, error)) CaseListPage

Creates a new instance of the CaseListPage type.

func (*CaseListPage) Next

func (page *CaseListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseListPage) NextWithContext

func (page *CaseListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseListPage) NotDone

func (page CaseListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseListPage) Response

func (page CaseListPage) Response() CaseList

Response returns the raw server response from the last page request.

func (CaseListPage) Values

func (page CaseListPage) Values() []Case

Values returns the slice of values for the current page or nil if there are no values.

type CaseProperties

type CaseProperties struct {
	// CaseNumber - READ-ONLY; a sequential number
	CaseNumber *int32 `json:"caseNumber,omitempty"`
	// CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other'
	CloseReason CloseReason `json:"closeReason,omitempty"`
	// ClosedReasonText - the case close reason details
	ClosedReasonText *string `json:"closedReasonText,omitempty"`
	// CreatedTimeUtc - READ-ONLY; The time the case was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Description - The description of the case
	Description *string `json:"description,omitempty"`
	// EndTimeUtc - The end time of the case
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// Labels - List of labels relevant to this case
	Labels *[]string `json:"labels,omitempty"`
	// LastComment - READ-ONLY; the last comment in the case
	LastComment *string `json:"lastComment,omitempty"`
	// LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated
	LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"`
	// Owner - Describes a user that the case is assigned to
	Owner *UserInfo `json:"owner,omitempty"`
	// RelatedAlertIds - READ-ONLY; List of related alert identifiers
	RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"`
	// Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational'
	Severity CaseSeverity `json:"severity,omitempty"`
	// StartTimeUtc - The start time of the case
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed'
	Status CaseStatus `json:"status,omitempty"`
	// Title - The title of the case
	Title *string `json:"title,omitempty"`
	// TotalComments - READ-ONLY; the number of total comments in the case
	TotalComments *int32 `json:"totalComments,omitempty"`
}

CaseProperties describes case properties

type CaseRelation

type CaseRelation struct {
	autorest.Response `json:"-"`
	// CaseRelationProperties - Case relation properties
	*CaseRelationProperties `json:"properties,omitempty"`
	// Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks'
	Kind RelationTypes `json:"kind,omitempty"`
	// Etag - ETag for relation
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

CaseRelation represents a case relation

func (CaseRelation) MarshalJSON

func (cr CaseRelation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseRelation.

func (*CaseRelation) UnmarshalJSON

func (cr *CaseRelation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CaseRelation struct.

type CaseRelationList

type CaseRelationList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of relations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of relations.
	Value *[]CaseRelation `json:"value,omitempty"`
}

CaseRelationList list of case relations.

func (CaseRelationList) IsEmpty

func (crl CaseRelationList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type CaseRelationListIterator

type CaseRelationListIterator struct {
	// contains filtered or unexported fields
}

CaseRelationListIterator provides access to a complete listing of CaseRelation values.

func NewCaseRelationListIterator

func NewCaseRelationListIterator(page CaseRelationListPage) CaseRelationListIterator

Creates a new instance of the CaseRelationListIterator type.

func (*CaseRelationListIterator) Next

func (iter *CaseRelationListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseRelationListIterator) NextWithContext

func (iter *CaseRelationListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseRelationListIterator) NotDone

func (iter CaseRelationListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseRelationListIterator) Response

Response returns the raw server response from the last page request.

func (CaseRelationListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseRelationListPage

type CaseRelationListPage struct {
	// contains filtered or unexported fields
}

CaseRelationListPage contains a page of CaseRelation values.

func NewCaseRelationListPage

func NewCaseRelationListPage(getNextPage func(context.Context, CaseRelationList) (CaseRelationList, error)) CaseRelationListPage

Creates a new instance of the CaseRelationListPage type.

func (*CaseRelationListPage) Next

func (page *CaseRelationListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseRelationListPage) NextWithContext

func (page *CaseRelationListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseRelationListPage) NotDone

func (page CaseRelationListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseRelationListPage) Response

func (page CaseRelationListPage) Response() CaseRelationList

Response returns the raw server response from the last page request.

func (CaseRelationListPage) Values

func (page CaseRelationListPage) Values() []CaseRelation

Values returns the slice of values for the current page or nil if there are no values.

type CaseRelationProperties

type CaseRelationProperties struct {
	// RelationName - Name of relation
	RelationName *string `json:"relationName,omitempty"`
	// BookmarkID - The case related bookmark id
	BookmarkID *string `json:"bookmarkId,omitempty"`
	// CaseIdentifier - The case identifier
	CaseIdentifier *string `json:"caseIdentifier,omitempty"`
	// BookmarkName - The case related bookmark name
	BookmarkName *string `json:"bookmarkName,omitempty"`
}

CaseRelationProperties case relation properties

type CaseRelationsClient

type CaseRelationsClient struct {
	BaseClient
}

CaseRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCaseRelationsClient

func NewCaseRelationsClient(subscriptionID string) CaseRelationsClient

NewCaseRelationsClient creates an instance of the CaseRelationsClient client.

func NewCaseRelationsClientWithBaseURI

func NewCaseRelationsClientWithBaseURI(baseURI string, subscriptionID string) CaseRelationsClient

NewCaseRelationsClientWithBaseURI creates an instance of the CaseRelationsClient client.

func (CaseRelationsClient) CreateOrUpdateRelation

func (client CaseRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (result CaseRelation, err error)

CreateOrUpdateRelation creates or updates the case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name relationInputModel - the relation input model

func (CaseRelationsClient) CreateOrUpdateRelationPreparer

func (client CaseRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (*http.Request, error)

CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.

func (CaseRelationsClient) CreateOrUpdateRelationResponder

func (client CaseRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result CaseRelation, err error)

CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.

func (CaseRelationsClient) CreateOrUpdateRelationSender

func (client CaseRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)

CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.

func (CaseRelationsClient) DeleteRelation

func (client CaseRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result autorest.Response, err error)

DeleteRelation delete the case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name

func (CaseRelationsClient) DeleteRelationPreparer

func (client CaseRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error)

DeleteRelationPreparer prepares the DeleteRelation request.

func (CaseRelationsClient) DeleteRelationResponder

func (client CaseRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)

DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.

func (CaseRelationsClient) DeleteRelationSender

func (client CaseRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)

DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.

func (CaseRelationsClient) GetRelation

func (client CaseRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result CaseRelation, err error)

GetRelation gets a case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name

func (CaseRelationsClient) GetRelationPreparer

func (client CaseRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (CaseRelationsClient) GetRelationResponder

func (client CaseRelationsClient) GetRelationResponder(resp *http.Response) (result CaseRelation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (CaseRelationsClient) GetRelationSender

func (client CaseRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

func (CaseRelationsClient) List

func (client CaseRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListPage, err error)

List gets all case relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CaseRelationsClient) ListComplete

func (client CaseRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (CaseRelationsClient) ListPreparer

func (client CaseRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (CaseRelationsClient) ListResponder

func (client CaseRelationsClient) ListResponder(resp *http.Response) (result CaseRelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (CaseRelationsClient) ListSender

func (client CaseRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type CaseSeverity

type CaseSeverity string

CaseSeverity enumerates the values for case severity.

const (
	// CaseSeverityCritical Critical severity
	CaseSeverityCritical CaseSeverity = "Critical"
	// CaseSeverityHigh High severity
	CaseSeverityHigh CaseSeverity = "High"
	// CaseSeverityInformational Informational severity
	CaseSeverityInformational CaseSeverity = "Informational"
	// CaseSeverityLow Low severity
	CaseSeverityLow CaseSeverity = "Low"
	// CaseSeverityMedium Medium severity
	CaseSeverityMedium CaseSeverity = "Medium"
)

func PossibleCaseSeverityValues

func PossibleCaseSeverityValues() []CaseSeverity

PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type.

type CaseStatus

type CaseStatus string

CaseStatus enumerates the values for case status.

const (
	// CaseStatusClosed A non active case
	CaseStatusClosed CaseStatus = "Closed"
	// CaseStatusDraft Case that wasn't promoted yet to active
	CaseStatusDraft CaseStatus = "Draft"
	// CaseStatusInProgress An active case which is handled
	CaseStatusInProgress CaseStatus = "InProgress"
	// CaseStatusNew An active case which isn't handled currently
	CaseStatusNew CaseStatus = "New"
)

func PossibleCaseStatusValues

func PossibleCaseStatusValues() []CaseStatus

PossibleCaseStatusValues returns an array of possible values for the CaseStatus const type.

type CasesAggregation

type CasesAggregation struct {
	// CasesAggregationProperties - Properties of aggregations results of cases.
	*CasesAggregationProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation'
	Kind Kind `json:"kind,omitempty"`
}

CasesAggregation represents aggregations results for cases.

func (CasesAggregation) AsAggregations

func (ca CasesAggregation) AsAggregations() (*Aggregations, bool)

AsAggregations is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) AsBasicAggregations

func (ca CasesAggregation) AsBasicAggregations() (BasicAggregations, bool)

AsBasicAggregations is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) AsCasesAggregation

func (ca CasesAggregation) AsCasesAggregation() (*CasesAggregation, bool)

AsCasesAggregation is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) MarshalJSON

func (ca CasesAggregation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CasesAggregation.

func (*CasesAggregation) UnmarshalJSON

func (ca *CasesAggregation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CasesAggregation struct.

type CasesAggregationBySeverityProperties

type CasesAggregationBySeverityProperties struct {
	// TotalCriticalSeverity - READ-ONLY; Total amount of open cases with severity Critical
	TotalCriticalSeverity *int32 `json:"totalCriticalSeverity,omitempty"`
	// TotalHighSeverity - READ-ONLY; Total amount of open cases with severity High
	TotalHighSeverity *int32 `json:"totalHighSeverity,omitempty"`
	// TotalInformationalSeverity - READ-ONLY; Total amount of open cases with severity Informational
	TotalInformationalSeverity *int32 `json:"totalInformationalSeverity,omitempty"`
	// TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low
	TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"`
	// TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium
	TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"`
}

CasesAggregationBySeverityProperties aggregative results of cases by severity property bag.

type CasesAggregationByStatusProperties

type CasesAggregationByStatusProperties struct {
	// TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed
	TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"`
	// TotalInProgressStatus - READ-ONLY; Total amount of open cases with status InProgress
	TotalInProgressStatus *int32 `json:"totalInProgressStatus,omitempty"`
	// TotalNewStatus - READ-ONLY; Total amount of open cases with status New
	TotalNewStatus *int32 `json:"totalNewStatus,omitempty"`
	// TotalResolvedStatus - READ-ONLY; Total amount of open cases with status Resolved
	TotalResolvedStatus *int32 `json:"totalResolvedStatus,omitempty"`
}

CasesAggregationByStatusProperties aggregative results of cases by status property bag.

type CasesAggregationProperties

type CasesAggregationProperties struct {
	// AggregationBySeverity - Aggregations results by case severity.
	AggregationBySeverity *CasesAggregationBySeverityProperties `json:"aggregationBySeverity,omitempty"`
	// AggregationByStatus - Aggregations results by case status.
	AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"`
}

CasesAggregationProperties aggregative results of cases property bag.

type CasesAggregationsClient

type CasesAggregationsClient struct {
	BaseClient
}

CasesAggregationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCasesAggregationsClient

func NewCasesAggregationsClient(subscriptionID string) CasesAggregationsClient

NewCasesAggregationsClient creates an instance of the CasesAggregationsClient client.

func NewCasesAggregationsClientWithBaseURI

func NewCasesAggregationsClientWithBaseURI(baseURI string, subscriptionID string) CasesAggregationsClient

NewCasesAggregationsClientWithBaseURI creates an instance of the CasesAggregationsClient client.

func (CasesAggregationsClient) Get

func (client CasesAggregationsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (result AggregationsModel, err error)

Get get aggregative result for the given resources under the defined workspace Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. aggregationsName - the aggregation name. Supports - Cases

func (CasesAggregationsClient) GetPreparer

func (client CasesAggregationsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (CasesAggregationsClient) GetResponder

func (client CasesAggregationsClient) GetResponder(resp *http.Response) (result AggregationsModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (CasesAggregationsClient) GetSender

func (client CasesAggregationsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

type CasesClient

type CasesClient struct {
	BaseClient
}

CasesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCasesClient

func NewCasesClient(subscriptionID string) CasesClient

NewCasesClient creates an instance of the CasesClient client.

func NewCasesClientWithBaseURI

func NewCasesClientWithBaseURI(baseURI string, subscriptionID string) CasesClient

NewCasesClientWithBaseURI creates an instance of the CasesClient client.

func (CasesClient) CreateOrUpdate

func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (result Case, err error)

CreateOrUpdate creates or updates the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseParameter - the case

func (CasesClient) CreateOrUpdatePreparer

func (client CasesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (CasesClient) CreateOrUpdateResponder

func (client CasesClient) CreateOrUpdateResponder(resp *http.Response) (result Case, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (CasesClient) CreateOrUpdateSender

func (client CasesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (CasesClient) Delete

func (client CasesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result autorest.Response, err error)

Delete delete the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID

func (CasesClient) DeletePreparer

func (client CasesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (CasesClient) DeleteResponder

func (client CasesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (CasesClient) DeleteSender

func (client CasesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (CasesClient) Get

func (client CasesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result Case, err error)

Get gets a case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID

func (CasesClient) GetComment

func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result CaseComment, err error)

GetComment gets a case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID

func (CasesClient) GetCommentPreparer

func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (*http.Request, error)

GetCommentPreparer prepares the GetComment request.

func (CasesClient) GetCommentResponder

func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error)

GetCommentResponder handles the response to the GetComment request. The method always closes the http.Response Body.

func (CasesClient) GetCommentSender

func (client CasesClient) GetCommentSender(req *http.Request) (*http.Response, error)

GetCommentSender sends the GetComment request. The method will close the http.Response Body if it receives an error.

func (CasesClient) GetPreparer

func (client CasesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (CasesClient) GetResponder

func (client CasesClient) GetResponder(resp *http.Response) (result Case, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (CasesClient) GetSender

func (client CasesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (CasesClient) List

func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListPage, err error)

List gets all cases. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CasesClient) ListComplete

func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (CasesClient) ListPreparer

func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (CasesClient) ListResponder

func (client CasesClient) ListResponder(resp *http.Response) (result CaseList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (CasesClient) ListSender

func (client CasesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type CloseReason

type CloseReason string

CloseReason enumerates the values for close reason.

const (
	// Dismissed Case was dismissed
	Dismissed CloseReason = "Dismissed"
	// FalsePositive Case was false positive
	FalsePositive CloseReason = "FalsePositive"
	// Other Case was closed for another reason
	Other CloseReason = "Other"
	// Resolved Case was resolved
	Resolved CloseReason = "Resolved"
	// TruePositive Case was true positive
	TruePositive CloseReason = "TruePositive"
)

func PossibleCloseReasonValues

func PossibleCloseReasonValues() []CloseReason

PossibleCloseReasonValues returns an array of possible values for the CloseReason const type.

type CloudApplicationEntity

type CloudApplicationEntity struct {
	// CloudApplicationEntityProperties - CloudApplication entity properties
	*CloudApplicationEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

CloudApplicationEntity represents a cloud application entity.

func (CloudApplicationEntity) AsAccountEntity

func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsAzureResourceEntity

func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsBasicEntity

func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsCloudApplicationEntity

func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsDNSEntity

func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsEntity

func (cae CloudApplicationEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsFileEntity

func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsFileHashEntity

func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsHostEntity

func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsIPEntity

func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsMalwareEntity

func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsProcessEntity

func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsRegistryKeyEntity

func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsRegistryValueEntity

func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSecurityAlert

func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSecurityGroupEntity

func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsURLEntity

func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) MarshalJSON

func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudApplicationEntity.

func (*CloudApplicationEntity) UnmarshalJSON

func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct.

type CloudApplicationEntityProperties

type CloudApplicationEntityProperties struct {
	// AppID - READ-ONLY; The technical identifier of the application.
	AppID *int32 `json:"appId,omitempty"`
	// AppName - READ-ONLY; The name of the related cloud application.
	AppName *string `json:"appName,omitempty"`
	// InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.
	InstanceName *string `json:"instanceName,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

CloudApplicationEntityProperties cloudApplication entity property bag.

func (CloudApplicationEntityProperties) MarshalJSON

func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudApplicationEntityProperties.

type CloudError

type CloudError struct {
	// CloudErrorBody - Error data
	*CloudErrorBody `json:"error,omitempty"`
}

CloudError error response structure.

func (CloudError) MarshalJSON

func (ce CloudError) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudError.

func (*CloudError) UnmarshalJSON

func (ce *CloudError) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CloudError struct.

type CloudErrorBody

type CloudErrorBody struct {
	// Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
	Code *string `json:"code,omitempty"`
	// Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface.
	Message *string `json:"message,omitempty"`
}

CloudErrorBody error details.

type CommentsClient

type CommentsClient struct {
	BaseClient
}

CommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCommentsClient

func NewCommentsClient(subscriptionID string) CommentsClient

NewCommentsClient creates an instance of the CommentsClient client.

func NewCommentsClientWithBaseURI

func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient

NewCommentsClientWithBaseURI creates an instance of the CommentsClient client.

func (CommentsClient) ListByCase

func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListPage, err error)

ListByCase gets all case comments. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CommentsClient) ListByCaseComplete

func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListIterator, err error)

ListByCaseComplete enumerates all values, automatically crossing page boundaries as required.

func (CommentsClient) ListByCasePreparer

func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListByCasePreparer prepares the ListByCase request.

func (CommentsClient) ListByCaseResponder

func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error)

ListByCaseResponder handles the response to the ListByCase request. The method always closes the http.Response Body.

func (CommentsClient) ListByCaseSender

func (client CommentsClient) ListByCaseSender(req *http.Request) (*http.Response, error)

ListByCaseSender sends the ListByCase request. The method will close the http.Response Body if it receives an error.

type ConfidenceLevel

type ConfidenceLevel string

ConfidenceLevel enumerates the values for confidence level.

const (
	// ConfidenceLevelHigh High confidence that the alert is true positive malicious
	ConfidenceLevelHigh ConfidenceLevel = "High"
	// ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an
	// attack
	ConfidenceLevelLow ConfidenceLevel = "Low"
	// ConfidenceLevelUnknown Unknown confidence, the is the default value
	ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)

func PossibleConfidenceLevelValues

func PossibleConfidenceLevelValues() []ConfidenceLevel

PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type.

type ConfidenceScoreStatus

type ConfidenceScoreStatus string

ConfidenceScoreStatus enumerates the values for confidence score status.

const (
	// Final Final score was calculated and available
	Final ConfidenceScoreStatus = "Final"
	// InProcess No score was set yet and calculation is in progress
	InProcess ConfidenceScoreStatus = "InProcess"
	// NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst
	NotApplicable ConfidenceScoreStatus = "NotApplicable"
	// NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time
	// following the processing of additional data
	NotFinal ConfidenceScoreStatus = "NotFinal"
)

func PossibleConfidenceScoreStatusValues

func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus

PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type.

type DNSEntity

type DNSEntity struct {
	// DNSEntityProperties - Dns entity properties
	*DNSEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

DNSEntity represents a dns entity.

func (DNSEntity) AsAccountEntity

func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsAzureResourceEntity

func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsBasicEntity

func (de DNSEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsCloudApplicationEntity

func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsDNSEntity

func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsEntity

func (de DNSEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsFileEntity

func (de DNSEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsFileHashEntity

func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsHostEntity

func (de DNSEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsIPEntity

func (de DNSEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsMalwareEntity

func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsProcessEntity

func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsRegistryKeyEntity

func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsRegistryValueEntity

func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSecurityAlert

func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSecurityGroupEntity

func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsURLEntity

func (de DNSEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) MarshalJSON

func (de DNSEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DNSEntity.

func (*DNSEntity) UnmarshalJSON

func (de *DNSEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DNSEntity struct.

type DNSEntityProperties

type DNSEntityProperties struct {
	// DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request
	DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"`
	// DomainName - READ-ONLY; The name of the dns record associated with the alert
	DomainName *string `json:"domainName,omitempty"`
	// HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client
	HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"`
	// IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address.
	IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

DNSEntityProperties dns entity property bag.

func (DNSEntityProperties) MarshalJSON

func (dep DNSEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DNSEntityProperties.

type DataConnector

type DataConnector struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

DataConnector data connector.

func (DataConnector) AsAADDataConnector

func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAATPDataConnector

func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsASCDataConnector

func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAwsCloudTrailDataConnector

func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsBasicDataConnector

func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsDataConnector

func (dc DataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMCASDataConnector

func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMDATPDataConnector

func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsOfficeDataConnector

func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsTIDataConnector

func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) MarshalJSON

func (dc DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnector.

type DataConnectorDataTypeCommon

type DataConnectorDataTypeCommon struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

DataConnectorDataTypeCommon common field for data type in data connectors.

type DataConnectorKind

type DataConnectorKind string

DataConnectorKind enumerates the values for data connector kind.

const (
	// DataConnectorKindAmazonWebServicesCloudTrail ...
	DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail"
	// DataConnectorKindAzureActiveDirectory ...
	DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory"
	// DataConnectorKindAzureAdvancedThreatProtection ...
	DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection"
	// DataConnectorKindAzureSecurityCenter ...
	DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter"
	// DataConnectorKindMicrosoftCloudAppSecurity ...
	DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity"
	// DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ...
	DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
	// DataConnectorKindOffice365 ...
	DataConnectorKindOffice365 DataConnectorKind = "Office365"
	// DataConnectorKindThreatIntelligence ...
	DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence"
)

func PossibleDataConnectorKindValues

func PossibleDataConnectorKindValues() []DataConnectorKind

PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.

type DataConnectorKind1

type DataConnectorKind1 struct {
	// Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindOffice365', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection'
	Kind DataConnectorKind `json:"kind,omitempty"`
}

DataConnectorKind1 describes an Azure resource with kind.

type DataConnectorList

type DataConnectorList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of data connectors.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of data connectors.
	Value *[]BasicDataConnector `json:"value,omitempty"`
}

DataConnectorList list all the data connectors.

func (DataConnectorList) IsEmpty

func (dcl DataConnectorList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (*DataConnectorList) UnmarshalJSON

func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorList struct.

type DataConnectorListIterator

type DataConnectorListIterator struct {
	// contains filtered or unexported fields
}

DataConnectorListIterator provides access to a complete listing of DataConnector values.

func NewDataConnectorListIterator

func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator

Creates a new instance of the DataConnectorListIterator type.

func (*DataConnectorListIterator) Next

func (iter *DataConnectorListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListIterator) NextWithContext

func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (DataConnectorListIterator) NotDone

func (iter DataConnectorListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (DataConnectorListIterator) Response

Response returns the raw server response from the last page request.

func (DataConnectorListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type DataConnectorListPage

type DataConnectorListPage struct {
	// contains filtered or unexported fields
}

DataConnectorListPage contains a page of BasicDataConnector values.

func NewDataConnectorListPage

func NewDataConnectorListPage(getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage

Creates a new instance of the DataConnectorListPage type.

func (*DataConnectorListPage) Next

func (page *DataConnectorListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListPage) NextWithContext

func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (DataConnectorListPage) NotDone

func (page DataConnectorListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (DataConnectorListPage) Response

func (page DataConnectorListPage) Response() DataConnectorList

Response returns the raw server response from the last page request.

func (DataConnectorListPage) Values

func (page DataConnectorListPage) Values() []BasicDataConnector

Values returns the slice of values for the current page or nil if there are no values.

type DataConnectorModel

type DataConnectorModel struct {
	autorest.Response `json:"-"`
	Value             BasicDataConnector `json:"value,omitempty"`
}

DataConnectorModel ...

func (*DataConnectorModel) UnmarshalJSON

func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorModel struct.

type DataConnectorStatus

type DataConnectorStatus struct {
	// ConnectorID - the connector id
	ConnectorID *string `json:"connectorId,omitempty"`
	// DataTypes - The data types availability map
	DataTypes map[string]*DataTypeStatus `json:"dataTypes"`
}

DataConnectorStatus alert rule template data connector status

func (DataConnectorStatus) MarshalJSON

func (dcs DataConnectorStatus) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnectorStatus.

type DataConnectorTenantID

type DataConnectorTenantID struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

DataConnectorTenantID properties data connector on tenant level.

type DataConnectorWithAlertsProperties

type DataConnectorWithAlertsProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

DataConnectorWithAlertsProperties data connector properties.

type DataConnectorsClient

type DataConnectorsClient struct {
	BaseClient
}

DataConnectorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewDataConnectorsClient

func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient

NewDataConnectorsClient creates an instance of the DataConnectorsClient client.

func NewDataConnectorsClientWithBaseURI

func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient

NewDataConnectorsClientWithBaseURI creates an instance of the DataConnectorsClient client.

func (DataConnectorsClient) CreateOrUpdate

func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (result DataConnectorModel, err error)

CreateOrUpdate creates or updates the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID dataConnector - the data connector

func (DataConnectorsClient) CreateOrUpdatePreparer

func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (DataConnectorsClient) CreateOrUpdateResponder

func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (DataConnectorsClient) CreateOrUpdateSender

func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Delete

func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result autorest.Response, err error)

Delete delete the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) DeletePreparer

func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (DataConnectorsClient) DeleteResponder

func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (DataConnectorsClient) DeleteSender

func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Get

func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result DataConnectorModel, err error)

Get gets a data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) GetPreparer

func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (DataConnectorsClient) GetResponder

func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (DataConnectorsClient) GetSender

func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) List

func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListPage, err error)

List gets all data connectors. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (DataConnectorsClient) ListComplete

func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (DataConnectorsClient) ListPreparer

func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (DataConnectorsClient) ListResponder

func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (DataConnectorsClient) ListSender

func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type DataTypeState

type DataTypeState string

DataTypeState enumerates the values for data type state.

const (
	// Disabled ...
	Disabled DataTypeState = "Disabled"
	// Enabled ...
	Enabled DataTypeState = "Enabled"
)

func PossibleDataTypeStateValues

func PossibleDataTypeStateValues() []DataTypeState

PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type.

type DataTypeStatus

type DataTypeStatus string

DataTypeStatus enumerates the values for data type status.

const (
	// Exist ...
	Exist DataTypeStatus = "Exist"
	// NotExist ...
	NotExist DataTypeStatus = "NotExist"
)

func PossibleDataTypeStatusValues

func PossibleDataTypeStatusValues() []DataTypeStatus

PossibleDataTypeStatusValues returns an array of possible values for the DataTypeStatus const type.

type ElevationToken

type ElevationToken string

ElevationToken enumerates the values for elevation token.

const (
	// Default Default elevation token
	Default ElevationToken = "Default"
	// Full Full elevation token
	Full ElevationToken = "Full"
	// Limited Limited elevation token
	Limited ElevationToken = "Limited"
)

func PossibleElevationTokenValues

func PossibleElevationTokenValues() []ElevationToken

PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type.

type EntitiesClient

type EntitiesClient struct {
	BaseClient
}

EntitiesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesClient

func NewEntitiesClient(subscriptionID string) EntitiesClient

NewEntitiesClient creates an instance of the EntitiesClient client.

func NewEntitiesClientWithBaseURI

func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) EntitiesClient

NewEntitiesClientWithBaseURI creates an instance of the EntitiesClient client.

func (EntitiesClient) Expand

func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error)

Expand expands an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an expand operation on the given entity.

func (EntitiesClient) ExpandPreparer

func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error)

ExpandPreparer prepares the Expand request.

func (EntitiesClient) ExpandResponder

func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error)

ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.

func (EntitiesClient) ExpandSender

func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error)

ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) Get

func (client EntitiesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (result EntityModel, err error)

Get gets an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID

func (EntitiesClient) GetPreparer

func (client EntitiesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntitiesClient) GetResponder

func (client EntitiesClient) GetResponder(resp *http.Response) (result EntityModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntitiesClient) GetSender

func (client EntitiesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) List

func (client EntitiesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListPage, err error)

List gets all entities. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (EntitiesClient) ListComplete

func (client EntitiesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntitiesClient) ListPreparer

func (client EntitiesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesClient) ListResponder

func (client EntitiesClient) ListResponder(resp *http.Response) (result EntityList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesClient) ListSender

func (client EntitiesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type Entity

type Entity struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

Entity specific entity.

func (Entity) AsAccountEntity

func (e Entity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for Entity.

func (Entity) AsAzureResourceEntity

func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for Entity.

func (Entity) AsBasicEntity

func (e Entity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for Entity.

func (Entity) AsCloudApplicationEntity

func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for Entity.

func (Entity) AsDNSEntity

func (e Entity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for Entity.

func (Entity) AsEntity

func (e Entity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for Entity.

func (Entity) AsFileEntity

func (e Entity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for Entity.

func (Entity) AsFileHashEntity

func (e Entity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for Entity.

func (Entity) AsHostEntity

func (e Entity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for Entity.

func (Entity) AsIPEntity

func (e Entity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for Entity.

func (Entity) AsMalwareEntity

func (e Entity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for Entity.

func (Entity) AsProcessEntity

func (e Entity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for Entity.

func (Entity) AsRegistryKeyEntity

func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for Entity.

func (Entity) AsRegistryValueEntity

func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for Entity.

func (Entity) AsSecurityAlert

func (e Entity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for Entity.

func (Entity) AsSecurityGroupEntity

func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for Entity.

func (Entity) AsURLEntity

func (e Entity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for Entity.

func (Entity) MarshalJSON

func (e Entity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Entity.

type EntityCommonProperties

type EntityCommonProperties struct {
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

EntityCommonProperties entity common property bag.

func (EntityCommonProperties) MarshalJSON

func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityCommonProperties.

type EntityExpandParameters

type EntityExpandParameters struct {
	// EndTime - The end date filter, so the only expansion results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// ExpansionID - The Id of the expansion to perform.
	ExpansionID *uuid.UUID `json:"expansionId,omitempty"`
	// StartTime - The start date filter, so the only expansion results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
}

EntityExpandParameters the parameters required to execute an expand operation on the given entity.

type EntityExpandResponse

type EntityExpandResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`
	// Value - The expansion result values.
	Value *EntityExpandResponseValue `json:"value,omitempty"`
}

EntityExpandResponse the entity expansion result operation response.

type EntityExpandResponseValue

type EntityExpandResponseValue struct {
	// Entities - Array of the expansion result entities.
	Entities *[]BasicEntity `json:"entities,omitempty"`
}

EntityExpandResponseValue the expansion result values.

func (*EntityExpandResponseValue) UnmarshalJSON

func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct.

type EntityKind

type EntityKind string

EntityKind enumerates the values for entity kind.

const (
	// EntityKindAccount Entity represents account in the system.
	EntityKindAccount EntityKind = "Account"
	// EntityKindAzureResource Entity represents azure resource in the system.
	EntityKindAzureResource EntityKind = "AzureResource"
	// EntityKindBookmark Entity represents bookmark in the system.
	EntityKindBookmark EntityKind = "Bookmark"
	// EntityKindCloudApplication Entity represents cloud application in the system.
	EntityKindCloudApplication EntityKind = "CloudApplication"
	// EntityKindDNSResolution Entity represents dns resolution in the system.
	EntityKindDNSResolution EntityKind = "DnsResolution"
	// EntityKindFile Entity represents file in the system.
	EntityKindFile EntityKind = "File"
	// EntityKindFileHash Entity represents file hash in the system.
	EntityKindFileHash EntityKind = "FileHash"
	// EntityKindHost Entity represents host in the system.
	EntityKindHost EntityKind = "Host"
	// EntityKindIP Entity represents ip in the system.
	EntityKindIP EntityKind = "Ip"
	// EntityKindMalware Entity represents malware in the system.
	EntityKindMalware EntityKind = "Malware"
	// EntityKindProcess Entity represents process in the system.
	EntityKindProcess EntityKind = "Process"
	// EntityKindRegistryKey Entity represents registry key in the system.
	EntityKindRegistryKey EntityKind = "RegistryKey"
	// EntityKindRegistryValue Entity represents registry value in the system.
	EntityKindRegistryValue EntityKind = "RegistryValue"
	// EntityKindSecurityAlert Entity represents security alert in the system.
	EntityKindSecurityAlert EntityKind = "SecurityAlert"
	// EntityKindSecurityGroup Entity represents security group in the system.
	EntityKindSecurityGroup EntityKind = "SecurityGroup"
	// EntityKindURL Entity represents url in the system.
	EntityKindURL EntityKind = "Url"
)

func PossibleEntityKindValues

func PossibleEntityKindValues() []EntityKind

PossibleEntityKindValues returns an array of possible values for the EntityKind const type.

type EntityKind1

type EntityKind1 struct {
	// Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark'
	Kind EntityKind `json:"kind,omitempty"`
}

EntityKind1 describes an entity with kind.

type EntityList

type EntityList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of entities.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of entities.
	Value *[]BasicEntity `json:"value,omitempty"`
}

EntityList list of all the entities.

func (EntityList) IsEmpty

func (el EntityList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (*EntityList) UnmarshalJSON

func (el *EntityList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityList struct.

type EntityListIterator

type EntityListIterator struct {
	// contains filtered or unexported fields
}

EntityListIterator provides access to a complete listing of Entity values.

func NewEntityListIterator

func NewEntityListIterator(page EntityListPage) EntityListIterator

Creates a new instance of the EntityListIterator type.

func (*EntityListIterator) Next

func (iter *EntityListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityListIterator) NextWithContext

func (iter *EntityListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityListIterator) NotDone

func (iter EntityListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityListIterator) Response

func (iter EntityListIterator) Response() EntityList

Response returns the raw server response from the last page request.

func (EntityListIterator) Value

func (iter EntityListIterator) Value() BasicEntity

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityListPage

type EntityListPage struct {
	// contains filtered or unexported fields
}

EntityListPage contains a page of BasicEntity values.

func NewEntityListPage

func NewEntityListPage(getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage

Creates a new instance of the EntityListPage type.

func (*EntityListPage) Next

func (page *EntityListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityListPage) NextWithContext

func (page *EntityListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityListPage) NotDone

func (page EntityListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityListPage) Response

func (page EntityListPage) Response() EntityList

Response returns the raw server response from the last page request.

func (EntityListPage) Values

func (page EntityListPage) Values() []BasicEntity

Values returns the slice of values for the current page or nil if there are no values.

type EntityModel

type EntityModel struct {
	autorest.Response `json:"-"`
	Value             BasicEntity `json:"value,omitempty"`
}

EntityModel ...

func (*EntityModel) UnmarshalJSON

func (em *EntityModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityModel struct.

type EntityQueriesClient

type EntityQueriesClient struct {
	BaseClient
}

EntityQueriesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntityQueriesClient

func NewEntityQueriesClient(subscriptionID string) EntityQueriesClient

NewEntityQueriesClient creates an instance of the EntityQueriesClient client.

func NewEntityQueriesClientWithBaseURI

func NewEntityQueriesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueriesClient

NewEntityQueriesClientWithBaseURI creates an instance of the EntityQueriesClient client.

func (EntityQueriesClient) Get

func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (result EntityQuery, err error)

Get gets an entity query. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityQueryID - entity query ID

func (EntityQueriesClient) GetPreparer

func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntityQueriesClient) GetResponder

func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQuery, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntityQueriesClient) GetSender

func (client EntityQueriesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntityQueriesClient) List

func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListPage, err error)

List gets all entity queries. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (EntityQueriesClient) ListComplete

func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntityQueriesClient) ListPreparer

func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntityQueriesClient) ListResponder

func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntityQueriesClient) ListSender

func (client EntityQueriesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntityQuery

type EntityQuery struct {
	autorest.Response `json:"-"`
	// EntityQueryProperties - Entity query properties
	*EntityQueryProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

EntityQuery specific entity query.

func (EntityQuery) MarshalJSON

func (eq EntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQuery.

func (*EntityQuery) UnmarshalJSON

func (eq *EntityQuery) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityQuery struct.

type EntityQueryList

type EntityQueryList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of entity queries.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of entity queries.
	Value *[]EntityQuery `json:"value,omitempty"`
}

EntityQueryList list of all the entity queries.

func (EntityQueryList) IsEmpty

func (eql EntityQueryList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type EntityQueryListIterator

type EntityQueryListIterator struct {
	// contains filtered or unexported fields
}

EntityQueryListIterator provides access to a complete listing of EntityQuery values.

func NewEntityQueryListIterator

func NewEntityQueryListIterator(page EntityQueryListPage) EntityQueryListIterator

Creates a new instance of the EntityQueryListIterator type.

func (*EntityQueryListIterator) Next

func (iter *EntityQueryListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryListIterator) NextWithContext

func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityQueryListIterator) NotDone

func (iter EntityQueryListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityQueryListIterator) Response

func (iter EntityQueryListIterator) Response() EntityQueryList

Response returns the raw server response from the last page request.

func (EntityQueryListIterator) Value

func (iter EntityQueryListIterator) Value() EntityQuery

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityQueryListPage

type EntityQueryListPage struct {
	// contains filtered or unexported fields
}

EntityQueryListPage contains a page of EntityQuery values.

func NewEntityQueryListPage

func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage

Creates a new instance of the EntityQueryListPage type.

func (*EntityQueryListPage) Next

func (page *EntityQueryListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryListPage) NextWithContext

func (page *EntityQueryListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityQueryListPage) NotDone

func (page EntityQueryListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityQueryListPage) Response

func (page EntityQueryListPage) Response() EntityQueryList

Response returns the raw server response from the last page request.

func (EntityQueryListPage) Values

func (page EntityQueryListPage) Values() []EntityQuery

Values returns the slice of values for the current page or nil if there are no values.

type EntityQueryProperties

type EntityQueryProperties struct {
	// DataSources - List of the data sources that are required to run the query
	DataSources *[]string `json:"dataSources,omitempty"`
	// DisplayName - The query display name
	DisplayName *string `json:"displayName,omitempty"`
	// InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark'
	InputEntityType EntityType `json:"inputEntityType,omitempty"`
	// InputFields - List of the fields of the source entity that are required to run the query
	InputFields *[]string `json:"inputFields,omitempty"`
	// OutputEntityTypes - List of the desired output types to be constructed from the result
	OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"`
	// QueryTemplate - The template query string to be parsed and formatted
	QueryTemplate *string `json:"queryTemplate,omitempty"`
}

EntityQueryProperties describes entity query properties

type EntityType

type EntityType string

EntityType enumerates the values for entity type.

const (
	// EntityTypeAccount Entity represents account in the system.
	EntityTypeAccount EntityType = "Account"
	// EntityTypeAzureResource Entity represents azure resource in the system.
	EntityTypeAzureResource EntityType = "AzureResource"
	// EntityTypeCloudApplication Entity represents cloud application in the system.
	EntityTypeCloudApplication EntityType = "CloudApplication"
	// EntityTypeDNS Entity represents dns in the system.
	EntityTypeDNS EntityType = "DNS"
	// EntityTypeFile Entity represents file in the system.
	EntityTypeFile EntityType = "File"
	// EntityTypeFileHash Entity represents file hash in the system.
	EntityTypeFileHash EntityType = "FileHash"
	// EntityTypeHost Entity represents host in the system.
	EntityTypeHost EntityType = "Host"
	// EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system.
	EntityTypeHuntingBookmark EntityType = "HuntingBookmark"
	// EntityTypeIP Entity represents ip in the system.
	EntityTypeIP EntityType = "IP"
	// EntityTypeMalware Entity represents malware in the system.
	EntityTypeMalware EntityType = "Malware"
	// EntityTypeProcess Entity represents process in the system.
	EntityTypeProcess EntityType = "Process"
	// EntityTypeRegistryKey Entity represents registry key in the system.
	EntityTypeRegistryKey EntityType = "RegistryKey"
	// EntityTypeRegistryValue Entity represents registry value in the system.
	EntityTypeRegistryValue EntityType = "RegistryValue"
	// EntityTypeSecurityAlert Entity represents security alert in the system.
	EntityTypeSecurityAlert EntityType = "SecurityAlert"
	// EntityTypeSecurityGroup Entity represents security group in the system.
	EntityTypeSecurityGroup EntityType = "SecurityGroup"
	// EntityTypeURL Entity represents url in the system.
	EntityTypeURL EntityType = "URL"
)

func PossibleEntityTypeValues

func PossibleEntityTypeValues() []EntityType

PossibleEntityTypeValues returns an array of possible values for the EntityType const type.

type ExpansionResultAggregation

type ExpansionResultAggregation struct {
	// AggregationType - The common type of the aggregation. (for e.g. entity field name)
	AggregationType *string `json:"aggregationType,omitempty"`
	// Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.
	Count *int32 `json:"count,omitempty"`
	// DisplayName - The display name of the aggregation by type.
	DisplayName *string `json:"displayName,omitempty"`
	// EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindSecurityAlert', 'EntityKindBookmark'
	EntityKind EntityKind `json:"entityKind,omitempty"`
}

ExpansionResultAggregation information of a specific aggregation in the expansion result.

type ExpansionResultsMetadata

type ExpansionResultsMetadata struct {
	// Aggregations - Information of the aggregated nodes in the expansion result.
	Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"`
}

ExpansionResultsMetadata expansion result metadata.

type FileEntity

type FileEntity struct {
	// FileEntityProperties - File entity properties
	*FileEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

FileEntity represents a file entity.

func (FileEntity) AsAccountEntity

func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsAzureResourceEntity

func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsBasicEntity

func (fe FileEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsCloudApplicationEntity

func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsDNSEntity

func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsEntity

func (fe FileEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsFileEntity

func (fe FileEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsFileHashEntity

func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsHostEntity

func (fe FileEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsIPEntity

func (fe FileEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsMalwareEntity

func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsProcessEntity

func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsRegistryKeyEntity

func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsRegistryValueEntity

func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSecurityAlert

func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSecurityGroupEntity

func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsURLEntity

func (fe FileEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) MarshalJSON

func (fe FileEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileEntity.

func (*FileEntity) UnmarshalJSON

func (fe *FileEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FileEntity struct.

type FileEntityProperties

type FileEntityProperties struct {
	// Directory - READ-ONLY; The full path to the file.
	Directory *string `json:"directory,omitempty"`
	// FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file
	FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"`
	// FileName - READ-ONLY; The file name without path (some alerts might not include path).
	FileName *string `json:"fileName,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id which the file belongs to
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

FileEntityProperties file entity property bag.

func (FileEntityProperties) MarshalJSON

func (fep FileEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileEntityProperties.

type FileHashAlgorithm

type FileHashAlgorithm string

FileHashAlgorithm enumerates the values for file hash algorithm.

const (
	// MD5 MD5 hash type
	MD5 FileHashAlgorithm = "MD5"
	// SHA1 SHA1 hash type
	SHA1 FileHashAlgorithm = "SHA1"
	// SHA256 SHA256 hash type
	SHA256 FileHashAlgorithm = "SHA256"
	// SHA256AC SHA256 Authenticode hash type
	SHA256AC FileHashAlgorithm = "SHA256AC"
	// Unknown Unknown hash algorithm
	Unknown FileHashAlgorithm = "Unknown"
)

func PossibleFileHashAlgorithmValues

func PossibleFileHashAlgorithmValues() []FileHashAlgorithm

PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type.

type FileHashEntity

type FileHashEntity struct {
	// FileHashEntityProperties - FileHash entity properties
	*FileHashEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

FileHashEntity represents a file hash entity.

func (FileHashEntity) AsAccountEntity

func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsAzureResourceEntity

func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsBasicEntity

func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsCloudApplicationEntity

func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsDNSEntity

func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsEntity

func (fhe FileHashEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsFileEntity

func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsFileHashEntity

func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsHostEntity

func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsIPEntity

func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsMalwareEntity

func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsProcessEntity

func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsRegistryKeyEntity

func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsRegistryValueEntity

func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsSecurityAlert

func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsSecurityGroupEntity

func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsURLEntity

func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) MarshalJSON

func (fhe FileHashEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileHashEntity.

func (*FileHashEntity) UnmarshalJSON

func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FileHashEntity struct.

type FileHashEntityProperties

type FileHashEntityProperties struct {
	// Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC'
	Algorithm FileHashAlgorithm `json:"algorithm,omitempty"`
	// HashValue - READ-ONLY; The file hash value.
	HashValue *string `json:"hashValue,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

FileHashEntityProperties fileHash entity property bag.

func (FileHashEntityProperties) MarshalJSON

func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileHashEntityProperties.

type FusionAlertRule

type FusionAlertRule struct {
	// FusionAlertRuleProperties - Fusion alert rule properties
	*FusionAlertRuleProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

FusionAlertRule represents Fusion alert rule.

func (FusionAlertRule) AsAlertRule

func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsBasicAlertRule

func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsFusionAlertRule

func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule

func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsScheduledAlertRule

func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) MarshalJSON

func (far FusionAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRule.

func (*FusionAlertRule) UnmarshalJSON

func (far *FusionAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FusionAlertRule struct.

type FusionAlertRuleProperties

type FusionAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - READ-ONLY; The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

FusionAlertRuleProperties fusion alert rule base property bag.

type FusionAlertRuleTemplate

type FusionAlertRuleTemplate struct {
	// FusionAlertRuleTemplateProperties - Fusion alert rule template properties
	*FusionAlertRuleTemplateProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

FusionAlertRuleTemplate represents Fusion alert rule template.

func (FusionAlertRuleTemplate) AsAlertRuleTemplate

func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsBasicAlertRuleTemplate

func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsFusionAlertRuleTemplate

func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate

func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate

func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) MarshalJSON

func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleTemplate.

func (*FusionAlertRuleTemplate) UnmarshalJSON

func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct.

type FusionAlertRuleTemplateProperties

type FusionAlertRuleTemplateProperties struct {
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data connectors for this template
	RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

FusionAlertRuleTemplateProperties fusion alert rule template properties

type GeoLocation

type GeoLocation struct {
	// Asn - READ-ONLY; Autonomous System Number
	Asn *int32 `json:"asn,omitempty"`
	// City - READ-ONLY; City name
	City *string `json:"city,omitempty"`
	// CountryCode - READ-ONLY; The country code according to ISO 3166 format
	CountryCode *string `json:"countryCode,omitempty"`
	// CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name
	CountryName *string `json:"countryName,omitempty"`
	// Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.
	Latitude *float64 `json:"latitude,omitempty"`
	// Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.
	Longitude *float64 `json:"longitude,omitempty"`
	// State - READ-ONLY; State name
	State *string `json:"state,omitempty"`
}

GeoLocation the geo-location context attached to the ip entity

type HostEntity

type HostEntity struct {
	// HostEntityProperties - Host entity properties
	*HostEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

HostEntity represents a host entity.

func (HostEntity) AsAccountEntity

func (he HostEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsAzureResourceEntity

func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsBasicEntity

func (he HostEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsCloudApplicationEntity

func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsDNSEntity

func (he HostEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsEntity

func (he HostEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsFileEntity

func (he HostEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsFileHashEntity

func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsHostEntity

func (he HostEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsIPEntity

func (he HostEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsMalwareEntity

func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsProcessEntity

func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsRegistryKeyEntity

func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsRegistryValueEntity

func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsSecurityAlert

func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for HostEntity.

func (HostEntity) AsSecurityGroupEntity

func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsURLEntity

func (he HostEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) MarshalJSON

func (he HostEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HostEntity.

func (*HostEntity) UnmarshalJSON

func (he *HostEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for HostEntity struct.

type HostEntityProperties

type HostEntityProperties struct {
	// AzureID - READ-ONLY; The azure resource id of the VM.
	AzureID *string `json:"azureID,omitempty"`
	// DNSDomain - READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain
	DNSDomain *string `json:"dnsDomain,omitempty"`
	// HostName - READ-ONLY; The hostname without the domain suffix.
	HostName *string `json:"hostName,omitempty"`
	// IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty"`
	// NetBiosName - READ-ONLY; The host name (pre-windows2000).
	NetBiosName *string `json:"netBiosName,omitempty"`
	// NtDomain - READ-ONLY; The NT domain that this host belongs to.
	NtDomain *string `json:"ntDomain,omitempty"`
	// OmsAgentID - READ-ONLY; The OMS agent id, if the host has OMS agent installed.
	OmsAgentID *string `json:"omsAgentID,omitempty"`
	// OsFamily - The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS'
	OsFamily OSFamily `json:"osFamily,omitempty"`
	// OsVersion - READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration
	OsVersion *string `json:"osVersion,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

HostEntityProperties host entity property bag.

func (HostEntityProperties) MarshalJSON

func (hep HostEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HostEntityProperties.

type IPEntity

type IPEntity struct {
	// IPEntityProperties - Ip entity properties
	*IPEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

IPEntity represents an ip entity.

func (IPEntity) AsAccountEntity

func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsAzureResourceEntity

func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsBasicEntity

func (ie IPEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsCloudApplicationEntity

func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsDNSEntity

func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsEntity

func (ie IPEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsFileEntity

func (ie IPEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsFileHashEntity

func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsHostEntity

func (ie IPEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsIPEntity

func (ie IPEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsMalwareEntity

func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsProcessEntity

func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsRegistryKeyEntity

func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsRegistryValueEntity

func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsSecurityAlert

func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for IPEntity.

func (IPEntity) AsSecurityGroupEntity

func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsURLEntity

func (ie IPEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) MarshalJSON

func (ie IPEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IPEntity.

func (*IPEntity) UnmarshalJSON

func (ie *IPEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IPEntity struct.

type IPEntityProperties

type IPEntityProperties struct {
	// Address - READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
	Address *string `json:"address,omitempty"`
	// Location - The geo-location context attached to the ip entity
	Location *GeoLocation `json:"location,omitempty"`
	// ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity.
	ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

IPEntityProperties ip entity property bag.

func (IPEntityProperties) MarshalJSON

func (iep IPEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IPEntityProperties.

type KillChainIntent

type KillChainIntent string

KillChainIntent enumerates the values for kill chain intent.

const (
	// KillChainIntentCollection Collection consists of techniques used to identify and gather information,
	// such as sensitive files, from a target network prior to exfiltration. This category also covers
	// locations on a system or network where the adversary may look for information to exfiltrate.
	KillChainIntentCollection KillChainIntent = "Collection"
	// KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate
	// with systems under their control within a target network.
	KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl"
	// KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or
	// control over system, domain, or service credentials that are used within an enterprise environment.
	// Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts
	// (local system administrator or domain users with administrator access) to use within the network. With
	// sufficient access within a network, an adversary can create accounts for later use within the
	// environment.
	KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess"
	// KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade
	// detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques
	// in other categories that have the added benefit of subverting a particular defense or mitigation.
	KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion"
	// KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge
	// about the system and internal network. When adversaries gain access to a new system, they must orient
	// themselves to what they now have control of and what benefits operating from that system give to their
	// current objective or overall goals during the intrusion. The operating system provides many native tools
	// that aid in this post-compromise information-gathering phase.
	KillChainIntentDiscovery KillChainIntent = "Discovery"
	// KillChainIntentExecution The execution tactic represents techniques that result in execution of
	// adversary-controlled code on a local or remote system. This tactic is often used in conjunction with
	// lateral movement to expand access to remote systems on a network.
	KillChainIntentExecution KillChainIntent = "Execution"
	// KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the
	// adversary removing files and information from a target network. This category also covers locations on a
	// system or network where the adversary may look for information to exfiltrate.
	KillChainIntentExfiltration KillChainIntent = "Exfiltration"
	// KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the
	// attacked resource. This stage is applicable not only for compute hosts, but also for resources such as
	// user accounts, certificates etc. Adversaries will often be able to control the resource after this
	// stage.
	KillChainIntentExploitation KillChainIntent = "Exploitation"
	// KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or
	// integrity of a system, service, or network; including manipulation of data to impact a business or
	// operational process. This would often refer to techniques such as ransom-ware, defacement, data
	// manipulation and others.
	KillChainIntentImpact KillChainIntent = "Impact"
	// KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to
	// access and control remote systems on a network and could, but does not necessarily, include execution of
	// tools on remote systems. The lateral movement techniques could allow an adversary to gather information
	// from a system without needing additional tools, such as a remote access tool. An adversary can use
	// lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems,
	// access to specific information or files, access to additional credentials, or to cause an effect.
	KillChainIntentLateralMovement KillChainIntent = "LateralMovement"
	// KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that
	// gives an adversary a persistent presence on that system. Adversaries will often need to maintain access
	// to systems through interruptions such as system restarts, loss of credentials, or other failures that
	// would require a remote access tool to restart or alternate backdoor for them to regain access.
	KillChainIntentPersistence KillChainIntent = "Persistence"
	// KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary
	// to obtain a higher level of permissions on a system or network. Certain tools or actions require a
	// higher level of privilege to work and are likely necessary at many points throughout an operation. User
	// accounts with permissions to access specific systems or perform specific functions necessary for
	// adversaries to achieve their objective may also be considered an escalation of privilege.
	KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
	// KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a
	// malicious intent or a failed attempt to gain access to a target system to gather information prior to
	// exploitation. This step is usually detected as an attempt originating from outside the network in
	// attempt to scan the target system and find a way in.
	KillChainIntentProbing KillChainIntent = "Probing"
	// KillChainIntentUnknown The default value.
	KillChainIntentUnknown KillChainIntent = "Unknown"
)

func PossibleKillChainIntentValues

func PossibleKillChainIntentValues() []KillChainIntent

PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type.

type Kind

type Kind string

Kind enumerates the values for kind.

const (
	// KindAggregations ...
	KindAggregations Kind = "Aggregations"
	// KindCasesAggregation ...
	KindCasesAggregation Kind = "CasesAggregation"
)

func PossibleKindValues

func PossibleKindValues() []Kind

PossibleKindValues returns an array of possible values for the Kind const type.

type KindBasicAlertRule

type KindBasicAlertRule string

KindBasicAlertRule enumerates the values for kind basic alert rule.

const (
	// KindAlertRule ...
	KindAlertRule KindBasicAlertRule = "AlertRule"
	// KindFusion ...
	KindFusion KindBasicAlertRule = "Fusion"
	// KindMicrosoftSecurityIncidentCreation ...
	KindMicrosoftSecurityIncidentCreation KindBasicAlertRule = "MicrosoftSecurityIncidentCreation"
	// KindScheduled ...
	KindScheduled KindBasicAlertRule = "Scheduled"
)

func PossibleKindBasicAlertRuleValues

func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule

PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type.

type KindBasicAlertRuleTemplate

type KindBasicAlertRuleTemplate string

KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template.

const (
	// KindBasicAlertRuleTemplateKindAlertRuleTemplate ...
	KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate"
	// KindBasicAlertRuleTemplateKindFusion ...
	KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion"
	// KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ...
	KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation"
	// KindBasicAlertRuleTemplateKindScheduled ...
	KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled"
)

func PossibleKindBasicAlertRuleTemplateValues

func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate

PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type.

type KindBasicDataConnector

type KindBasicDataConnector string

KindBasicDataConnector enumerates the values for kind basic data connector.

const (
	// KindAmazonWebServicesCloudTrail ...
	KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail"
	// KindAzureActiveDirectory ...
	KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory"
	// KindAzureAdvancedThreatProtection ...
	KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection"
	// KindAzureSecurityCenter ...
	KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter"
	// KindDataConnector ...
	KindDataConnector KindBasicDataConnector = "DataConnector"
	// KindMicrosoftCloudAppSecurity ...
	KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity"
	// KindMicrosoftDefenderAdvancedThreatProtection ...
	KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection"
	// KindOffice365 ...
	KindOffice365 KindBasicDataConnector = "Office365"
	// KindThreatIntelligence ...
	KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence"
)

func PossibleKindBasicDataConnectorValues

func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector

PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type.

type KindBasicEntity

type KindBasicEntity string

KindBasicEntity enumerates the values for kind basic entity.

const (
	// KindAccount ...
	KindAccount KindBasicEntity = "Account"
	// KindAzureResource ...
	KindAzureResource KindBasicEntity = "AzureResource"
	// KindCloudApplication ...
	KindCloudApplication KindBasicEntity = "CloudApplication"
	// KindDNSResolution ...
	KindDNSResolution KindBasicEntity = "DnsResolution"
	// KindEntity ...
	KindEntity KindBasicEntity = "Entity"
	// KindFile ...
	KindFile KindBasicEntity = "File"
	// KindFileHash ...
	KindFileHash KindBasicEntity = "FileHash"
	// KindHost ...
	KindHost KindBasicEntity = "Host"
	// KindIP ...
	KindIP KindBasicEntity = "Ip"
	// KindMalware ...
	KindMalware KindBasicEntity = "Malware"
	// KindProcess ...
	KindProcess KindBasicEntity = "Process"
	// KindRegistryKey ...
	KindRegistryKey KindBasicEntity = "RegistryKey"
	// KindRegistryValue ...
	KindRegistryValue KindBasicEntity = "RegistryValue"
	// KindSecurityAlert ...
	KindSecurityAlert KindBasicEntity = "SecurityAlert"
	// KindSecurityGroup ...
	KindSecurityGroup KindBasicEntity = "SecurityGroup"
	// KindURL ...
	KindURL KindBasicEntity = "Url"
)

func PossibleKindBasicEntityValues

func PossibleKindBasicEntityValues() []KindBasicEntity

PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type.

type KindBasicSettings

type KindBasicSettings string

KindBasicSettings enumerates the values for kind basic settings.

const (
	// KindSettings ...
	KindSettings KindBasicSettings = "Settings"
	// KindToggleSettings ...
	KindToggleSettings KindBasicSettings = "ToggleSettings"
	// KindUebaSettings ...
	KindUebaSettings KindBasicSettings = "UebaSettings"
)

func PossibleKindBasicSettingsValues

func PossibleKindBasicSettingsValues() []KindBasicSettings

PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type.

type LicenseStatus

type LicenseStatus string

LicenseStatus enumerates the values for license status.

const (
	// LicenseStatusDisabled ...
	LicenseStatusDisabled LicenseStatus = "Disabled"
	// LicenseStatusEnabled ...
	LicenseStatusEnabled LicenseStatus = "Enabled"
)

func PossibleLicenseStatusValues

func PossibleLicenseStatusValues() []LicenseStatus

PossibleLicenseStatusValues returns an array of possible values for the LicenseStatus const type.

type MCASDataConnector

type MCASDataConnector struct {
	// MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties.
	*MCASDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector.

func (MCASDataConnector) AsAADDataConnector

func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAATPDataConnector

func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsASCDataConnector

func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAwsCloudTrailDataConnector

func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsBasicDataConnector

func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsDataConnector

func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMCASDataConnector

func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMDATPDataConnector

func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsOfficeDataConnector

func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsTIDataConnector

func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) MarshalJSON

func (mdc MCASDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MCASDataConnector.

func (*MCASDataConnector) UnmarshalJSON

func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct.

type MCASDataConnectorDataTypes

type MCASDataConnectorDataTypes struct {
	// DiscoveryLogs - Discovery log data type connection.
	DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"`
	// Alerts - Alerts data type connection.
	Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"`
}

MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data connector.

type MCASDataConnectorDataTypesDiscoveryLogs

type MCASDataConnectorDataTypesDiscoveryLogs struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection.

type MCASDataConnectorProperties

type MCASDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties.

type MDATPDataConnector

type MDATPDataConnector struct {
	// MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
	*MDATPDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

func (MDATPDataConnector) AsAADDataConnector

func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAATPDataConnector

func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsASCDataConnector

func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAwsCloudTrailDataConnector

func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsBasicDataConnector

func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsDataConnector

func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMCASDataConnector

func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMDATPDataConnector

func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsOfficeDataConnector

func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsTIDataConnector

func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) MarshalJSON

func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MDATPDataConnector.

func (*MDATPDataConnector) UnmarshalJSON

func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct.

type MDATPDataConnectorProperties

type MDATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.

type MalwareEntity

type MalwareEntity struct {
	// MalwareEntityProperties - File entity properties
	*MalwareEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

MalwareEntity represents a malware entity.

func (MalwareEntity) AsAccountEntity

func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsAzureResourceEntity

func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsBasicEntity

func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsCloudApplicationEntity

func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsDNSEntity

func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsEntity

func (me MalwareEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsFileEntity

func (me MalwareEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsFileHashEntity

func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsHostEntity

func (me MalwareEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsIPEntity

func (me MalwareEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsMalwareEntity

func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsProcessEntity

func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsRegistryKeyEntity

func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsRegistryValueEntity

func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsSecurityAlert

func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsSecurityGroupEntity

func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsURLEntity

func (me MalwareEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) MarshalJSON

func (me MalwareEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MalwareEntity.

func (*MalwareEntity) UnmarshalJSON

func (me *MalwareEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MalwareEntity struct.

type MalwareEntityProperties

type MalwareEntityProperties struct {
	// Category - READ-ONLY; The malware category by the vendor, e.g. Trojan
	Category *string `json:"category,omitempty"`
	// FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found
	FileEntityIds *[]string `json:"fileEntityIds,omitempty"`
	// MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn
	MalwareName *string `json:"malwareName,omitempty"`
	// ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found.
	ProcessEntityIds *[]string `json:"processEntityIds,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

MalwareEntityProperties malware entity property bag.

func (MalwareEntityProperties) MarshalJSON

func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MalwareEntityProperties.

type MicrosoftSecurityIncidentCreationAlertRule

type MicrosoftSecurityIncidentCreationAlertRule struct {
	// MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule properties
	*MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRule represents MicrosoftSecurityIncidentCreation rule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule

AsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON

func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRule.

func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON

func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRule struct.

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct {
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleCommonProperties microsoftSecurityIncidentCreation rule common property bag.

type MicrosoftSecurityIncidentCreationAlertRuleProperties

type MicrosoftSecurityIncidentCreationAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property bag.

type MicrosoftSecurityIncidentCreationAlertRuleTemplate

type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct {
	// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties
	*MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplate represents MicrosoftSecurityIncidentCreation rule template.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON

func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate struct.

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data connectors for this template
	RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule template properties

type MicrosoftSecurityProductName

type MicrosoftSecurityProductName string

MicrosoftSecurityProductName enumerates the values for microsoft security product name.

const (
	// AzureActiveDirectoryIdentityProtection ...
	AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection"
	// AzureAdvancedThreatProtection ...
	AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection"
	// AzureSecurityCenter ...
	AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center"
	// MicrosoftCloudAppSecurity ...
	MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security"
)

func PossibleMicrosoftSecurityProductNameValues

func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName

PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type.

type OSFamily

type OSFamily string

OSFamily enumerates the values for os family.

const (
	// Android Host with Android operating system.
	Android OSFamily = "Android"
	// IOS Host with IOS operating system.
	IOS OSFamily = "IOS"
	// Linux Host with Linux operating system.
	Linux OSFamily = "Linux"
	// Windows Host with Windows operating system.
	Windows OSFamily = "Windows"
)

func PossibleOSFamilyValues

func PossibleOSFamilyValues() []OSFamily

PossibleOSFamilyValues returns an array of possible values for the OSFamily const type.

type OfficeConsent

type OfficeConsent struct {
	autorest.Response `json:"-"`
	// OfficeConsentProperties - Office consent properties
	*OfficeConsentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

OfficeConsent consent for Office365 tenant that already made.

func (OfficeConsent) MarshalJSON

func (oc OfficeConsent) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsent.

func (*OfficeConsent) UnmarshalJSON

func (oc *OfficeConsent) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeConsent struct.

type OfficeConsentList

type OfficeConsentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of office consents.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of the consents.
	Value *[]OfficeConsent `json:"value,omitempty"`
}

OfficeConsentList list of all the office365 consents.

func (OfficeConsentList) IsEmpty

func (ocl OfficeConsentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type OfficeConsentListIterator

type OfficeConsentListIterator struct {
	// contains filtered or unexported fields
}

OfficeConsentListIterator provides access to a complete listing of OfficeConsent values.

func NewOfficeConsentListIterator

func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator

Creates a new instance of the OfficeConsentListIterator type.

func (*OfficeConsentListIterator) Next

func (iter *OfficeConsentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OfficeConsentListIterator) NextWithContext

func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (OfficeConsentListIterator) NotDone

func (iter OfficeConsentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (OfficeConsentListIterator) Response

Response returns the raw server response from the last page request.

func (OfficeConsentListIterator) Value

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type OfficeConsentListPage

type OfficeConsentListPage struct {
	// contains filtered or unexported fields
}

OfficeConsentListPage contains a page of OfficeConsent values.

func NewOfficeConsentListPage

func NewOfficeConsentListPage(getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage

Creates a new instance of the OfficeConsentListPage type.

func (*OfficeConsentListPage) Next

func (page *OfficeConsentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OfficeConsentListPage) NextWithContext

func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (OfficeConsentListPage) NotDone

func (page OfficeConsentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (OfficeConsentListPage) Response

func (page OfficeConsentListPage) Response() OfficeConsentList

Response returns the raw server response from the last page request.

func (OfficeConsentListPage) Values

func (page OfficeConsentListPage) Values() []OfficeConsent

Values returns the slice of values for the current page or nil if there are no values.

type OfficeConsentProperties

type OfficeConsentProperties struct {
	// TenantID - The tenantId of the Office365 with the consent.
	TenantID *string `json:"tenantId,omitempty"`
	// TenantName - READ-ONLY; The tenant name of the Office365 with the consent.
	TenantName *string `json:"tenantName,omitempty"`
}

OfficeConsentProperties consent property bag.

type OfficeConsentsClient

type OfficeConsentsClient struct {
	BaseClient
}

OfficeConsentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewOfficeConsentsClient

func NewOfficeConsentsClient(subscriptionID string) OfficeConsentsClient

NewOfficeConsentsClient creates an instance of the OfficeConsentsClient client.

func NewOfficeConsentsClientWithBaseURI

func NewOfficeConsentsClientWithBaseURI(baseURI string, subscriptionID string) OfficeConsentsClient

NewOfficeConsentsClientWithBaseURI creates an instance of the OfficeConsentsClient client.

func (OfficeConsentsClient) Delete

func (client OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result autorest.Response, err error)

Delete delete the office365 consent. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. consentID - consent ID

func (OfficeConsentsClient) DeletePreparer

func (client OfficeConsentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (OfficeConsentsClient) DeleteResponder

func (client OfficeConsentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (OfficeConsentsClient) DeleteSender

func (client OfficeConsentsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (OfficeConsentsClient) Get

func (client OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result OfficeConsent, err error)

Get gets an office365 consent. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. consentID - consent ID

func (OfficeConsentsClient) GetPreparer

func (client OfficeConsentsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (OfficeConsentsClient) GetResponder

func (client OfficeConsentsClient) GetResponder(resp *http.Response) (result OfficeConsent, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (OfficeConsentsClient) GetSender

func (client OfficeConsentsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (OfficeConsentsClient) List

func (client OfficeConsentsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result OfficeConsentListPage, err error)

List gets all office365 consents. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (OfficeConsentsClient) ListComplete

func (client OfficeConsentsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result OfficeConsentListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (OfficeConsentsClient) ListPreparer

func (client OfficeConsentsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (OfficeConsentsClient) ListResponder

func (client OfficeConsentsClient) ListResponder(resp *http.Response) (result OfficeConsentList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (OfficeConsentsClient) ListSender

func (client OfficeConsentsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type OfficeDataConnector

type OfficeDataConnector struct {
	// OfficeDataConnectorProperties - Office data connector properties.
	*OfficeDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

OfficeDataConnector represents office data connector.

func (OfficeDataConnector) AsAADDataConnector

func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAATPDataConnector

func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsASCDataConnector

func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAwsCloudTrailDataConnector

func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsBasicDataConnector

func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsDataConnector

func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMCASDataConnector

func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMDATPDataConnector

func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsOfficeDataConnector

func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsTIDataConnector

func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) MarshalJSON

func (odc OfficeDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeDataConnector.

func (*OfficeDataConnector) UnmarshalJSON

func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct.

type OfficeDataConnectorDataTypes

type OfficeDataConnectorDataTypes struct {
	// Exchange - Exchange data type connection.
	Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"`
	// SharePoint - SharePoint data type connection.
	SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"`
}

OfficeDataConnectorDataTypes the available data types for office data connector.

type OfficeDataConnectorDataTypesExchange

type OfficeDataConnectorDataTypesExchange struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesExchange exchange data type connection.

type OfficeDataConnectorDataTypesSharePoint

type OfficeDataConnectorDataTypesSharePoint struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesSharePoint sharePoint data type connection.

type OfficeDataConnectorProperties

type OfficeDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeDataConnectorProperties office data connector properties.

type Operation

type Operation struct {
	// Display - Properties of the operation
	Display *OperationDisplay `json:"display,omitempty"`
	// Name - Name of the operation
	Name *string `json:"name,omitempty"`
}

Operation operation provided by provider

type OperationDisplay

type OperationDisplay struct {
	// Description - Description of the operation
	Description *string `json:"description,omitempty"`
	// Operation - Operation name
	Operation *string `json:"operation,omitempty"`
	// Provider - Provider name
	Provider *string `json:"provider,omitempty"`
	// Resource - Resource name
	Resource *string `json:"resource,omitempty"`
}

OperationDisplay properties of the operation

type OperationsClient

type OperationsClient struct {
	BaseClient
}

OperationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewOperationsClient

func NewOperationsClient(subscriptionID string) OperationsClient

NewOperationsClient creates an instance of the OperationsClient client.

func NewOperationsClientWithBaseURI

func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient

NewOperationsClientWithBaseURI creates an instance of the OperationsClient client.

func (OperationsClient) List

func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error)

List lists all operations available Azure Security Insights Resource Provider.

func (OperationsClient) ListComplete

func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (OperationsClient) ListPreparer

func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error)

ListPreparer prepares the List request.

func (OperationsClient) ListResponder

func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (OperationsClient) ListSender

func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type OperationsList

type OperationsList struct {
	autorest.Response `json:"-"`
	// NextLink - URL to fetch the next set of operations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of operations
	Value *[]Operation `json:"value,omitempty"`
}

OperationsList lists the operations available in the SecurityInsights RP.

func (OperationsList) IsEmpty

func (ol OperationsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type OperationsListIterator

type OperationsListIterator struct {
	// contains filtered or unexported fields
}

OperationsListIterator provides access to a complete listing of Operation values.

func NewOperationsListIterator

func NewOperationsListIterator(page OperationsListPage) OperationsListIterator

Creates a new instance of the OperationsListIterator type.

func (*OperationsListIterator) Next

func (iter *OperationsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OperationsListIterator) NextWithContext

func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (OperationsListIterator) NotDone

func (iter OperationsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (OperationsListIterator) Response

func (iter OperationsListIterator) Response() OperationsList

Response returns the raw server response from the last page request.

func (OperationsListIterator) Value

func (iter OperationsListIterator) Value() Operation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type OperationsListPage

type OperationsListPage struct {
	// contains filtered or unexported fields
}

OperationsListPage contains a page of Operation values.

func NewOperationsListPage

func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage

Creates a new instance of the OperationsListPage type.

func (*OperationsListPage) Next

func (page *OperationsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OperationsListPage) NextWithContext

func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (OperationsListPage) NotDone

func (page OperationsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (OperationsListPage) Response

func (page OperationsListPage) Response() OperationsList

Response returns the raw server response from the last page request.

func (OperationsListPage) Values

func (page OperationsListPage) Values() []Operation

Values returns the slice of values for the current page or nil if there are no values.

type ProcessEntity

type ProcessEntity struct {
	// ProcessEntityProperties - Process entity properties
	*ProcessEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

ProcessEntity represents a process entity.

func (ProcessEntity) AsAccountEntity

func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsAzureResourceEntity

func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsBasicEntity

func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsCloudApplicationEntity

func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsDNSEntity

func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsEntity

func (peVar ProcessEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsFileEntity

func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsFileHashEntity

func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsHostEntity

func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsIPEntity

func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsMalwareEntity

func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsProcessEntity

func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsRegistryKeyEntity

func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsRegistryValueEntity

func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsSecurityAlert

func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsSecurityGroupEntity

func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsURLEntity

func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) MarshalJSON

func (peVar ProcessEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ProcessEntity.

func (*ProcessEntity) UnmarshalJSON

func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ProcessEntity struct.

type ProcessEntityProperties

type ProcessEntityProperties struct {
	// AccountEntityID - READ-ONLY; The account entity id running the processes.
	AccountEntityID *string `json:"accountEntityId,omitempty"`
	// CommandLine - READ-ONLY; The command line used to create the process
	CommandLine *string `json:"commandLine,omitempty"`
	// CreationTimeUtc - READ-ONLY; The time when the process started to run
	CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"`
	// ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited'
	ElevationToken ElevationToken `json:"elevationToken,omitempty"`
	// HostEntityID - READ-ONLY; The host entity id on which the process was running
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running
	HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"`
	// ImageFileEntityID - READ-ONLY; Image file entity id
	ImageFileEntityID *string `json:"imageFileEntityId,omitempty"`
	// ParentProcessEntityID - READ-ONLY; The parent process entity id.
	ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"`
	// ProcessID - READ-ONLY; The process ID
	ProcessID *string `json:"processId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

ProcessEntityProperties process entity property bag.

func (ProcessEntityProperties) MarshalJSON

func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ProcessEntityProperties.

type ProductSettingsClient

type ProductSettingsClient struct {
	BaseClient
}

ProductSettingsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewProductSettingsClient

func NewProductSettingsClient(subscriptionID string) ProductSettingsClient

NewProductSettingsClient creates an instance of the ProductSettingsClient client.

func NewProductSettingsClientWithBaseURI

func NewProductSettingsClientWithBaseURI(baseURI string, subscriptionID string) ProductSettingsClient

NewProductSettingsClientWithBaseURI creates an instance of the ProductSettingsClient client.

func (ProductSettingsClient) Get

func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result SettingsModel, err error)

Get gets a setting. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports- Fusion, UEBA

func (ProductSettingsClient) GetPreparer

func (client ProductSettingsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (ProductSettingsClient) GetResponder

func (client ProductSettingsClient) GetResponder(resp *http.Response) (result SettingsModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (ProductSettingsClient) GetSender

func (client ProductSettingsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (ProductSettingsClient) Update

func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (result SettingsModel, err error)

Update updates the setting. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports- Fusion, UEBA settings - the setting

func (ProductSettingsClient) UpdatePreparer

func (client ProductSettingsClient) UpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (*http.Request, error)

UpdatePreparer prepares the Update request.

func (ProductSettingsClient) UpdateResponder

func (client ProductSettingsClient) UpdateResponder(resp *http.Response) (result SettingsModel, err error)

UpdateResponder handles the response to the Update request. The method always closes the http.Response Body.

func (ProductSettingsClient) UpdateSender

func (client ProductSettingsClient) UpdateSender(req *http.Request) (*http.Response, error)

UpdateSender sends the Update request. The method will close the http.Response Body if it receives an error.

type RegistryHive

type RegistryHive string

RegistryHive enumerates the values for registry hive.

const (
	// HKEYA HKEY_A
	HKEYA RegistryHive = "HKEY_A"
	// HKEYCLASSESROOT HKEY_CLASSES_ROOT
	HKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT"
	// HKEYCURRENTCONFIG HKEY_CURRENT_CONFIG
	HKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG"
	// HKEYCURRENTUSER HKEY_CURRENT_USER
	HKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER"
	// HKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS
	HKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS"
	// HKEYLOCALMACHINE HKEY_LOCAL_MACHINE
	HKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE"
	// HKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA
	HKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA"
	// HKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT
	HKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT"
	// HKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT
	HKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT"
	// HKEYUSERS HKEY_USERS
	HKEYUSERS RegistryHive = "HKEY_USERS"
)

func PossibleRegistryHiveValues

func PossibleRegistryHiveValues() []RegistryHive

PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type.

type RegistryKeyEntity

type RegistryKeyEntity struct {
	// RegistryKeyEntityProperties - RegistryKey entity properties
	*RegistryKeyEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

RegistryKeyEntity represents a registry key entity.

func (RegistryKeyEntity) AsAccountEntity

func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsAzureResourceEntity

func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsBasicEntity

func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsCloudApplicationEntity

func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsDNSEntity

func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsEntity

func (rke RegistryKeyEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsFileEntity

func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsFileHashEntity

func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsHostEntity

func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsIPEntity

func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsMalwareEntity

func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsProcessEntity

func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsRegistryKeyEntity

func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsRegistryValueEntity

func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsSecurityAlert

func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsSecurityGroupEntity

func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsURLEntity

func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) MarshalJSON

func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryKeyEntity.

func (*RegistryKeyEntity) UnmarshalJSON

func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RegistryKeyEntity struct.

type RegistryKeyEntityProperties

type RegistryKeyEntityProperties struct {
	// Hive - READ-ONLY; the hive that holds the registry key. Possible values include: 'HKEYLOCALMACHINE', 'HKEYCLASSESROOT', 'HKEYCURRENTCONFIG', 'HKEYUSERS', 'HKEYCURRENTUSERLOCALSETTINGS', 'HKEYPERFORMANCEDATA', 'HKEYPERFORMANCENLSTEXT', 'HKEYPERFORMANCETEXT', 'HKEYA', 'HKEYCURRENTUSER'
	Hive RegistryHive `json:"hive,omitempty"`
	// Key - READ-ONLY; The registry key path.
	Key *string `json:"key,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

RegistryKeyEntityProperties registryKey entity property bag.

func (RegistryKeyEntityProperties) MarshalJSON

func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryKeyEntityProperties.

type RegistryValueEntity

type RegistryValueEntity struct {
	// RegistryValueEntityProperties - RegistryKey entity properties
	*RegistryValueEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

RegistryValueEntity represents a registry value entity.

func (RegistryValueEntity) AsAccountEntity

func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsAzureResourceEntity

func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsBasicEntity

func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsCloudApplicationEntity

func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsDNSEntity

func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsEntity

func (rve RegistryValueEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsFileEntity

func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsFileHashEntity

func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsHostEntity

func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsIPEntity

func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsMalwareEntity

func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsProcessEntity

func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsRegistryKeyEntity

func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsRegistryValueEntity

func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsSecurityAlert

func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsSecurityGroupEntity

func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsURLEntity

func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) MarshalJSON

func (rve RegistryValueEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryValueEntity.

func (*RegistryValueEntity) UnmarshalJSON

func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct.

type RegistryValueEntityProperties

type RegistryValueEntityProperties struct {
	// KeyEntityID - READ-ONLY; The registry key entity id.
	KeyEntityID *string `json:"keyEntityId,omitempty"`
	// ValueData - READ-ONLY; String formatted representation of the value data.
	ValueData *string `json:"valueData,omitempty"`
	// ValueName - READ-ONLY; The registry value name.
	ValueName *string `json:"valueName,omitempty"`
	// ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord'
	ValueType RegistryValueKind `json:"valueType,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

RegistryValueEntityProperties registryValue entity property bag.

func (RegistryValueEntityProperties) MarshalJSON

func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryValueEntityProperties.

type RegistryValueKind

type RegistryValueKind string

RegistryValueKind enumerates the values for registry value kind.

const (
	// RegistryValueKindBinary Binary value type
	RegistryValueKindBinary RegistryValueKind = "Binary"
	// RegistryValueKindDWord DWord value type
	RegistryValueKindDWord RegistryValueKind = "DWord"
	// RegistryValueKindExpandString ExpandString value type
	RegistryValueKindExpandString RegistryValueKind = "ExpandString"
	// RegistryValueKindMultiString MultiString value type
	RegistryValueKindMultiString RegistryValueKind = "MultiString"
	// RegistryValueKindNone None
	RegistryValueKindNone RegistryValueKind = "None"
	// RegistryValueKindQWord QWord value type
	RegistryValueKindQWord RegistryValueKind = "QWord"
	// RegistryValueKindString String value type
	RegistryValueKindString RegistryValueKind = "String"
	// RegistryValueKindUnknown Unknown value type
	RegistryValueKindUnknown RegistryValueKind = "Unknown"
)

func PossibleRegistryValueKindValues

func PossibleRegistryValueKindValues() []RegistryValueKind

PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type.

type RelationBase

type RelationBase struct {
	// Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks'
	Kind RelationTypes `json:"kind,omitempty"`
	// Etag - ETag for relation
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

RelationBase represents a relation

type RelationNode

type RelationNode struct {
	// RelationNodeID - Relation Node Id
	RelationNodeID *string `json:"relationNodeId,omitempty"`
	// RelationNodeKind - READ-ONLY; The type of relation node. Possible values include: 'RelationNodeKindCase', 'RelationNodeKindBookmark'
	RelationNodeKind RelationNodeKind `json:"relationNodeKind,omitempty"`
	// Etag - Etag for relation node
	Etag *string `json:"etag,omitempty"`
	// RelationAdditionalProperties - Additional set of properties
	RelationAdditionalProperties map[string]*string `json:"relationAdditionalProperties"`
}

RelationNode relation node

func (RelationNode) MarshalJSON

func (rn RelationNode) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationNode.

type RelationNodeKind

type RelationNodeKind string

RelationNodeKind enumerates the values for relation node kind.

const (
	// RelationNodeKindBookmark Bookmark node part of the relation
	RelationNodeKindBookmark RelationNodeKind = "Bookmark"
	// RelationNodeKindCase Case node part of the relation
	RelationNodeKindCase RelationNodeKind = "Case"
)

func PossibleRelationNodeKindValues

func PossibleRelationNodeKindValues() []RelationNodeKind

PossibleRelationNodeKindValues returns an array of possible values for the RelationNodeKind const type.

type RelationTypes

type RelationTypes string

RelationTypes enumerates the values for relation types.

const (
	// CasesToBookmarks Relations between cases and bookmarks
	CasesToBookmarks RelationTypes = "CasesToBookmarks"
)

func PossibleRelationTypesValues

func PossibleRelationTypesValues() []RelationTypes

PossibleRelationTypesValues returns an array of possible values for the RelationTypes const type.

type RelationsModelInput

type RelationsModelInput struct {
	// RelationsModelInputProperties - Relation input properties
	*RelationsModelInputProperties `json:"properties,omitempty"`
	// Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks'
	Kind RelationTypes `json:"kind,omitempty"`
	// Etag - ETag for relation
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

RelationsModelInput relation input model

func (RelationsModelInput) MarshalJSON

func (rmi RelationsModelInput) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationsModelInput.

func (*RelationsModelInput) UnmarshalJSON

func (rmi *RelationsModelInput) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RelationsModelInput struct.

type RelationsModelInputProperties

type RelationsModelInputProperties struct {
	// RelationName - Name of relation
	RelationName *string `json:"relationName,omitempty"`
	// SourceRelationNode - Relation source node
	SourceRelationNode *RelationNode `json:"sourceRelationNode,omitempty"`
	// TargetRelationNode - Relation target node
	TargetRelationNode *RelationNode `json:"targetRelationNode,omitempty"`
}

RelationsModelInputProperties relation input properties

type Resource

type Resource struct {
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

Resource an azure resource object

type ResourceWithEtag

type ResourceWithEtag struct {
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ResourceWithEtag an azure resource object with an Etag property

type ScheduledAlertRule

type ScheduledAlertRule struct {
	// ScheduledAlertRuleProperties - Scheduled alert rule properties
	*ScheduledAlertRuleProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

ScheduledAlertRule represents scheduled alert rule.

func (ScheduledAlertRule) AsAlertRule

func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsBasicAlertRule

func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsFusionAlertRule

func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule

func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsScheduledAlertRule

func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) MarshalJSON

func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRule.

func (*ScheduledAlertRule) UnmarshalJSON

func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct.

type ScheduledAlertRuleCommonProperties

type ScheduledAlertRuleCommonProperties struct {
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
}

ScheduledAlertRuleCommonProperties schedule alert rule template property bag.

type ScheduledAlertRuleProperties

type ScheduledAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`
	// SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
}

ScheduledAlertRuleProperties scheduled alert rule base property bag.

type ScheduledAlertRuleTemplate

type ScheduledAlertRuleTemplate struct {
	// ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties
	*ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

ScheduledAlertRuleTemplate represents scheduled alert rule template.

func (ScheduledAlertRuleTemplate) AsAlertRuleTemplate

func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate

func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate

func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate

func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate

func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) MarshalJSON

func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate.

func (*ScheduledAlertRuleTemplate) UnmarshalJSON

func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct.

type ScheduledAlertRuleTemplateProperties

type ScheduledAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data connectors for this template
	RequiredDataConnectors *[]DataConnectorStatus `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
}

ScheduledAlertRuleTemplateProperties scheduled alert rule template properties

type SecurityAlert

type SecurityAlert struct {
	// SecurityAlertProperties - SecurityAlert entity properties
	*SecurityAlertProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

SecurityAlert represents a security alert entity.

func (SecurityAlert) AsAccountEntity

func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsAzureResourceEntity

func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsBasicEntity

func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsCloudApplicationEntity

func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsDNSEntity

func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsEntity

func (sa SecurityAlert) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsFileEntity

func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsFileHashEntity

func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsHostEntity

func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsIPEntity

func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsMalwareEntity

func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsProcessEntity

func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsRegistryKeyEntity

func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsRegistryValueEntity

func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsSecurityAlert

func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsSecurityGroupEntity

func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsURLEntity

func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) MarshalJSON

func (sa SecurityAlert) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlert.

func (*SecurityAlert) UnmarshalJSON

func (sa *SecurityAlert) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SecurityAlert struct.

type SecurityAlertProperties

type SecurityAlertProperties struct {
	// AlertDisplayName - READ-ONLY; The display name of the alert.
	AlertDisplayName *string `json:"alertDisplayName,omitempty"`
	// AlertType - READ-ONLY; The type name of the alert.
	AlertType *string `json:"alertType,omitempty"`
	// CompromisedEntity - READ-ONLY; Display name of the main entity being reported on.
	CompromisedEntity *string `json:"compromisedEntity,omitempty"`
	// ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh'
	ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"`
	// ConfidenceReasons - READ-ONLY; The confidence reasons
	ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"`
	// ConfidenceScore - READ-ONLY; The confidence score of the alert.
	ConfidenceScore *float64 `json:"confidenceScore,omitempty"`
	// ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final'
	ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"`
	// Description - READ-ONLY; Alert description.
	Description *string `json:"description,omitempty"`
	// EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert).
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact'
	Intent KillChainIntent `json:"intent,omitempty"`
	// ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption.
	ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"`
	// ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert.
	ProductComponentName *string `json:"productComponentName,omitempty"`
	// ProductName - READ-ONLY; The name of the product which published this alert.
	ProductName *string `json:"productName,omitempty"`
	// ProductVersion - READ-ONLY; The version of the product generating the alert.
	ProductVersion *string `json:"productVersion,omitempty"`
	// RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert.
	RemediationSteps *[]string `json:"remediationSteps,omitempty"`
	// Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert).
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress'
	Status AlertStatus `json:"status,omitempty"`
	// SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product.
	SystemAlertID *string `json:"systemAlertId,omitempty"`
	// TimeGenerated - READ-ONLY; The time the alert was generated.
	TimeGenerated *date.Time `json:"timeGenerated,omitempty"`
	// VendorName - READ-ONLY; The name of the vendor that raise the alert.
	VendorName *string `json:"vendorName,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

SecurityAlertProperties securityAlert entity property bag.

func (SecurityAlertProperties) MarshalJSON

func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlertProperties.

type SecurityAlertPropertiesConfidenceReasonsItem

type SecurityAlertPropertiesConfidenceReasonsItem struct {
	// Reason - READ-ONLY; The reason's description
	Reason *string `json:"reason,omitempty"`
	// ReasonType - READ-ONLY; The type (category) of the reason
	ReasonType *string `json:"reasonType,omitempty"`
}

SecurityAlertPropertiesConfidenceReasonsItem confidence reason item

type SecurityGroupEntity

type SecurityGroupEntity struct {
	// SecurityGroupEntityProperties - SecurityGroup entity properties
	*SecurityGroupEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

SecurityGroupEntity represents a security group entity.

func (SecurityGroupEntity) AsAccountEntity

func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsAzureResourceEntity

func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsBasicEntity

func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsCloudApplicationEntity

func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsDNSEntity

func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsEntity

func (sge SecurityGroupEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsFileEntity

func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsFileHashEntity

func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsHostEntity

func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsIPEntity

func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsMalwareEntity

func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsProcessEntity

func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsRegistryKeyEntity

func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsRegistryValueEntity

func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsSecurityAlert

func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsSecurityGroupEntity

func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsURLEntity

func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) MarshalJSON

func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityGroupEntity.

func (*SecurityGroupEntity) UnmarshalJSON

func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SecurityGroupEntity struct.

type SecurityGroupEntityProperties

type SecurityGroupEntityProperties struct {
	// DistinguishedName - READ-ONLY; The group distinguished name
	DistinguishedName *string `json:"distinguishedName,omitempty"`
	// ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"`
	// Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group
	Sid *string `json:"sid,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

SecurityGroupEntityProperties securityGroup entity property bag.

func (SecurityGroupEntityProperties) MarshalJSON

func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityGroupEntityProperties.

type SettingKind

type SettingKind string

SettingKind enumerates the values for setting kind.

const (
	// SettingKindToggleSettings ...
	SettingKindToggleSettings SettingKind = "ToggleSettings"
	// SettingKindUebaSettings ...
	SettingKindUebaSettings SettingKind = "UebaSettings"
)

func PossibleSettingKindValues

func PossibleSettingKindValues() []SettingKind

PossibleSettingKindValues returns an array of possible values for the SettingKind const type.

type Settings

type Settings struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

Settings the Setting.

func (Settings) AsBasicSettings

func (s Settings) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for Settings.

func (Settings) AsSettings

func (s Settings) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for Settings.

func (Settings) AsToggleSettings

func (s Settings) AsToggleSettings() (*ToggleSettings, bool)

AsToggleSettings is the BasicSettings implementation for Settings.

func (Settings) AsUebaSettings

func (s Settings) AsUebaSettings() (*UebaSettings, bool)

AsUebaSettings is the BasicSettings implementation for Settings.

func (Settings) MarshalJSON

func (s Settings) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Settings.

type SettingsKind

type SettingsKind struct {
	// Kind - The kind of the setting. Possible values include: 'SettingKindUebaSettings', 'SettingKindToggleSettings'
	Kind SettingKind `json:"kind,omitempty"`
}

SettingsKind describes an Azure resource with kind.

type SettingsModel

type SettingsModel struct {
	autorest.Response `json:"-"`
	Value             BasicSettings `json:"value,omitempty"`
}

SettingsModel ...

func (*SettingsModel) UnmarshalJSON

func (sm *SettingsModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SettingsModel struct.

type StatusInMcas

type StatusInMcas string

StatusInMcas enumerates the values for status in mcas.

const (
	// StatusInMcasDisabled ...
	StatusInMcasDisabled StatusInMcas = "Disabled"
	// StatusInMcasEnabled ...
	StatusInMcasEnabled StatusInMcas = "Enabled"
)

func PossibleStatusInMcasValues

func PossibleStatusInMcasValues() []StatusInMcas

PossibleStatusInMcasValues returns an array of possible values for the StatusInMcas const type.

type TIDataConnector

type TIDataConnector struct {
	// TIDataConnectorProperties - TI (Threat Intelligence) data connector properties.
	*TIDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOffice365', 'KindThreatIntelligence'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

TIDataConnector represents threat intelligence data connector.

func (TIDataConnector) AsAADDataConnector

func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAATPDataConnector

func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsASCDataConnector

func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAwsCloudTrailDataConnector

func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsBasicDataConnector

func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsDataConnector

func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMCASDataConnector

func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMDATPDataConnector

func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsOfficeDataConnector

func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsTIDataConnector

func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) MarshalJSON

func (tdc TIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TIDataConnector.

func (*TIDataConnector) UnmarshalJSON

func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TIDataConnector struct.

type TIDataConnectorDataTypes

type TIDataConnectorDataTypes struct {
	// Indicators - Data type for indicators connection.
	Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"`
}

TIDataConnectorDataTypes the available data types for TI (Threat Intelligence) data connector.

type TIDataConnectorDataTypesIndicators

type TIDataConnectorDataTypesIndicators struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

TIDataConnectorDataTypesIndicators data type for indicators connection.

type TIDataConnectorProperties

type TIDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TIDataConnectorProperties TI (Threat Intelligence) data connector properties.

type TemplateStatus

type TemplateStatus string

TemplateStatus enumerates the values for template status.

const (
	// Available Alert rule template is available.
	Available TemplateStatus = "Available"
	// Installed Alert rule template installed. and can not use more then once
	Installed TemplateStatus = "Installed"
	// NotAvailable Alert rule template is not available
	NotAvailable TemplateStatus = "NotAvailable"
)

func PossibleTemplateStatusValues

func PossibleTemplateStatusValues() []TemplateStatus

PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type.

type ThreatIntelligence

type ThreatIntelligence struct {
	// Confidence - READ-ONLY; Confidence (must be between 0 and 1)
	Confidence *float64 `json:"confidence,omitempty"`
	// ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received
	ProviderName *string `json:"providerName,omitempty"`
	// ReportLink - READ-ONLY; Report link
	ReportLink *string `json:"reportLink,omitempty"`
	// ThreatDescription - READ-ONLY; Threat description (free text)
	ThreatDescription *string `json:"threatDescription,omitempty"`
	// ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware")
	ThreatName *string `json:"threatName,omitempty"`
	// ThreatType - READ-ONLY; Threat type (e.g. "Botnet")
	ThreatType *string `json:"threatType,omitempty"`
}

ThreatIntelligence threatIntelligence property bag.

type ToggleSettings

type ToggleSettings struct {
	// ToggleSettingsProperties - toggle properties
	*ToggleSettingsProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

ToggleSettings settings with single toggle.

func (ToggleSettings) AsBasicSettings

func (ts ToggleSettings) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for ToggleSettings.

func (ToggleSettings) AsSettings

func (ts ToggleSettings) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for ToggleSettings.

func (ToggleSettings) AsToggleSettings

func (ts ToggleSettings) AsToggleSettings() (*ToggleSettings, bool)

AsToggleSettings is the BasicSettings implementation for ToggleSettings.

func (ToggleSettings) AsUebaSettings

func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool)

AsUebaSettings is the BasicSettings implementation for ToggleSettings.

func (ToggleSettings) MarshalJSON

func (ts ToggleSettings) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ToggleSettings.

func (*ToggleSettings) UnmarshalJSON

func (ts *ToggleSettings) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ToggleSettings struct.

type ToggleSettingsProperties

type ToggleSettingsProperties struct {
	// IsEnabled - Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`
}

ToggleSettingsProperties toggle property bag.

type TriggerOperator

type TriggerOperator string

TriggerOperator enumerates the values for trigger operator.

const (
	// Equal ...
	Equal TriggerOperator = "Equal"
	// GreaterThan ...
	GreaterThan TriggerOperator = "GreaterThan"
	// LessThan ...
	LessThan TriggerOperator = "LessThan"
	// NotEqual ...
	NotEqual TriggerOperator = "NotEqual"
)

func PossibleTriggerOperatorValues

func PossibleTriggerOperatorValues() []TriggerOperator

PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type.

type URLEntity

type URLEntity struct {
	// URLEntityProperties - Url entity properties
	*URLEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityAlert', 'KindSecurityGroup', 'KindURL'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

URLEntity represents a url entity.

func (URLEntity) AsAccountEntity

func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsAzureResourceEntity

func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsBasicEntity

func (ue URLEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsCloudApplicationEntity

func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsDNSEntity

func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsEntity

func (ue URLEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsFileEntity

func (ue URLEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsFileHashEntity

func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsHostEntity

func (ue URLEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsIPEntity

func (ue URLEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsMalwareEntity

func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsProcessEntity

func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsRegistryKeyEntity

func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsRegistryValueEntity

func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsSecurityAlert

func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for URLEntity.

func (URLEntity) AsSecurityGroupEntity

func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsURLEntity

func (ue URLEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) MarshalJSON

func (ue URLEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for URLEntity.

func (*URLEntity) UnmarshalJSON

func (ue *URLEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for URLEntity struct.

type URLEntityProperties

type URLEntityProperties struct {
	// URL - READ-ONLY; A full URL the entity points to
	URL *string `json:"url,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

URLEntityProperties url entity property bag.

func (URLEntityProperties) MarshalJSON

func (uep URLEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for URLEntityProperties.

type UebaSettings

type UebaSettings struct {
	// UebaSettingsProperties - User and Entity Behavior Analytics settings properties
	*UebaSettingsProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindToggleSettings', 'KindUebaSettings'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

UebaSettings represents settings for User and Entity Behavior Analytics enablement.

func (UebaSettings) AsBasicSettings

func (us UebaSettings) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for UebaSettings.

func (UebaSettings) AsSettings

func (us UebaSettings) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for UebaSettings.

func (UebaSettings) AsToggleSettings

func (us UebaSettings) AsToggleSettings() (*ToggleSettings, bool)

AsToggleSettings is the BasicSettings implementation for UebaSettings.

func (UebaSettings) AsUebaSettings

func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool)

AsUebaSettings is the BasicSettings implementation for UebaSettings.

func (UebaSettings) MarshalJSON

func (us UebaSettings) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for UebaSettings.

func (*UebaSettings) UnmarshalJSON

func (us *UebaSettings) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for UebaSettings struct.

type UebaSettingsProperties

type UebaSettingsProperties struct {
	// AtpLicenseStatus - READ-ONLY; Determines whether the tenant has ATP (Advanced Threat Protection) license. Possible values include: 'LicenseStatusEnabled', 'LicenseStatusDisabled'
	AtpLicenseStatus LicenseStatus `json:"atpLicenseStatus,omitempty"`
	// IsEnabled - Determines whether User and Entity Behavior Analytics is enabled for this workspace.
	IsEnabled *bool `json:"isEnabled,omitempty"`
	// StatusInMcas - READ-ONLY; Determines whether User and Entity Behavior Analytics is enabled from MCAS (Microsoft Cloud App Security). Possible values include: 'StatusInMcasEnabled', 'StatusInMcasDisabled'
	StatusInMcas StatusInMcas `json:"statusInMcas,omitempty"`
}

UebaSettingsProperties user and Entity Behavior Analytics settings property bag.

type UserInfo

type UserInfo struct {
	// Email - READ-ONLY; The email of the user.
	Email *string `json:"email,omitempty"`
	// Name - READ-ONLY; The name of the user.
	Name *string `json:"name,omitempty"`
	// ObjectID - The object id of the user.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
}

UserInfo user information that made some action

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL