Versions in this module Expand all Collapse all v35 v35.1.0 Nov 1, 2019 v35.0.0 Oct 30, 2019 Changes in this version + const DefaultBaseURI + func UserAgent() string + func Version() string + type AADDataConnector struct + Etag *string + ID *string + Kind KindBasicDataConnector + Name *string + Type *string + func (adc *AADDataConnector) UnmarshalJSON(body []byte) error + func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool) + func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) + func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) + func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) + func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool) + func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) + func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) + func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) + func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool) + func (adc AADDataConnector) MarshalJSON() ([]byte, error) + type AADDataConnectorProperties struct + DataTypes *AlertsDataTypeOfDataConnector + TenantID *string + type AATPDataConnector struct + Etag *string + ID *string + Kind KindBasicDataConnector + Name *string + Type *string + func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error + func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) + func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) + func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) + func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) + func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool) + func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) + func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) + func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) + func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) + func (adc AATPDataConnector) MarshalJSON() ([]byte, error) + type AATPDataConnectorProperties struct + DataTypes *AlertsDataTypeOfDataConnector + TenantID *string + type ASCDataConnector struct + Etag *string + ID *string + Kind KindBasicDataConnector + Name *string + Type *string + func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error + func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool) + func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) + func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) + func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) + func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool) + func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) + func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) + func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) + func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool) + func (adc ASCDataConnector) MarshalJSON() ([]byte, error) + type ASCDataConnectorProperties struct + DataTypes *AlertsDataTypeOfDataConnector + SubscriptionID *string + type AccountEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (ae *AccountEntity) UnmarshalJSON(body []byte) error + func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool) + func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool) + func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool) + func (ae AccountEntity) AsEntity() (*Entity, bool) + func (ae AccountEntity) AsFileEntity() (*FileEntity, bool) + func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (ae AccountEntity) AsHostEntity() (*HostEntity, bool) + func (ae AccountEntity) AsIPEntity() (*IPEntity, bool) + func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool) + func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (ae AccountEntity) AsURLEntity() (*URLEntity, bool) + func (ae AccountEntity) MarshalJSON() ([]byte, error) + type AccountEntityProperties struct + AadTenantID *string + AadUserID *string + AccountName *string + AdditionalData map[string]interface{} + DisplayName *string + FriendlyName *string + HostEntityID *string + IsDomainJoined *bool + NtDomain *string + ObjectGUID *uuid.UUID + Puid *string + Sid *string + UpnSuffix *string + func (aep AccountEntityProperties) MarshalJSON() ([]byte, error) + type ActionRequest struct + Etag *string + ID *string + Name *string + Type *string + func (ar *ActionRequest) UnmarshalJSON(body []byte) error + func (ar ActionRequest) MarshalJSON() ([]byte, error) + type ActionRequestProperties struct + TriggerURI *string + type ActionResponse struct + Etag *string + ID *string + Name *string + Type *string + func (ar *ActionResponse) UnmarshalJSON(body []byte) error + func (ar ActionResponse) MarshalJSON() ([]byte, error) + type ActionResponseProperties struct + WorkflowID *string + type ActionsClient struct + func NewActionsClient(subscriptionID string) ActionsClient + func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient + func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, ...) (result ActionsListPage, err error) + func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, ...) (result ActionsListIterator, err error) + func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error) + func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error) + type ActionsList struct + NextLink *string + Value *[]ActionResponse + func (al ActionsList) IsEmpty() bool + type ActionsListIterator struct + func NewActionsListIterator(page ActionsListPage) ActionsListIterator + func (iter *ActionsListIterator) Next() error + func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error) + func (iter ActionsListIterator) NotDone() bool + func (iter ActionsListIterator) Response() ActionsList + func (iter ActionsListIterator) Value() ActionResponse + type ActionsListPage struct + func NewActionsListPage(getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage + func (page *ActionsListPage) Next() error + func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error) + func (page ActionsListPage) NotDone() bool + func (page ActionsListPage) Response() ActionsList + func (page ActionsListPage) Values() []ActionResponse + type Aggregations struct + ID *string + Kind Kind + Name *string + Type *string + func (a Aggregations) AsAggregations() (*Aggregations, bool) + func (a Aggregations) AsBasicAggregations() (BasicAggregations, bool) + func (a Aggregations) AsCasesAggregation() (*CasesAggregation, bool) + func (a Aggregations) MarshalJSON() ([]byte, error) + type AggregationsKind string + const AggregationsKindCasesAggregation + func PossibleAggregationsKindValues() []AggregationsKind + type AggregationsKind1 struct + Kind AggregationsKind + type AggregationsModel struct + Value BasicAggregations + func (am *AggregationsModel) UnmarshalJSON(body []byte) error + type AlertRule struct + Etag *string + ID *string + Kind KindBasicAlertRule + Name *string + Type *string + func (ar AlertRule) AsAlertRule() (*AlertRule, bool) + func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool) + func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) + func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) + func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) + func (ar AlertRule) MarshalJSON() ([]byte, error) + type AlertRuleKind string + const Fusion + const MicrosoftSecurityIncidentCreation + const Scheduled + func PossibleAlertRuleKindValues() []AlertRuleKind + type AlertRuleKind1 struct + Kind AlertRuleKind + type AlertRuleModel struct + Value BasicAlertRule + func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error + type AlertRuleTemplate struct + ID *string + Kind KindBasicAlertRuleTemplate + Name *string + Type *string + func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) + func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) + func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) + func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) + func (art AlertRuleTemplate) MarshalJSON() ([]byte, error) + type AlertRuleTemplateModel struct + Value BasicAlertRuleTemplate + func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error + type AlertRuleTemplatePropertiesBase struct + AlertRulesCreatedByTemplateCount *int32 + CreatedDateUTC *date.Time + Description *string + DisplayName *string + RequiredDataConnectors *[]DataConnectorStatus + Status TemplateStatus + Tactics *[]AttackTactic + type AlertRuleTemplatesClient struct + func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient + func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient + func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, ...) (result AlertRuleTemplateModel, err error) + func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error) + func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error) + func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, ...) (result AlertRuleTemplatesListPage, err error) + func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result AlertRuleTemplatesListIterator, err error) + func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error) + func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error) + type AlertRuleTemplatesList struct + NextLink *string + Value *[]BasicAlertRuleTemplate + func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error + func (artl AlertRuleTemplatesList) IsEmpty() bool + type AlertRuleTemplatesListIterator struct + func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator + func (iter *AlertRuleTemplatesListIterator) Next() error + func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error) + func (iter AlertRuleTemplatesListIterator) NotDone() bool + func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList + func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate + type AlertRuleTemplatesListPage struct + func NewAlertRuleTemplatesListPage(...) AlertRuleTemplatesListPage + func (page *AlertRuleTemplatesListPage) Next() error + func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error) + func (page AlertRuleTemplatesListPage) NotDone() bool + func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList + func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate + type AlertRulesClient struct + func NewAlertRulesClient(subscriptionID string) AlertRulesClient + func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient + func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result AlertRuleModel, err error) + func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, ...) (result ActionResponse, err error) + func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error) + func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error) + func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error) + func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) + func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error) + func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error) + func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error) + func (client AlertRulesClient) DeleteActionSender(req *http.Request) (*http.Response, error) + func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) + func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error) + func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, ...) (result AlertRuleModel, err error) + func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, ...) (result ActionResponse, err error) + func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error) + func (client AlertRulesClient) GetActionSender(req *http.Request) (*http.Response, error) + func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error) + func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error) + func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, ...) (result AlertRulesListPage, err error) + func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result AlertRulesListIterator, err error) + func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error) + func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error) + type AlertRulesList struct + NextLink *string + Value *[]BasicAlertRule + func (arl *AlertRulesList) UnmarshalJSON(body []byte) error + func (arl AlertRulesList) IsEmpty() bool + type AlertRulesListIterator struct + func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator + func (iter *AlertRulesListIterator) Next() error + func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error) + func (iter AlertRulesListIterator) NotDone() bool + func (iter AlertRulesListIterator) Response() AlertRulesList + func (iter AlertRulesListIterator) Value() BasicAlertRule + type AlertRulesListPage struct + func NewAlertRulesListPage(getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage + func (page *AlertRulesListPage) Next() error + func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error) + func (page AlertRulesListPage) NotDone() bool + func (page AlertRulesListPage) Response() AlertRulesList + func (page AlertRulesListPage) Values() []BasicAlertRule + type AlertSeverity string + const High + const Informational + const Low + const Medium + func PossibleAlertSeverityValues() []AlertSeverity + type AlertStatus string + const AlertStatusDismissed + const AlertStatusInProgress + const AlertStatusNew + const AlertStatusResolved + const AlertStatusUnknown + func PossibleAlertStatusValues() []AlertStatus + type AlertsDataTypeOfDataConnector struct + Alerts *AlertsDataTypeOfDataConnectorAlerts + type AlertsDataTypeOfDataConnectorAlerts struct + State DataTypeState + type AttackTactic string + const Collection + const CommandAndControl + const CredentialAccess + const DefenseEvasion + const Discovery + const Execution + const Exfiltration + const Impact + const InitialAccess + const LateralMovement + const Persistence + const PrivilegeEscalation + func PossibleAttackTacticValues() []AttackTactic + type AwsCloudTrailDataConnector struct + Etag *string + ID *string + Kind KindBasicDataConnector + Name *string + Type *string + func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error + func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool) + func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) + func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) + func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) + func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool) + func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) + func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) + func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) + func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool) + func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error) + type AwsCloudTrailDataConnectorDataTypes struct + Logs *AwsCloudTrailDataConnectorDataTypesLogs + type AwsCloudTrailDataConnectorDataTypesLogs struct + State DataTypeState + type AwsCloudTrailDataConnectorProperties struct + AwsRoleArn *string + DataTypes *AwsCloudTrailDataConnectorDataTypes + type AzureResourceEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error + func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool) + func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool) + func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool) + func (are AzureResourceEntity) AsEntity() (*Entity, bool) + func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool) + func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool) + func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool) + func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool) + func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool) + func (are AzureResourceEntity) MarshalJSON() ([]byte, error) + type AzureResourceEntityProperties struct + AdditionalData map[string]interface{} + FriendlyName *string + ResourceID *string + func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error) + type BaseClient struct + BaseURI string + SubscriptionID string + func New(subscriptionID string) BaseClient + func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient + type BasicAggregations interface + AsAggregations func() (*Aggregations, bool) + AsCasesAggregation func() (*CasesAggregation, bool) + type BasicAlertRule interface + AsAlertRule func() (*AlertRule, bool) + AsFusionAlertRule func() (*FusionAlertRule, bool) + AsMicrosoftSecurityIncidentCreationAlertRule func() (*MicrosoftSecurityIncidentCreationAlertRule, bool) + AsScheduledAlertRule func() (*ScheduledAlertRule, bool) + type BasicAlertRuleTemplate interface + AsAlertRuleTemplate func() (*AlertRuleTemplate, bool) + AsFusionAlertRuleTemplate func() (*FusionAlertRuleTemplate, bool) + AsMicrosoftSecurityIncidentCreationAlertRuleTemplate func() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) + AsScheduledAlertRuleTemplate func() (*ScheduledAlertRuleTemplate, bool) + type BasicDataConnector interface + AsAADDataConnector func() (*AADDataConnector, bool) + AsAATPDataConnector func() (*AATPDataConnector, bool) + AsASCDataConnector func() (*ASCDataConnector, bool) + AsAwsCloudTrailDataConnector func() (*AwsCloudTrailDataConnector, bool) + AsDataConnector func() (*DataConnector, bool) + AsMCASDataConnector func() (*MCASDataConnector, bool) + AsMDATPDataConnector func() (*MDATPDataConnector, bool) + AsOfficeDataConnector func() (*OfficeDataConnector, bool) + AsTIDataConnector func() (*TIDataConnector, bool) + type BasicEntity interface + AsAccountEntity func() (*AccountEntity, bool) + AsAzureResourceEntity func() (*AzureResourceEntity, bool) + AsCloudApplicationEntity func() (*CloudApplicationEntity, bool) + AsDNSEntity func() (*DNSEntity, bool) + AsEntity func() (*Entity, bool) + AsFileEntity func() (*FileEntity, bool) + AsFileHashEntity func() (*FileHashEntity, bool) + AsHostEntity func() (*HostEntity, bool) + AsIPEntity func() (*IPEntity, bool) + AsMalwareEntity func() (*MalwareEntity, bool) + AsProcessEntity func() (*ProcessEntity, bool) + AsRegistryKeyEntity func() (*RegistryKeyEntity, bool) + AsRegistryValueEntity func() (*RegistryValueEntity, bool) + AsSecurityAlert func() (*SecurityAlert, bool) + AsSecurityGroupEntity func() (*SecurityGroupEntity, bool) + AsURLEntity func() (*URLEntity, bool) + type BasicSettings interface + AsSettings func() (*Settings, bool) + AsToggleSettings func() (*ToggleSettings, bool) + AsUebaSettings func() (*UebaSettings, bool) + type Bookmark struct + Etag *string + ID *string + Name *string + Type *string + func (b *Bookmark) UnmarshalJSON(body []byte) error + func (b Bookmark) MarshalJSON() ([]byte, error) + type BookmarkList struct + NextLink *string + Value *[]Bookmark + func (bl BookmarkList) IsEmpty() bool + type BookmarkListIterator struct + func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator + func (iter *BookmarkListIterator) Next() error + func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error) + func (iter BookmarkListIterator) NotDone() bool + func (iter BookmarkListIterator) Response() BookmarkList + func (iter BookmarkListIterator) Value() Bookmark + type BookmarkListPage struct + func NewBookmarkListPage(getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage + func (page *BookmarkListPage) Next() error + func (page *BookmarkListPage) NextWithContext(ctx context.Context) (err error) + func (page BookmarkListPage) NotDone() bool + func (page BookmarkListPage) Response() BookmarkList + func (page BookmarkListPage) Values() []Bookmark + type BookmarkProperties struct + Created *date.Time + CreatedBy *UserInfo + DisplayName *string + Labels *[]string + Notes *string + Query *string + QueryResult *string + Updated *date.Time + UpdatedBy *UserInfo + type BookmarkRelation struct + Etag *string + ID *string + Kind RelationTypes + Name *string + Type *string + func (br *BookmarkRelation) UnmarshalJSON(body []byte) error + func (br BookmarkRelation) MarshalJSON() ([]byte, error) + type BookmarkRelationList struct + NextLink *string + Value *[]BookmarkRelation + func (brl BookmarkRelationList) IsEmpty() bool + type BookmarkRelationListIterator struct + func NewBookmarkRelationListIterator(page BookmarkRelationListPage) BookmarkRelationListIterator + func (iter *BookmarkRelationListIterator) Next() error + func (iter *BookmarkRelationListIterator) NextWithContext(ctx context.Context) (err error) + func (iter BookmarkRelationListIterator) NotDone() bool + func (iter BookmarkRelationListIterator) Response() BookmarkRelationList + func (iter BookmarkRelationListIterator) Value() BookmarkRelation + type BookmarkRelationListPage struct + func NewBookmarkRelationListPage(...) BookmarkRelationListPage + func (page *BookmarkRelationListPage) Next() error + func (page *BookmarkRelationListPage) NextWithContext(ctx context.Context) (err error) + func (page BookmarkRelationListPage) NotDone() bool + func (page BookmarkRelationListPage) Response() BookmarkRelationList + func (page BookmarkRelationListPage) Values() []BookmarkRelation + type BookmarkRelationProperties struct + BookmarkID *string + CaseIdentifier *string + CaseSeverity *string + CaseTitle *string + RelationName *string + type BookmarkRelationsClient struct + func NewBookmarkRelationsClient(subscriptionID string) BookmarkRelationsClient + func NewBookmarkRelationsClientWithBaseURI(baseURI string, subscriptionID string) BookmarkRelationsClient + func (client BookmarkRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, ...) (result BookmarkRelation, err error) + func (client BookmarkRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client BookmarkRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result BookmarkRelation, err error) + func (client BookmarkRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error) + func (client BookmarkRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error) + func (client BookmarkRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client BookmarkRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error) + func (client BookmarkRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error) + func (client BookmarkRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, ...) (result BookmarkRelation, err error) + func (client BookmarkRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client BookmarkRelationsClient) GetRelationResponder(resp *http.Response) (result BookmarkRelation, err error) + func (client BookmarkRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error) + func (client BookmarkRelationsClient) List(ctx context.Context, resourceGroupName string, ...) (result BookmarkRelationListPage, err error) + func (client BookmarkRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result BookmarkRelationListIterator, err error) + func (client BookmarkRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client BookmarkRelationsClient) ListResponder(resp *http.Response) (result BookmarkRelationList, err error) + func (client BookmarkRelationsClient) ListSender(req *http.Request) (*http.Response, error) + type BookmarksClient struct + func NewBookmarksClient(subscriptionID string) BookmarksClient + func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient + func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result Bookmark, err error) + func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error) + func (client BookmarksClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) + func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error) + func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) + func (client BookmarksClient) DeleteSender(req *http.Request) (*http.Response, error) + func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, ...) (result Bookmark, err error) + func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error) + func (client BookmarksClient) GetSender(req *http.Request) (*http.Response, error) + func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, ...) (result BookmarkListPage, err error) + func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result BookmarkListIterator, err error) + func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error) + func (client BookmarksClient) ListSender(req *http.Request) (*http.Response, error) + type Case struct + Etag *string + ID *string + Name *string + Type *string + func (c *Case) UnmarshalJSON(body []byte) error + func (c Case) MarshalJSON() ([]byte, error) + type CaseComment struct + ID *string + Name *string + Type *string + func (cc *CaseComment) UnmarshalJSON(body []byte) error + func (cc CaseComment) MarshalJSON() ([]byte, error) + type CaseCommentList struct + NextLink *string + Value *[]CaseComment + func (ccl CaseCommentList) IsEmpty() bool + type CaseCommentListIterator struct + func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator + func (iter *CaseCommentListIterator) Next() error + func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error) + func (iter CaseCommentListIterator) NotDone() bool + func (iter CaseCommentListIterator) Response() CaseCommentList + func (iter CaseCommentListIterator) Value() CaseComment + type CaseCommentListPage struct + func NewCaseCommentListPage(getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage + func (page *CaseCommentListPage) Next() error + func (page *CaseCommentListPage) NextWithContext(ctx context.Context) (err error) + func (page CaseCommentListPage) NotDone() bool + func (page CaseCommentListPage) Response() CaseCommentList + func (page CaseCommentListPage) Values() []CaseComment + type CaseCommentProperties struct + CreatedTimeUtc *date.Time + Message *string + UserInfo *UserInfo + type CaseCommentsClient struct + func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient + func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient + func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, ...) (result CaseComment, err error) + func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error) + func (client CaseCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error) + type CaseList struct + NextLink *string + Value *[]Case + func (cl CaseList) IsEmpty() bool + type CaseListIterator struct + func NewCaseListIterator(page CaseListPage) CaseListIterator + func (iter *CaseListIterator) Next() error + func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error) + func (iter CaseListIterator) NotDone() bool + func (iter CaseListIterator) Response() CaseList + func (iter CaseListIterator) Value() Case + type CaseListPage struct + func NewCaseListPage(getNextPage func(context.Context, CaseList) (CaseList, error)) CaseListPage + func (page *CaseListPage) Next() error + func (page *CaseListPage) NextWithContext(ctx context.Context) (err error) + func (page CaseListPage) NotDone() bool + func (page CaseListPage) Response() CaseList + func (page CaseListPage) Values() []Case + type CaseProperties struct + CaseNumber *int32 + CloseReason CloseReason + ClosedReasonText *string + CreatedTimeUtc *date.Time + Description *string + EndTimeUtc *date.Time + Labels *[]string + LastComment *string + LastUpdatedTimeUtc *date.Time + Owner *UserInfo + RelatedAlertIds *[]string + Severity CaseSeverity + StartTimeUtc *date.Time + Status CaseStatus + Title *string + TotalComments *int32 + type CaseRelation struct + Etag *string + ID *string + Kind RelationTypes + Name *string + Type *string + func (cr *CaseRelation) UnmarshalJSON(body []byte) error + func (cr CaseRelation) MarshalJSON() ([]byte, error) + type CaseRelationList struct + NextLink *string + Value *[]CaseRelation + func (crl CaseRelationList) IsEmpty() bool + type CaseRelationListIterator struct + func NewCaseRelationListIterator(page CaseRelationListPage) CaseRelationListIterator + func (iter *CaseRelationListIterator) Next() error + func (iter *CaseRelationListIterator) NextWithContext(ctx context.Context) (err error) + func (iter CaseRelationListIterator) NotDone() bool + func (iter CaseRelationListIterator) Response() CaseRelationList + func (iter CaseRelationListIterator) Value() CaseRelation + type CaseRelationListPage struct + func NewCaseRelationListPage(getNextPage func(context.Context, CaseRelationList) (CaseRelationList, error)) CaseRelationListPage + func (page *CaseRelationListPage) Next() error + func (page *CaseRelationListPage) NextWithContext(ctx context.Context) (err error) + func (page CaseRelationListPage) NotDone() bool + func (page CaseRelationListPage) Response() CaseRelationList + func (page CaseRelationListPage) Values() []CaseRelation + type CaseRelationProperties struct + BookmarkID *string + BookmarkName *string + CaseIdentifier *string + RelationName *string + type CaseRelationsClient struct + func NewCaseRelationsClient(subscriptionID string) CaseRelationsClient + func NewCaseRelationsClientWithBaseURI(baseURI string, subscriptionID string) CaseRelationsClient + func (client CaseRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, ...) (result CaseRelation, err error) + func (client CaseRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CaseRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result CaseRelation, err error) + func (client CaseRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error) + func (client CaseRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error) + func (client CaseRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CaseRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error) + func (client CaseRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error) + func (client CaseRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, ...) (result CaseRelation, err error) + func (client CaseRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CaseRelationsClient) GetRelationResponder(resp *http.Response) (result CaseRelation, err error) + func (client CaseRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error) + func (client CaseRelationsClient) List(ctx context.Context, resourceGroupName string, ...) (result CaseRelationListPage, err error) + func (client CaseRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result CaseRelationListIterator, err error) + func (client CaseRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CaseRelationsClient) ListResponder(resp *http.Response) (result CaseRelationList, err error) + func (client CaseRelationsClient) ListSender(req *http.Request) (*http.Response, error) + type CaseSeverity string + const CaseSeverityCritical + const CaseSeverityHigh + const CaseSeverityInformational + const CaseSeverityLow + const CaseSeverityMedium + func PossibleCaseSeverityValues() []CaseSeverity + type CaseStatus string + const CaseStatusClosed + const CaseStatusDraft + const CaseStatusInProgress + const CaseStatusNew + func PossibleCaseStatusValues() []CaseStatus + type CasesAggregation struct + ID *string + Kind Kind + Name *string + Type *string + func (ca *CasesAggregation) UnmarshalJSON(body []byte) error + func (ca CasesAggregation) AsAggregations() (*Aggregations, bool) + func (ca CasesAggregation) AsBasicAggregations() (BasicAggregations, bool) + func (ca CasesAggregation) AsCasesAggregation() (*CasesAggregation, bool) + func (ca CasesAggregation) MarshalJSON() ([]byte, error) + type CasesAggregationBySeverityProperties struct + TotalCriticalSeverity *int32 + TotalHighSeverity *int32 + TotalInformationalSeverity *int32 + TotalLowSeverity *int32 + TotalMediumSeverity *int32 + type CasesAggregationByStatusProperties struct + TotalDismissedStatus *int32 + TotalInProgressStatus *int32 + TotalNewStatus *int32 + TotalResolvedStatus *int32 + type CasesAggregationProperties struct + AggregationBySeverity *CasesAggregationBySeverityProperties + AggregationByStatus *CasesAggregationByStatusProperties + type CasesAggregationsClient struct + func NewCasesAggregationsClient(subscriptionID string) CasesAggregationsClient + func NewCasesAggregationsClientWithBaseURI(baseURI string, subscriptionID string) CasesAggregationsClient + func (client CasesAggregationsClient) Get(ctx context.Context, resourceGroupName string, ...) (result AggregationsModel, err error) + func (client CasesAggregationsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CasesAggregationsClient) GetResponder(resp *http.Response) (result AggregationsModel, err error) + func (client CasesAggregationsClient) GetSender(req *http.Request) (*http.Response, error) + type CasesClient struct + func NewCasesClient(subscriptionID string) CasesClient + func NewCasesClientWithBaseURI(baseURI string, subscriptionID string) CasesClient + func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result Case, err error) + func (client CasesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CasesClient) CreateOrUpdateResponder(resp *http.Response) (result Case, err error) + func (client CasesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) + func (client CasesClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error) + func (client CasesClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CasesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) + func (client CasesClient) DeleteSender(req *http.Request) (*http.Response, error) + func (client CasesClient) Get(ctx context.Context, resourceGroupName string, ...) (result Case, err error) + func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, ...) (result CaseComment, err error) + func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error) + func (client CasesClient) GetCommentSender(req *http.Request) (*http.Response, error) + func (client CasesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CasesClient) GetResponder(resp *http.Response) (result Case, err error) + func (client CasesClient) GetSender(req *http.Request) (*http.Response, error) + func (client CasesClient) List(ctx context.Context, resourceGroupName string, ...) (result CaseListPage, err error) + func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result CaseListIterator, err error) + func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CasesClient) ListResponder(resp *http.Response) (result CaseList, err error) + func (client CasesClient) ListSender(req *http.Request) (*http.Response, error) + type CloseReason string + const Dismissed + const FalsePositive + const Other + const Resolved + const TruePositive + func PossibleCloseReasonValues() []CloseReason + type CloudApplicationEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error + func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool) + func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool) + func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool) + func (cae CloudApplicationEntity) AsEntity() (*Entity, bool) + func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool) + func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool) + func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool) + func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool) + func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool) + func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error) + type CloudApplicationEntityProperties struct + AdditionalData map[string]interface{} + AppID *int32 + AppName *string + FriendlyName *string + InstanceName *string + func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error) + type CloudError struct + func (ce *CloudError) UnmarshalJSON(body []byte) error + func (ce CloudError) MarshalJSON() ([]byte, error) + type CloudErrorBody struct + Code *string + Message *string + type CommentsClient struct + func NewCommentsClient(subscriptionID string) CommentsClient + func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient + func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, ...) (result CaseCommentListPage, err error) + func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, ...) (result CaseCommentListIterator, err error) + func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error) + func (client CommentsClient) ListByCaseSender(req *http.Request) (*http.Response, error) + type ConfidenceLevel string + const ConfidenceLevelHigh + const ConfidenceLevelLow + const ConfidenceLevelUnknown + func PossibleConfidenceLevelValues() []ConfidenceLevel + type ConfidenceScoreStatus string + const Final + const InProcess + const NotApplicable + const NotFinal + func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus + type DNSEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (de *DNSEntity) UnmarshalJSON(body []byte) error + func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool) + func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (de DNSEntity) AsBasicEntity() (BasicEntity, bool) + func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool) + func (de DNSEntity) AsEntity() (*Entity, bool) + func (de DNSEntity) AsFileEntity() (*FileEntity, bool) + func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (de DNSEntity) AsHostEntity() (*HostEntity, bool) + func (de DNSEntity) AsIPEntity() (*IPEntity, bool) + func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool) + func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (de DNSEntity) AsURLEntity() (*URLEntity, bool) + func (de DNSEntity) MarshalJSON() ([]byte, error) + type DNSEntityProperties struct + AdditionalData map[string]interface{} + DNSServerIPEntityID *string + DomainName *string + FriendlyName *string + HostIPAddressEntityID *string + IPAddressEntityIds *[]string + func (dep DNSEntityProperties) MarshalJSON() ([]byte, error) + type DataConnector struct + Etag *string + ID *string + Kind KindBasicDataConnector + Name *string + Type *string + func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool) + func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) + func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool) + func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool) + func (dc DataConnector) AsDataConnector() (*DataConnector, bool) + func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) + func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) + func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) + func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool) + func (dc DataConnector) MarshalJSON() ([]byte, error) + type DataConnectorDataTypeCommon struct + State DataTypeState + type DataConnectorKind string + const DataConnectorKindAmazonWebServicesCloudTrail + const DataConnectorKindAzureActiveDirectory + const DataConnectorKindAzureAdvancedThreatProtection + const DataConnectorKindAzureSecurityCenter + const DataConnectorKindMicrosoftCloudAppSecurity + const DataConnectorKindMicrosoftDefenderAdvancedThreatProtection + const DataConnectorKindOffice365 + const DataConnectorKindThreatIntelligence + func PossibleDataConnectorKindValues() []DataConnectorKind + type DataConnectorKind1 struct + Kind DataConnectorKind + type DataConnectorList struct + NextLink *string + Value *[]BasicDataConnector + func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error + func (dcl DataConnectorList) IsEmpty() bool + type DataConnectorListIterator struct + func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator + func (iter *DataConnectorListIterator) Next() error + func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error) + func (iter DataConnectorListIterator) NotDone() bool + func (iter DataConnectorListIterator) Response() DataConnectorList + func (iter DataConnectorListIterator) Value() BasicDataConnector + type DataConnectorListPage struct + func NewDataConnectorListPage(...) DataConnectorListPage + func (page *DataConnectorListPage) Next() error + func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error) + func (page DataConnectorListPage) NotDone() bool + func (page DataConnectorListPage) Response() DataConnectorList + func (page DataConnectorListPage) Values() []BasicDataConnector + type DataConnectorModel struct + Value BasicDataConnector + func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error + type DataConnectorStatus struct + ConnectorID *string + DataTypes map[string]*DataTypeStatus + func (dcs DataConnectorStatus) MarshalJSON() ([]byte, error) + type DataConnectorTenantID struct + TenantID *string + type DataConnectorWithAlertsProperties struct + DataTypes *AlertsDataTypeOfDataConnector + type DataConnectorsClient struct + func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient + func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient + func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, ...) (result DataConnectorModel, err error) + func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error) + func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error) + func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error) + func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) + func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error) + func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, ...) (result DataConnectorModel, err error) + func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error) + func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error) + func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, ...) (result DataConnectorListPage, err error) + func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result DataConnectorListIterator, err error) + func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error) + func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error) + type DataTypeState string + const Disabled + const Enabled + func PossibleDataTypeStateValues() []DataTypeState + type DataTypeStatus string + const Exist + const NotExist + func PossibleDataTypeStatusValues() []DataTypeStatus + type ElevationToken string + const Default + const Full + const Limited + func PossibleElevationTokenValues() []ElevationToken + type EntitiesClient struct + func NewEntitiesClient(subscriptionID string) EntitiesClient + func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) EntitiesClient + func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, ...) (result EntityExpandResponse, err error) + func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error) + func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error) + func (client EntitiesClient) Get(ctx context.Context, resourceGroupName string, ...) (result EntityModel, err error) + func (client EntitiesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client EntitiesClient) GetResponder(resp *http.Response) (result EntityModel, err error) + func (client EntitiesClient) GetSender(req *http.Request) (*http.Response, error) + func (client EntitiesClient) List(ctx context.Context, resourceGroupName string, ...) (result EntityListPage, err error) + func (client EntitiesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result EntityListIterator, err error) + func (client EntitiesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client EntitiesClient) ListResponder(resp *http.Response) (result EntityList, err error) + func (client EntitiesClient) ListSender(req *http.Request) (*http.Response, error) + type Entity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (e Entity) AsAccountEntity() (*AccountEntity, bool) + func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (e Entity) AsBasicEntity() (BasicEntity, bool) + func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (e Entity) AsDNSEntity() (*DNSEntity, bool) + func (e Entity) AsEntity() (*Entity, bool) + func (e Entity) AsFileEntity() (*FileEntity, bool) + func (e Entity) AsFileHashEntity() (*FileHashEntity, bool) + func (e Entity) AsHostEntity() (*HostEntity, bool) + func (e Entity) AsIPEntity() (*IPEntity, bool) + func (e Entity) AsMalwareEntity() (*MalwareEntity, bool) + func (e Entity) AsProcessEntity() (*ProcessEntity, bool) + func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (e Entity) AsSecurityAlert() (*SecurityAlert, bool) + func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (e Entity) AsURLEntity() (*URLEntity, bool) + func (e Entity) MarshalJSON() ([]byte, error) + type EntityCommonProperties struct + AdditionalData map[string]interface{} + FriendlyName *string + func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error) + type EntityExpandParameters struct + EndTime *date.Time + ExpansionID *uuid.UUID + StartTime *date.Time + type EntityExpandResponse struct + MetaData *ExpansionResultsMetadata + Value *EntityExpandResponseValue + type EntityExpandResponseValue struct + Entities *[]BasicEntity + func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error + type EntityKind string + const EntityKindAccount + const EntityKindAzureResource + const EntityKindBookmark + const EntityKindCloudApplication + const EntityKindDNSResolution + const EntityKindFile + const EntityKindFileHash + const EntityKindHost + const EntityKindIP + const EntityKindMalware + const EntityKindProcess + const EntityKindRegistryKey + const EntityKindRegistryValue + const EntityKindSecurityAlert + const EntityKindSecurityGroup + const EntityKindURL + func PossibleEntityKindValues() []EntityKind + type EntityKind1 struct + Kind EntityKind + type EntityList struct + NextLink *string + Value *[]BasicEntity + func (el *EntityList) UnmarshalJSON(body []byte) error + func (el EntityList) IsEmpty() bool + type EntityListIterator struct + func NewEntityListIterator(page EntityListPage) EntityListIterator + func (iter *EntityListIterator) Next() error + func (iter *EntityListIterator) NextWithContext(ctx context.Context) (err error) + func (iter EntityListIterator) NotDone() bool + func (iter EntityListIterator) Response() EntityList + func (iter EntityListIterator) Value() BasicEntity + type EntityListPage struct + func NewEntityListPage(getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage + func (page *EntityListPage) Next() error + func (page *EntityListPage) NextWithContext(ctx context.Context) (err error) + func (page EntityListPage) NotDone() bool + func (page EntityListPage) Response() EntityList + func (page EntityListPage) Values() []BasicEntity + type EntityModel struct + Value BasicEntity + func (em *EntityModel) UnmarshalJSON(body []byte) error + type EntityQueriesClient struct + func NewEntityQueriesClient(subscriptionID string) EntityQueriesClient + func NewEntityQueriesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueriesClient + func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, ...) (result EntityQuery, err error) + func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQuery, err error) + func (client EntityQueriesClient) GetSender(req *http.Request) (*http.Response, error) + func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, ...) (result EntityQueryListPage, err error) + func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result EntityQueryListIterator, err error) + func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error) + func (client EntityQueriesClient) ListSender(req *http.Request) (*http.Response, error) + type EntityQuery struct + ID *string + Name *string + Type *string + func (eq *EntityQuery) UnmarshalJSON(body []byte) error + func (eq EntityQuery) MarshalJSON() ([]byte, error) + type EntityQueryList struct + NextLink *string + Value *[]EntityQuery + func (eql EntityQueryList) IsEmpty() bool + type EntityQueryListIterator struct + func NewEntityQueryListIterator(page EntityQueryListPage) EntityQueryListIterator + func (iter *EntityQueryListIterator) Next() error + func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error) + func (iter EntityQueryListIterator) NotDone() bool + func (iter EntityQueryListIterator) Response() EntityQueryList + func (iter EntityQueryListIterator) Value() EntityQuery + type EntityQueryListPage struct + func NewEntityQueryListPage(getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage + func (page *EntityQueryListPage) Next() error + func (page *EntityQueryListPage) NextWithContext(ctx context.Context) (err error) + func (page EntityQueryListPage) NotDone() bool + func (page EntityQueryListPage) Response() EntityQueryList + func (page EntityQueryListPage) Values() []EntityQuery + type EntityQueryProperties struct + DataSources *[]string + DisplayName *string + InputEntityType EntityType + InputFields *[]string + OutputEntityTypes *[]EntityType + QueryTemplate *string + type EntityType string + const EntityTypeAccount + const EntityTypeAzureResource + const EntityTypeCloudApplication + const EntityTypeDNS + const EntityTypeFile + const EntityTypeFileHash + const EntityTypeHost + const EntityTypeHuntingBookmark + const EntityTypeIP + const EntityTypeMalware + const EntityTypeProcess + const EntityTypeRegistryKey + const EntityTypeRegistryValue + const EntityTypeSecurityAlert + const EntityTypeSecurityGroup + const EntityTypeURL + func PossibleEntityTypeValues() []EntityType + type ExpansionResultAggregation struct + AggregationType *string + Count *int32 + DisplayName *string + EntityKind EntityKind + type ExpansionResultsMetadata struct + Aggregations *[]ExpansionResultAggregation + type FileEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (fe *FileEntity) UnmarshalJSON(body []byte) error + func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool) + func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (fe FileEntity) AsBasicEntity() (BasicEntity, bool) + func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool) + func (fe FileEntity) AsEntity() (*Entity, bool) + func (fe FileEntity) AsFileEntity() (*FileEntity, bool) + func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (fe FileEntity) AsHostEntity() (*HostEntity, bool) + func (fe FileEntity) AsIPEntity() (*IPEntity, bool) + func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool) + func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (fe FileEntity) AsURLEntity() (*URLEntity, bool) + func (fe FileEntity) MarshalJSON() ([]byte, error) + type FileEntityProperties struct + AdditionalData map[string]interface{} + Directory *string + FileHashEntityIds *[]string + FileName *string + FriendlyName *string + HostEntityID *string + func (fep FileEntityProperties) MarshalJSON() ([]byte, error) + type FileHashAlgorithm string + const MD5 + const SHA1 + const SHA256 + const SHA256AC + const Unknown + func PossibleFileHashAlgorithmValues() []FileHashAlgorithm + type FileHashEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error + func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool) + func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool) + func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool) + func (fhe FileHashEntity) AsEntity() (*Entity, bool) + func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool) + func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool) + func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool) + func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool) + func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool) + func (fhe FileHashEntity) MarshalJSON() ([]byte, error) + type FileHashEntityProperties struct + AdditionalData map[string]interface{} + Algorithm FileHashAlgorithm + FriendlyName *string + HashValue *string + func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error) + type FusionAlertRule struct + Etag *string + ID *string + Kind KindBasicAlertRule + Name *string + Type *string + func (far *FusionAlertRule) UnmarshalJSON(body []byte) error + func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool) + func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) + func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) + func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) + func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) + func (far FusionAlertRule) MarshalJSON() ([]byte, error) + type FusionAlertRuleProperties struct + AlertRuleTemplateName *string + Description *string + DisplayName *string + Enabled *bool + LastModifiedUtc *date.Time + Severity AlertSeverity + Tactics *[]AttackTactic + type FusionAlertRuleTemplate struct + ID *string + Kind KindBasicAlertRuleTemplate + Name *string + Type *string + func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error + func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) + func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) + func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) + func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) + func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error) + type FusionAlertRuleTemplateProperties struct + AlertRulesCreatedByTemplateCount *int32 + CreatedDateUTC *date.Time + Description *string + DisplayName *string + RequiredDataConnectors *[]DataConnectorStatus + Severity AlertSeverity + Status TemplateStatus + Tactics *[]AttackTactic + type GeoLocation struct + Asn *int32 + City *string + CountryCode *string + CountryName *string + Latitude *float64 + Longitude *float64 + State *string + type HostEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (he *HostEntity) UnmarshalJSON(body []byte) error + func (he HostEntity) AsAccountEntity() (*AccountEntity, bool) + func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (he HostEntity) AsBasicEntity() (BasicEntity, bool) + func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (he HostEntity) AsDNSEntity() (*DNSEntity, bool) + func (he HostEntity) AsEntity() (*Entity, bool) + func (he HostEntity) AsFileEntity() (*FileEntity, bool) + func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (he HostEntity) AsHostEntity() (*HostEntity, bool) + func (he HostEntity) AsIPEntity() (*IPEntity, bool) + func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool) + func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (he HostEntity) AsURLEntity() (*URLEntity, bool) + func (he HostEntity) MarshalJSON() ([]byte, error) + type HostEntityProperties struct + AdditionalData map[string]interface{} + AzureID *string + DNSDomain *string + FriendlyName *string + HostName *string + IsDomainJoined *bool + NetBiosName *string + NtDomain *string + OmsAgentID *string + OsFamily OSFamily + OsVersion *string + func (hep HostEntityProperties) MarshalJSON() ([]byte, error) + type IPEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (ie *IPEntity) UnmarshalJSON(body []byte) error + func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool) + func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (ie IPEntity) AsBasicEntity() (BasicEntity, bool) + func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool) + func (ie IPEntity) AsEntity() (*Entity, bool) + func (ie IPEntity) AsFileEntity() (*FileEntity, bool) + func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (ie IPEntity) AsHostEntity() (*HostEntity, bool) + func (ie IPEntity) AsIPEntity() (*IPEntity, bool) + func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool) + func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (ie IPEntity) AsURLEntity() (*URLEntity, bool) + func (ie IPEntity) MarshalJSON() ([]byte, error) + type IPEntityProperties struct + AdditionalData map[string]interface{} + Address *string + FriendlyName *string + Location *GeoLocation + ThreatIntelligence *[]ThreatIntelligence + func (iep IPEntityProperties) MarshalJSON() ([]byte, error) + type KillChainIntent string + const KillChainIntentCollection + const KillChainIntentCommandAndControl + const KillChainIntentCredentialAccess + const KillChainIntentDefenseEvasion + const KillChainIntentDiscovery + const KillChainIntentExecution + const KillChainIntentExfiltration + const KillChainIntentExploitation + const KillChainIntentImpact + const KillChainIntentLateralMovement + const KillChainIntentPersistence + const KillChainIntentPrivilegeEscalation + const KillChainIntentProbing + const KillChainIntentUnknown + func PossibleKillChainIntentValues() []KillChainIntent + type Kind string + const KindAggregations + const KindCasesAggregation + func PossibleKindValues() []Kind + type KindBasicAlertRule string + const KindAlertRule + const KindFusion + const KindMicrosoftSecurityIncidentCreation + const KindScheduled + func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule + type KindBasicAlertRuleTemplate string + const KindBasicAlertRuleTemplateKindAlertRuleTemplate + const KindBasicAlertRuleTemplateKindFusion + const KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation + const KindBasicAlertRuleTemplateKindScheduled + func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate + type KindBasicDataConnector string + const KindAmazonWebServicesCloudTrail + const KindAzureActiveDirectory + const KindAzureAdvancedThreatProtection + const KindAzureSecurityCenter + const KindDataConnector + const KindMicrosoftCloudAppSecurity + const KindMicrosoftDefenderAdvancedThreatProtection + const KindOffice365 + const KindThreatIntelligence + func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector + type KindBasicEntity string + const KindAccount + const KindAzureResource + const KindCloudApplication + const KindDNSResolution + const KindEntity + const KindFile + const KindFileHash + const KindHost + const KindIP + const KindMalware + const KindProcess + const KindRegistryKey + const KindRegistryValue + const KindSecurityAlert + const KindSecurityGroup + const KindURL + func PossibleKindBasicEntityValues() []KindBasicEntity + type KindBasicSettings string + const KindSettings + const KindToggleSettings + const KindUebaSettings + func PossibleKindBasicSettingsValues() []KindBasicSettings + type LicenseStatus string + const LicenseStatusDisabled + const LicenseStatusEnabled + func PossibleLicenseStatusValues() []LicenseStatus + type MCASDataConnector struct + Etag *string + ID *string + Kind KindBasicDataConnector + Name *string + Type *string + func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error + func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool) + func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) + func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) + func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) + func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool) + func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) + func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) + func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) + func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool) + func (mdc MCASDataConnector) MarshalJSON() ([]byte, error) + type MCASDataConnectorDataTypes struct + Alerts *AlertsDataTypeOfDataConnectorAlerts + DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs + type MCASDataConnectorDataTypesDiscoveryLogs struct + State DataTypeState + type MCASDataConnectorProperties struct + DataTypes *MCASDataConnectorDataTypes + TenantID *string + type MDATPDataConnector struct + Etag *string + ID *string + Kind KindBasicDataConnector + Name *string + Type *string + func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error + func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool) + func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) + func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) + func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) + func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool) + func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) + func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) + func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) + func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool) + func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error) + type MDATPDataConnectorProperties struct + DataTypes *AlertsDataTypeOfDataConnector + TenantID *string + type MalwareEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (me *MalwareEntity) UnmarshalJSON(body []byte) error + func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool) + func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool) + func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool) + func (me MalwareEntity) AsEntity() (*Entity, bool) + func (me MalwareEntity) AsFileEntity() (*FileEntity, bool) + func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (me MalwareEntity) AsHostEntity() (*HostEntity, bool) + func (me MalwareEntity) AsIPEntity() (*IPEntity, bool) + func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool) + func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (me MalwareEntity) AsURLEntity() (*URLEntity, bool) + func (me MalwareEntity) MarshalJSON() ([]byte, error) + type MalwareEntityProperties struct + AdditionalData map[string]interface{} + Category *string + FileEntityIds *[]string + FriendlyName *string + MalwareName *string + ProcessEntityIds *[]string + func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error) + type MicrosoftSecurityIncidentCreationAlertRule struct + Etag *string + ID *string + Kind KindBasicAlertRule + Name *string + Type *string + func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error + func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool) + func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) + func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) + func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) + func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) + func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error) + type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct + DisplayNamesFilter *[]string + ProductFilter MicrosoftSecurityProductName + SeveritiesFilter *[]AlertSeverity + type MicrosoftSecurityIncidentCreationAlertRuleProperties struct + AlertRuleTemplateName *string + Description *string + DisplayName *string + DisplayNamesFilter *[]string + Enabled *bool + LastModifiedUtc *date.Time + ProductFilter MicrosoftSecurityProductName + SeveritiesFilter *[]AlertSeverity + Tactics *[]AttackTactic + type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct + ID *string + Kind KindBasicAlertRuleTemplate + Name *string + Type *string + func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error + func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) + func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) + func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) + func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) + func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error) + type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct + AlertRulesCreatedByTemplateCount *int32 + CreatedDateUTC *date.Time + Description *string + DisplayName *string + DisplayNamesFilter *[]string + ProductFilter MicrosoftSecurityProductName + RequiredDataConnectors *[]DataConnectorStatus + SeveritiesFilter *[]AlertSeverity + Status TemplateStatus + Tactics *[]AttackTactic + type MicrosoftSecurityProductName string + const AzureActiveDirectoryIdentityProtection + const AzureAdvancedThreatProtection + const AzureSecurityCenter + const MicrosoftCloudAppSecurity + func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName + type OSFamily string + const Android + const IOS + const Linux + const Windows + func PossibleOSFamilyValues() []OSFamily + type OfficeConsent struct + ID *string + Name *string + Type *string + func (oc *OfficeConsent) UnmarshalJSON(body []byte) error + func (oc OfficeConsent) MarshalJSON() ([]byte, error) + type OfficeConsentList struct + NextLink *string + Value *[]OfficeConsent + func (ocl OfficeConsentList) IsEmpty() bool + type OfficeConsentListIterator struct + func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator + func (iter *OfficeConsentListIterator) Next() error + func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error) + func (iter OfficeConsentListIterator) NotDone() bool + func (iter OfficeConsentListIterator) Response() OfficeConsentList + func (iter OfficeConsentListIterator) Value() OfficeConsent + type OfficeConsentListPage struct + func NewOfficeConsentListPage(...) OfficeConsentListPage + func (page *OfficeConsentListPage) Next() error + func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error) + func (page OfficeConsentListPage) NotDone() bool + func (page OfficeConsentListPage) Response() OfficeConsentList + func (page OfficeConsentListPage) Values() []OfficeConsent + type OfficeConsentProperties struct + TenantID *string + TenantName *string + type OfficeConsentsClient struct + func NewOfficeConsentsClient(subscriptionID string) OfficeConsentsClient + func NewOfficeConsentsClientWithBaseURI(baseURI string, subscriptionID string) OfficeConsentsClient + func (client OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, ...) (result autorest.Response, err error) + func (client OfficeConsentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client OfficeConsentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) + func (client OfficeConsentsClient) DeleteSender(req *http.Request) (*http.Response, error) + func (client OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, ...) (result OfficeConsent, err error) + func (client OfficeConsentsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client OfficeConsentsClient) GetResponder(resp *http.Response) (result OfficeConsent, err error) + func (client OfficeConsentsClient) GetSender(req *http.Request) (*http.Response, error) + func (client OfficeConsentsClient) List(ctx context.Context, resourceGroupName string, ...) (result OfficeConsentListPage, err error) + func (client OfficeConsentsClient) ListComplete(ctx context.Context, resourceGroupName string, ...) (result OfficeConsentListIterator, err error) + func (client OfficeConsentsClient) ListPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client OfficeConsentsClient) ListResponder(resp *http.Response) (result OfficeConsentList, err error) + func (client OfficeConsentsClient) ListSender(req *http.Request) (*http.Response, error) + type OfficeDataConnector struct + Etag *string + ID *string + Kind KindBasicDataConnector + Name *string + Type *string + func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error + func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool) + func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) + func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) + func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) + func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool) + func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) + func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) + func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) + func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool) + func (odc OfficeDataConnector) MarshalJSON() ([]byte, error) + type OfficeDataConnectorDataTypes struct + Exchange *OfficeDataConnectorDataTypesExchange + SharePoint *OfficeDataConnectorDataTypesSharePoint + type OfficeDataConnectorDataTypesExchange struct + State DataTypeState + type OfficeDataConnectorDataTypesSharePoint struct + State DataTypeState + type OfficeDataConnectorProperties struct + DataTypes *OfficeDataConnectorDataTypes + TenantID *string + type Operation struct + Display *OperationDisplay + Name *string + type OperationDisplay struct + Description *string + Operation *string + Provider *string + Resource *string + type OperationsClient struct + func NewOperationsClient(subscriptionID string) OperationsClient + func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient + func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error) + func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error) + func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error) + func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error) + func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error) + type OperationsList struct + NextLink *string + Value *[]Operation + func (ol OperationsList) IsEmpty() bool + type OperationsListIterator struct + func NewOperationsListIterator(page OperationsListPage) OperationsListIterator + func (iter *OperationsListIterator) Next() error + func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error) + func (iter OperationsListIterator) NotDone() bool + func (iter OperationsListIterator) Response() OperationsList + func (iter OperationsListIterator) Value() Operation + type OperationsListPage struct + func NewOperationsListPage(getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage + func (page *OperationsListPage) Next() error + func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error) + func (page OperationsListPage) NotDone() bool + func (page OperationsListPage) Response() OperationsList + func (page OperationsListPage) Values() []Operation + type ProcessEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error + func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool) + func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool) + func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool) + func (peVar ProcessEntity) AsEntity() (*Entity, bool) + func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool) + func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool) + func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool) + func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool) + func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool) + func (peVar ProcessEntity) MarshalJSON() ([]byte, error) + type ProcessEntityProperties struct + AccountEntityID *string + AdditionalData map[string]interface{} + CommandLine *string + CreationTimeUtc *date.Time + ElevationToken ElevationToken + FriendlyName *string + HostEntityID *string + HostLogonSessionEntityID *string + ImageFileEntityID *string + ParentProcessEntityID *string + ProcessID *string + func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error) + type ProductSettingsClient struct + func NewProductSettingsClient(subscriptionID string) ProductSettingsClient + func NewProductSettingsClientWithBaseURI(baseURI string, subscriptionID string) ProductSettingsClient + func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, ...) (result SettingsModel, err error) + func (client ProductSettingsClient) GetPreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client ProductSettingsClient) GetResponder(resp *http.Response) (result SettingsModel, err error) + func (client ProductSettingsClient) GetSender(req *http.Request) (*http.Response, error) + func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, ...) (result SettingsModel, err error) + func (client ProductSettingsClient) UpdatePreparer(ctx context.Context, resourceGroupName string, ...) (*http.Request, error) + func (client ProductSettingsClient) UpdateResponder(resp *http.Response) (result SettingsModel, err error) + func (client ProductSettingsClient) UpdateSender(req *http.Request) (*http.Response, error) + type RegistryHive string + const HKEYA + const HKEYCLASSESROOT + const HKEYCURRENTCONFIG + const HKEYCURRENTUSER + const HKEYCURRENTUSERLOCALSETTINGS + const HKEYLOCALMACHINE + const HKEYPERFORMANCEDATA + const HKEYPERFORMANCENLSTEXT + const HKEYPERFORMANCETEXT + const HKEYUSERS + func PossibleRegistryHiveValues() []RegistryHive + type RegistryKeyEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error + func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool) + func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool) + func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool) + func (rke RegistryKeyEntity) AsEntity() (*Entity, bool) + func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool) + func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool) + func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool) + func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool) + func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool) + func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error) + type RegistryKeyEntityProperties struct + AdditionalData map[string]interface{} + FriendlyName *string + Hive RegistryHive + Key *string + func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error) + type RegistryValueEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error + func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool) + func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool) + func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool) + func (rve RegistryValueEntity) AsEntity() (*Entity, bool) + func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool) + func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool) + func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool) + func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool) + func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool) + func (rve RegistryValueEntity) MarshalJSON() ([]byte, error) + type RegistryValueEntityProperties struct + AdditionalData map[string]interface{} + FriendlyName *string + KeyEntityID *string + ValueData *string + ValueName *string + ValueType RegistryValueKind + func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error) + type RegistryValueKind string + const RegistryValueKindBinary + const RegistryValueKindDWord + const RegistryValueKindExpandString + const RegistryValueKindMultiString + const RegistryValueKindNone + const RegistryValueKindQWord + const RegistryValueKindString + const RegistryValueKindUnknown + func PossibleRegistryValueKindValues() []RegistryValueKind + type RelationBase struct + Etag *string + ID *string + Kind RelationTypes + Name *string + Type *string + type RelationNode struct + Etag *string + RelationAdditionalProperties map[string]*string + RelationNodeID *string + RelationNodeKind RelationNodeKind + func (rn RelationNode) MarshalJSON() ([]byte, error) + type RelationNodeKind string + const RelationNodeKindBookmark + const RelationNodeKindCase + func PossibleRelationNodeKindValues() []RelationNodeKind + type RelationTypes string + const CasesToBookmarks + func PossibleRelationTypesValues() []RelationTypes + type RelationsModelInput struct + Etag *string + ID *string + Kind RelationTypes + Name *string + Type *string + func (rmi *RelationsModelInput) UnmarshalJSON(body []byte) error + func (rmi RelationsModelInput) MarshalJSON() ([]byte, error) + type RelationsModelInputProperties struct + RelationName *string + SourceRelationNode *RelationNode + TargetRelationNode *RelationNode + type Resource struct + ID *string + Name *string + Type *string + type ResourceWithEtag struct + Etag *string + ID *string + Name *string + Type *string + type ScheduledAlertRule struct + Etag *string + ID *string + Kind KindBasicAlertRule + Name *string + Type *string + func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error + func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool) + func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool) + func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool) + func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool) + func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool) + func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error) + type ScheduledAlertRuleCommonProperties struct + Query *string + QueryFrequency *string + QueryPeriod *string + Severity AlertSeverity + TriggerOperator TriggerOperator + TriggerThreshold *int32 + type ScheduledAlertRuleProperties struct + AlertRuleTemplateName *string + Description *string + DisplayName *string + Enabled *bool + LastModifiedUtc *date.Time + Query *string + QueryFrequency *string + QueryPeriod *string + Severity AlertSeverity + SuppressionDuration *string + SuppressionEnabled *bool + Tactics *[]AttackTactic + TriggerOperator TriggerOperator + TriggerThreshold *int32 + type ScheduledAlertRuleTemplate struct + ID *string + Kind KindBasicAlertRuleTemplate + Name *string + Type *string + func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error + func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool) + func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool) + func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool) + func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool) + func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool) + func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error) + type ScheduledAlertRuleTemplateProperties struct + AlertRulesCreatedByTemplateCount *int32 + CreatedDateUTC *date.Time + Description *string + DisplayName *string + Query *string + QueryFrequency *string + QueryPeriod *string + RequiredDataConnectors *[]DataConnectorStatus + Severity AlertSeverity + Status TemplateStatus + Tactics *[]AttackTactic + TriggerOperator TriggerOperator + TriggerThreshold *int32 + type SecurityAlert struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (sa *SecurityAlert) UnmarshalJSON(body []byte) error + func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool) + func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool) + func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool) + func (sa SecurityAlert) AsEntity() (*Entity, bool) + func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool) + func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool) + func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool) + func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool) + func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool) + func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool) + func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool) + func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool) + func (sa SecurityAlert) MarshalJSON() ([]byte, error) + type SecurityAlertProperties struct + AdditionalData map[string]interface{} + AlertDisplayName *string + AlertType *string + CompromisedEntity *string + ConfidenceLevel ConfidenceLevel + ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem + ConfidenceScore *float64 + ConfidenceScoreStatus ConfidenceScoreStatus + Description *string + EndTimeUtc *date.Time + FriendlyName *string + Intent KillChainIntent + ProcessingEndTime *date.Time + ProductComponentName *string + ProductName *string + ProductVersion *string + RemediationSteps *[]string + Severity AlertSeverity + StartTimeUtc *date.Time + Status AlertStatus + SystemAlertID *string + TimeGenerated *date.Time + VendorName *string + func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error) + type SecurityAlertPropertiesConfidenceReasonsItem struct + Reason *string + ReasonType *string + type SecurityGroupEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error + func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool) + func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool) + func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool) + func (sge SecurityGroupEntity) AsEntity() (*Entity, bool) + func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool) + func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool) + func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool) + func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool) + func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool) + func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error) + type SecurityGroupEntityProperties struct + AdditionalData map[string]interface{} + DistinguishedName *string + FriendlyName *string + ObjectGUID *uuid.UUID + Sid *string + func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error) + type SettingKind string + const SettingKindToggleSettings + const SettingKindUebaSettings + func PossibleSettingKindValues() []SettingKind + type Settings struct + Etag *string + ID *string + Kind KindBasicSettings + Name *string + Type *string + func (s Settings) AsBasicSettings() (BasicSettings, bool) + func (s Settings) AsSettings() (*Settings, bool) + func (s Settings) AsToggleSettings() (*ToggleSettings, bool) + func (s Settings) AsUebaSettings() (*UebaSettings, bool) + func (s Settings) MarshalJSON() ([]byte, error) + type SettingsKind struct + Kind SettingKind + type SettingsModel struct + Value BasicSettings + func (sm *SettingsModel) UnmarshalJSON(body []byte) error + type StatusInMcas string + const StatusInMcasDisabled + const StatusInMcasEnabled + func PossibleStatusInMcasValues() []StatusInMcas + type TIDataConnector struct + Etag *string + ID *string + Kind KindBasicDataConnector + Name *string + Type *string + func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error + func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool) + func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool) + func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool) + func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool) + func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool) + func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool) + func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool) + func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool) + func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool) + func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool) + func (tdc TIDataConnector) MarshalJSON() ([]byte, error) + type TIDataConnectorDataTypes struct + Indicators *TIDataConnectorDataTypesIndicators + type TIDataConnectorDataTypesIndicators struct + State DataTypeState + type TIDataConnectorProperties struct + DataTypes *TIDataConnectorDataTypes + TenantID *string + type TemplateStatus string + const Available + const Installed + const NotAvailable + func PossibleTemplateStatusValues() []TemplateStatus + type ThreatIntelligence struct + Confidence *float64 + ProviderName *string + ReportLink *string + ThreatDescription *string + ThreatName *string + ThreatType *string + type ToggleSettings struct + Etag *string + ID *string + Kind KindBasicSettings + Name *string + Type *string + func (ts *ToggleSettings) UnmarshalJSON(body []byte) error + func (ts ToggleSettings) AsBasicSettings() (BasicSettings, bool) + func (ts ToggleSettings) AsSettings() (*Settings, bool) + func (ts ToggleSettings) AsToggleSettings() (*ToggleSettings, bool) + func (ts ToggleSettings) AsUebaSettings() (*UebaSettings, bool) + func (ts ToggleSettings) MarshalJSON() ([]byte, error) + type ToggleSettingsProperties struct + IsEnabled *bool + type TriggerOperator string + const Equal + const GreaterThan + const LessThan + const NotEqual + func PossibleTriggerOperatorValues() []TriggerOperator + type URLEntity struct + ID *string + Kind KindBasicEntity + Name *string + Type *string + func (ue *URLEntity) UnmarshalJSON(body []byte) error + func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool) + func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool) + func (ue URLEntity) AsBasicEntity() (BasicEntity, bool) + func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool) + func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool) + func (ue URLEntity) AsEntity() (*Entity, bool) + func (ue URLEntity) AsFileEntity() (*FileEntity, bool) + func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool) + func (ue URLEntity) AsHostEntity() (*HostEntity, bool) + func (ue URLEntity) AsIPEntity() (*IPEntity, bool) + func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool) + func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool) + func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool) + func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool) + func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool) + func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool) + func (ue URLEntity) AsURLEntity() (*URLEntity, bool) + func (ue URLEntity) MarshalJSON() ([]byte, error) + type URLEntityProperties struct + AdditionalData map[string]interface{} + FriendlyName *string + URL *string + func (uep URLEntityProperties) MarshalJSON() ([]byte, error) + type UebaSettings struct + Etag *string + ID *string + Kind KindBasicSettings + Name *string + Type *string + func (us *UebaSettings) UnmarshalJSON(body []byte) error + func (us UebaSettings) AsBasicSettings() (BasicSettings, bool) + func (us UebaSettings) AsSettings() (*Settings, bool) + func (us UebaSettings) AsToggleSettings() (*ToggleSettings, bool) + func (us UebaSettings) AsUebaSettings() (*UebaSettings, bool) + func (us UebaSettings) MarshalJSON() ([]byte, error) + type UebaSettingsProperties struct + AtpLicenseStatus LicenseStatus + IsEnabled *bool + StatusInMcas StatusInMcas + type UserInfo struct + Email *string + Name *string + ObjectID *uuid.UUID Other modules containing this package gopkg.in/Azure/azure-sdk-for-go.v25 gopkg.in/Azure/azure-sdk-for-go.v26 gopkg.in/Azure/azure-sdk-for-go.v27 gopkg.in/Azure/azure-sdk-for-go.v28 gopkg.in/Azure/azure-sdk-for-go.v29 gopkg.in/Azure/azure-sdk-for-go.v30 gopkg.in/Azure/azure-sdk-for-go.v31 gopkg.in/Azure/azure-sdk-for-go.v32 gopkg.in/Azure/azure-sdk-for-go.v33 gopkg.in/Azure/azure-sdk-for-go.v34 gopkg.in/Azure/azure-sdk-for-go.v36 gopkg.in/Azure/azure-sdk-for-go.v37 gopkg.in/Azure/azure-sdk-for-go.v38 gopkg.in/Azure/azure-sdk-for-go.v39 gopkg.in/Azure/azure-sdk-for-go.v40 gopkg.in/Azure/azure-sdk-for-go.v41