securityinsight

package
v49.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 28, 2020 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package securityinsight implements the Azure ARM Securityinsight service API version 2019-01-01-preview.

API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

Index

Constants

View Source 
const (
	// DefaultBaseURI is the default URI used for the service Securityinsight
	DefaultBaseURI = "https://management.azure.com"
)

Variables

This section is empty.

Functions

func UserAgent 

func UserAgent() string

UserAgent returns the UserAgent string to use when sending http.Requests.

func Version 

func Version() string

Version returns the semantic version (see http://semver.org) of the client.

Types

type AADCheckRequirements 

type AADCheckRequirements struct {
	// AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties.
	*AADCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

AADCheckRequirements represents AAD (Azure Active Directory) requirements check request.

func (AADCheckRequirements) AsAADCheckRequirements 

func (acr AADCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsAATPCheckRequirements 

func (acr AADCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsASCCheckRequirements 

func (acr AADCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (acr AADCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (acr AADCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsDataConnectorsCheckRequirements 

func (acr AADCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsMCASCheckRequirements 

func (acr AADCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsMDATPCheckRequirements 

func (acr AADCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsOfficeATPCheckRequirements 

func (acr AADCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsTICheckRequirements 

func (acr AADCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) AsTiTaxiiCheckRequirements 

func (acr AADCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AADCheckRequirements.

func (AADCheckRequirements) MarshalJSON 

func (acr AADCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AADCheckRequirements.

func (*AADCheckRequirements) UnmarshalJSON 

func (acr *AADCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AADCheckRequirements struct.

type AADCheckRequirementsProperties 

type AADCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

AADCheckRequirementsProperties AAD (Azure Active Directory) requirements check properties.

type AADDataConnector 

type AADDataConnector struct {
	// AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties.
	*AADDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AADDataConnector represents AAD (Azure Active Directory) data connector.

func (AADDataConnector) AsAADDataConnector 

func (adc AADDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAATPDataConnector 

func (adc AADDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsASCDataConnector 

func (adc AADDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsAwsCloudTrailDataConnector 

func (adc AADDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsBasicDataConnector 

func (adc AADDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsDataConnector 

func (adc AADDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMCASDataConnector 

func (adc AADDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsMDATPDataConnector 

func (adc AADDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsOfficeATPDataConnector 

func (adc AADDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsOfficeDataConnector 

func (adc AADDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsTIDataConnector 

func (adc AADDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) AsTiTaxiiDataConnector 

func (adc AADDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for AADDataConnector.

func (AADDataConnector) MarshalJSON 

func (adc AADDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AADDataConnector.

func (*AADDataConnector) UnmarshalJSON 

func (adc *AADDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AADDataConnector struct.

type AADDataConnectorProperties 

type AADDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AADDataConnectorProperties AAD (Azure Active Directory) data connector properties.

type AATPCheckRequirements 

type AATPCheckRequirements struct {
	// AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties.
	*AATPCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

AATPCheckRequirements represents AATP (Azure Advanced Threat Protection) requirements check request.

func (AATPCheckRequirements) AsAADCheckRequirements 

func (acr AATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsAATPCheckRequirements 

func (acr AATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsASCCheckRequirements 

func (acr AATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (acr AATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (acr AATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsDataConnectorsCheckRequirements 

func (acr AATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsMCASCheckRequirements 

func (acr AATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsMDATPCheckRequirements 

func (acr AATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsOfficeATPCheckRequirements 

func (acr AATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsTICheckRequirements 

func (acr AATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) AsTiTaxiiCheckRequirements 

func (acr AATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AATPCheckRequirements.

func (AATPCheckRequirements) MarshalJSON 

func (acr AATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AATPCheckRequirements.

func (*AATPCheckRequirements) UnmarshalJSON 

func (acr *AATPCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AATPCheckRequirements struct.

type AATPCheckRequirementsProperties 

type AATPCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

AATPCheckRequirementsProperties AATP (Azure Advanced Threat Protection) requirements check properties.

type AATPDataConnector 

type AATPDataConnector struct {
	// AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties.
	*AATPDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AATPDataConnector represents AATP (Azure Advanced Threat Protection) data connector.

func (AATPDataConnector) AsAADDataConnector 

func (adc AATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAATPDataConnector 

func (adc AATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsASCDataConnector 

func (adc AATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsAwsCloudTrailDataConnector 

func (adc AATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsBasicDataConnector 

func (adc AATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsDataConnector 

func (adc AATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMCASDataConnector 

func (adc AATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsMDATPDataConnector 

func (adc AATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsOfficeATPDataConnector 

func (adc AATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsOfficeDataConnector 

func (adc AATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsTIDataConnector 

func (adc AATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) AsTiTaxiiDataConnector 

func (adc AATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for AATPDataConnector.

func (AATPDataConnector) MarshalJSON 

func (adc AATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AATPDataConnector.

func (*AATPDataConnector) UnmarshalJSON 

func (adc *AATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AATPDataConnector struct.

type AATPDataConnectorProperties 

type AATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AATPDataConnectorProperties AATP (Azure Advanced Threat Protection) data connector properties.

type ASCCheckRequirements 

type ASCCheckRequirements struct {
	// ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties.
	*ASCCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

ASCCheckRequirements represents ASC (Azure Security Center) requirements check request.

func (ASCCheckRequirements) AsAADCheckRequirements 

func (acr ASCCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsAATPCheckRequirements 

func (acr ASCCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsASCCheckRequirements 

func (acr ASCCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (acr ASCCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (acr ASCCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsDataConnectorsCheckRequirements 

func (acr ASCCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsMCASCheckRequirements 

func (acr ASCCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsMDATPCheckRequirements 

func (acr ASCCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsOfficeATPCheckRequirements 

func (acr ASCCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsTICheckRequirements 

func (acr ASCCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) AsTiTaxiiCheckRequirements 

func (acr ASCCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for ASCCheckRequirements.

func (ASCCheckRequirements) MarshalJSON 

func (acr ASCCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ASCCheckRequirements.

func (*ASCCheckRequirements) UnmarshalJSON 

func (acr *ASCCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ASCCheckRequirements struct.

type ASCCheckRequirementsProperties 

type ASCCheckRequirementsProperties struct {
	// SubscriptionID - The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
}

ASCCheckRequirementsProperties ASC (Azure Security Center) requirements check properties.

type ASCDataConnector 

type ASCDataConnector struct {
	// ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties.
	*ASCDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

ASCDataConnector represents ASC (Azure Security Center) data connector.

func (ASCDataConnector) AsAADDataConnector 

func (adc ASCDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAATPDataConnector 

func (adc ASCDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsASCDataConnector 

func (adc ASCDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsAwsCloudTrailDataConnector 

func (adc ASCDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsBasicDataConnector 

func (adc ASCDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsDataConnector 

func (adc ASCDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMCASDataConnector 

func (adc ASCDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsMDATPDataConnector 

func (adc ASCDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsOfficeATPDataConnector 

func (adc ASCDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsOfficeDataConnector 

func (adc ASCDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsTIDataConnector 

func (adc ASCDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) AsTiTaxiiDataConnector 

func (adc ASCDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for ASCDataConnector.

func (ASCDataConnector) MarshalJSON 

func (adc ASCDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ASCDataConnector.

func (*ASCDataConnector) UnmarshalJSON 

func (adc *ASCDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ASCDataConnector struct.

type ASCDataConnectorProperties 

type ASCDataConnectorProperties struct {
	// SubscriptionID - The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

ASCDataConnectorProperties ASC (Azure Security Center) data connector properties.

type AccountEntity 

type AccountEntity struct {
	// AccountEntityProperties - Account entity properties
	*AccountEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

AccountEntity represents an account entity.

func (AccountEntity) AsAccountEntity 

func (ae AccountEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsAzureResourceEntity 

func (ae AccountEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsBasicEntity 

func (ae AccountEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsCloudApplicationEntity 

func (ae AccountEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsDNSEntity 

func (ae AccountEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsEntity 

func (ae AccountEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsFileEntity 

func (ae AccountEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsFileHashEntity 

func (ae AccountEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsHostEntity 

func (ae AccountEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsHuntingBookmark 

func (ae AccountEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsIPEntity 

func (ae AccountEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsIoTDeviceEntity 

func (ae AccountEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsMalwareEntity 

func (ae AccountEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsProcessEntity 

func (ae AccountEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsRegistryKeyEntity 

func (ae AccountEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsRegistryValueEntity 

func (ae AccountEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSecurityAlert 

func (ae AccountEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsSecurityGroupEntity 

func (ae AccountEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) AsURLEntity 

func (ae AccountEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for AccountEntity.

func (AccountEntity) MarshalJSON 

func (ae AccountEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AccountEntity.

func (*AccountEntity) UnmarshalJSON 

func (ae *AccountEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AccountEntity struct.

type AccountEntityProperties 

type AccountEntityProperties struct {
	// AadTenantID - READ-ONLY; The Azure Active Directory tenant id.
	AadTenantID *string `json:"aadTenantId,omitempty"`
	// AadUserID - READ-ONLY; The Azure Active Directory user id.
	AadUserID *string `json:"aadUserId,omitempty"`
	// AccountName - READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.
	AccountName *string `json:"accountName,omitempty"`
	// DisplayName - READ-ONLY; The display name of the account.
	DisplayName *string `json:"displayName,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined)
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// IsDomainJoined - READ-ONLY; Determines whether this is a domain account.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty"`
	// NtDomain - READ-ONLY; The NetBIOS domain name as it appears in the alert format – domain\username. Examples: NT AUTHORITY.
	NtDomain *string `json:"ntDomain,omitempty"`
	// ObjectGUID - READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"`
	// Puid - READ-ONLY; The Azure Active Directory Passport User ID.
	Puid *string `json:"puid,omitempty"`
	// Sid - READ-ONLY; The account security identifier, e.g. S-1-5-18.
	Sid *string `json:"sid,omitempty"`
	// UpnSuffix - READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.
	UpnSuffix *string `json:"upnSuffix,omitempty"`
	// DNSDomain - READ-ONLY; The fully qualified domain DNS name.
	DNSDomain *string `json:"dnsDomain,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

AccountEntityProperties account entity property bag.

func (AccountEntityProperties) MarshalJSON 

func (aep AccountEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AccountEntityProperties.

type ActionPropertiesBase 

type ActionPropertiesBase struct {
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionPropertiesBase action property bag base.

type ActionRequest 

type ActionRequest struct {
	// ActionRequestProperties - Action properties for put request
	*ActionRequestProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ActionRequest action for alert rule.

func (ActionRequest) MarshalJSON 

func (ar ActionRequest) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionRequest.

func (*ActionRequest) UnmarshalJSON 

func (ar *ActionRequest) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActionRequest struct.

type ActionRequestProperties 

type ActionRequestProperties struct {
	// TriggerURI - Logic App Callback URL for this specific workflow.
	TriggerURI *string `json:"triggerUri,omitempty"`
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionRequestProperties action property bag.

type ActionResponse 

type ActionResponse struct {
	autorest.Response `json:"-"`
	// Etag - Etag of the action.
	Etag *string `json:"etag,omitempty"`
	// ActionResponseProperties - Action properties for get request
	*ActionResponseProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

ActionResponse action for alert rule.

func (ActionResponse) MarshalJSON 

func (ar ActionResponse) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionResponse.

func (*ActionResponse) UnmarshalJSON 

func (ar *ActionResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ActionResponse struct.

type ActionResponseProperties 

type ActionResponseProperties struct {
	// WorkflowID - The name of the logic app's workflow.
	WorkflowID *string `json:"workflowId,omitempty"`
	// LogicAppResourceID - Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`
}

ActionResponseProperties action property bag.

type ActionsClient 

type ActionsClient struct {
	BaseClient
}

ActionsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewActionsClient 

func NewActionsClient(subscriptionID string) ActionsClient

NewActionsClient creates an instance of the ActionsClient client.

func NewActionsClientWithBaseURI 

func NewActionsClientWithBaseURI(baseURI string, subscriptionID string) ActionsClient

NewActionsClientWithBaseURI creates an instance of the ActionsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ActionsClient) ListByAlertRule 

func (client ActionsClient) ListByAlertRule(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListPage, err error)

ListByAlertRule gets all actions of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (ActionsClient) ListByAlertRuleComplete 

func (client ActionsClient) ListByAlertRuleComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result ActionsListIterator, err error)

ListByAlertRuleComplete enumerates all values, automatically crossing page boundaries as required.

func (ActionsClient) ListByAlertRulePreparer 

func (client ActionsClient) ListByAlertRulePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

ListByAlertRulePreparer prepares the ListByAlertRule request.

func (ActionsClient) ListByAlertRuleResponder 

func (client ActionsClient) ListByAlertRuleResponder(resp *http.Response) (result ActionsList, err error)

ListByAlertRuleResponder handles the response to the ListByAlertRule request. The method always closes the http.Response Body.

func (ActionsClient) ListByAlertRuleSender 

func (client ActionsClient) ListByAlertRuleSender(req *http.Request) (*http.Response, error)

ListByAlertRuleSender sends the ListByAlertRule request. The method will close the http.Response Body if it receives an error.

type ActionsList 

type ActionsList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of actions.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of actions.
	Value *[]ActionResponse `json:"value,omitempty"`
}

ActionsList list all the actions.

func (ActionsList) IsEmpty 

func (al ActionsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (ActionsList) MarshalJSON 

func (al ActionsList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActionsList.

type ActionsListIterator 

type ActionsListIterator struct {
	// contains filtered or unexported fields
}

ActionsListIterator provides access to a complete listing of ActionResponse values.

func NewActionsListIterator 

func NewActionsListIterator(page ActionsListPage) ActionsListIterator

Creates a new instance of the ActionsListIterator type.

func (*ActionsListIterator) Next 

func (iter *ActionsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListIterator) NextWithContext 

func (iter *ActionsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (ActionsListIterator) NotDone 

func (iter ActionsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (ActionsListIterator) Response 

func (iter ActionsListIterator) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListIterator) Value 

func (iter ActionsListIterator) Value() ActionResponse

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type ActionsListPage 

type ActionsListPage struct {
	// contains filtered or unexported fields
}

ActionsListPage contains a page of ActionResponse values.

func NewActionsListPage 

func NewActionsListPage(cur ActionsList, getNextPage func(context.Context, ActionsList) (ActionsList, error)) ActionsListPage

Creates a new instance of the ActionsListPage type.

func (*ActionsListPage) Next 

func (page *ActionsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ActionsListPage) NextWithContext 

func (page *ActionsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (ActionsListPage) NotDone 

func (page ActionsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (ActionsListPage) Response 

func (page ActionsListPage) Response() ActionsList

Response returns the raw server response from the last page request.

func (ActionsListPage) Values 

func (page ActionsListPage) Values() []ActionResponse

Values returns the slice of values for the current page or nil if there are no values.

type ActivityTimelineItem 

type ActivityTimelineItem struct {
	// QueryID - The activity query id.
	QueryID *string `json:"queryId,omitempty"`
	// BucketStartTimeUTC - The grouping bucket start time.
	BucketStartTimeUTC *date.Time `json:"bucketStartTimeUTC,omitempty"`
	// BucketEndTimeUTC - The grouping bucket end time.
	BucketEndTimeUTC *date.Time `json:"bucketEndTimeUTC,omitempty"`
	// FirstActivityTimeUTC - The time of the first activity in the grouping bucket.
	FirstActivityTimeUTC *date.Time `json:"firstActivityTimeUTC,omitempty"`
	// LastActivityTimeUTC - The time of the last activity in the grouping bucket.
	LastActivityTimeUTC *date.Time `json:"lastActivityTimeUTC,omitempty"`
	// Content - The activity timeline content.
	Content *string `json:"content,omitempty"`
	// Title - The activity timeline title.
	Title *string `json:"title,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

ActivityTimelineItem represents Activity timeline item.

func (ActivityTimelineItem) AsActivityTimelineItem 

func (ati ActivityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsBasicEntityTimelineItem 

func (ati ActivityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsBookmarkTimelineItem 

func (ati ActivityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsEntityTimelineItem 

func (ati ActivityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) AsSecurityAlertTimelineItem 

func (ati ActivityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for ActivityTimelineItem.

func (ActivityTimelineItem) MarshalJSON 

func (ati ActivityTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ActivityTimelineItem.

type Aggregations 

type Aggregations struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation'
	Kind Kind `json:"kind,omitempty"`
}

Aggregations the aggregation.

func (Aggregations) AsAggregations 

func (a Aggregations) AsAggregations() (*Aggregations, bool)

AsAggregations is the BasicAggregations implementation for Aggregations.

func (Aggregations) AsBasicAggregations 

func (a Aggregations) AsBasicAggregations() (BasicAggregations, bool)

AsBasicAggregations is the BasicAggregations implementation for Aggregations.

func (Aggregations) AsCasesAggregation 

func (a Aggregations) AsCasesAggregation() (*CasesAggregation, bool)

AsCasesAggregation is the BasicAggregations implementation for Aggregations.

func (Aggregations) MarshalJSON 

func (a Aggregations) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Aggregations.

type AggregationsKind 

type AggregationsKind struct {
	// Kind - The kind of the setting
	Kind *string `json:"kind,omitempty"`
}

AggregationsKind describes an Azure resource with kind.

type AggregationsModel 

type AggregationsModel struct {
	autorest.Response `json:"-"`
	Value             BasicAggregations `json:"value,omitempty"`
}

AggregationsModel ...

func (*AggregationsModel) UnmarshalJSON 

func (am *AggregationsModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AggregationsModel struct.

type AlertRule 

type AlertRule struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

AlertRule alert rule.

func (AlertRule) AsAlertRule 

func (ar AlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsBasicAlertRule 

func (ar AlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsFusionAlertRule 

func (ar AlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (ar AlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) AsScheduledAlertRule 

func (ar AlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for AlertRule.

func (AlertRule) MarshalJSON 

func (ar AlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRule.

type AlertRuleKind 

type AlertRuleKind string

AlertRuleKind enumerates the values for alert rule kind. 

const (
	// Fusion ...
	Fusion AlertRuleKind = "Fusion"
	// MicrosoftSecurityIncidentCreation ...
	MicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation"
	// Scheduled ...
	Scheduled AlertRuleKind = "Scheduled"
)

func PossibleAlertRuleKindValues 

func PossibleAlertRuleKindValues() []AlertRuleKind

PossibleAlertRuleKindValues returns an array of possible values for the AlertRuleKind const type.

type AlertRuleKind1 

type AlertRuleKind1 struct {
	// Kind - The kind of the alert rule. Possible values include: 'Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion'
	Kind AlertRuleKind `json:"kind,omitempty"`
}

AlertRuleKind1 describes an Azure resource with kind.

type AlertRuleModel 

type AlertRuleModel struct {
	autorest.Response `json:"-"`
	Value             BasicAlertRule `json:"value,omitempty"`
}

AlertRuleModel ...

func (*AlertRuleModel) UnmarshalJSON 

func (arm *AlertRuleModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleModel struct.

type AlertRuleTemplate 

type AlertRuleTemplate struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

AlertRuleTemplate alert rule template.

func (AlertRuleTemplate) AsAlertRuleTemplate 

func (art AlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsBasicAlertRuleTemplate 

func (art AlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsFusionAlertRuleTemplate 

func (art AlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (art AlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (art AlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for AlertRuleTemplate.

func (AlertRuleTemplate) MarshalJSON 

func (art AlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplate.

type AlertRuleTemplateDataSource 

type AlertRuleTemplateDataSource struct {
	// ConnectorID - The connector id that provides the following data types
	ConnectorID *string `json:"connectorId,omitempty"`
	// DataTypes - The data types used by the alert rule template
	DataTypes *[]string `json:"dataTypes,omitempty"`
}

AlertRuleTemplateDataSource alert rule template data sources

type AlertRuleTemplateModel 

type AlertRuleTemplateModel struct {
	autorest.Response `json:"-"`
	Value             BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplateModel ...

func (*AlertRuleTemplateModel) UnmarshalJSON 

func (artm *AlertRuleTemplateModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplateModel struct.

type AlertRuleTemplatePropertiesBase 

type AlertRuleTemplatePropertiesBase struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
}

AlertRuleTemplatePropertiesBase base alert rule template property bag.

func (AlertRuleTemplatePropertiesBase) MarshalJSON 

func (artpb AlertRuleTemplatePropertiesBase) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplatePropertiesBase.

type AlertRuleTemplatesClient 

type AlertRuleTemplatesClient struct {
	BaseClient
}

AlertRuleTemplatesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRuleTemplatesClient 

func NewAlertRuleTemplatesClient(subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClient creates an instance of the AlertRuleTemplatesClient client.

func NewAlertRuleTemplatesClientWithBaseURI 

func NewAlertRuleTemplatesClientWithBaseURI(baseURI string, subscriptionID string) AlertRuleTemplatesClient

NewAlertRuleTemplatesClientWithBaseURI creates an instance of the AlertRuleTemplatesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (AlertRuleTemplatesClient) Get 

func (client AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (result AlertRuleTemplateModel, err error)

Get gets the alert rule template. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. alertRuleTemplateID - alert rule template ID

func (AlertRuleTemplatesClient) GetPreparer 

func (client AlertRuleTemplatesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, alertRuleTemplateID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRuleTemplatesClient) GetResponder 

func (client AlertRuleTemplatesClient) GetResponder(resp *http.Response) (result AlertRuleTemplateModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) GetSender 

func (client AlertRuleTemplatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRuleTemplatesClient) List 

func (client AlertRuleTemplatesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListPage, err error)

List gets all alert rule templates. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (AlertRuleTemplatesClient) ListComplete 

func (client AlertRuleTemplatesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRuleTemplatesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRuleTemplatesClient) ListPreparer 

func (client AlertRuleTemplatesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRuleTemplatesClient) ListResponder 

func (client AlertRuleTemplatesClient) ListResponder(resp *http.Response) (result AlertRuleTemplatesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRuleTemplatesClient) ListSender 

func (client AlertRuleTemplatesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRuleTemplatesList 

type AlertRuleTemplatesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of alert rule templates.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of alert rule templates.
	Value *[]BasicAlertRuleTemplate `json:"value,omitempty"`
}

AlertRuleTemplatesList list all the alert rule templates.

func (AlertRuleTemplatesList) IsEmpty 

func (artl AlertRuleTemplatesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (AlertRuleTemplatesList) MarshalJSON 

func (artl AlertRuleTemplatesList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRuleTemplatesList.

func (*AlertRuleTemplatesList) UnmarshalJSON 

func (artl *AlertRuleTemplatesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRuleTemplatesList struct.

type AlertRuleTemplatesListIterator 

type AlertRuleTemplatesListIterator struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesListIterator provides access to a complete listing of AlertRuleTemplate values.

func NewAlertRuleTemplatesListIterator 

func NewAlertRuleTemplatesListIterator(page AlertRuleTemplatesListPage) AlertRuleTemplatesListIterator

Creates a new instance of the AlertRuleTemplatesListIterator type.

func (*AlertRuleTemplatesListIterator) Next 

func (iter *AlertRuleTemplatesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListIterator) NextWithContext 

func (iter *AlertRuleTemplatesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRuleTemplatesListIterator) NotDone 

func (iter AlertRuleTemplatesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListIterator) Response 

func (iter AlertRuleTemplatesListIterator) Response() AlertRuleTemplatesList

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListIterator) Value 

func (iter AlertRuleTemplatesListIterator) Value() BasicAlertRuleTemplate

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRuleTemplatesListPage 

type AlertRuleTemplatesListPage struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesListPage contains a page of BasicAlertRuleTemplate values.

func NewAlertRuleTemplatesListPage 

func NewAlertRuleTemplatesListPage(cur AlertRuleTemplatesList, getNextPage func(context.Context, AlertRuleTemplatesList) (AlertRuleTemplatesList, error)) AlertRuleTemplatesListPage

Creates a new instance of the AlertRuleTemplatesListPage type.

func (*AlertRuleTemplatesListPage) Next 

func (page *AlertRuleTemplatesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRuleTemplatesListPage) NextWithContext 

func (page *AlertRuleTemplatesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRuleTemplatesListPage) NotDone 

func (page AlertRuleTemplatesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRuleTemplatesListPage) Response 

func (page AlertRuleTemplatesListPage) Response() AlertRuleTemplatesList

Response returns the raw server response from the last page request.

func (AlertRuleTemplatesListPage) Values 

func (page AlertRuleTemplatesListPage) Values() []BasicAlertRuleTemplate

Values returns the slice of values for the current page or nil if there are no values.

type AlertRulesClient 

type AlertRulesClient struct {
	BaseClient
}

AlertRulesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewAlertRulesClient 

func NewAlertRulesClient(subscriptionID string) AlertRulesClient

NewAlertRulesClient creates an instance of the AlertRulesClient client.

func NewAlertRulesClientWithBaseURI 

func NewAlertRulesClientWithBaseURI(baseURI string, subscriptionID string) AlertRulesClient

NewAlertRulesClientWithBaseURI creates an instance of the AlertRulesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (AlertRulesClient) CreateOrUpdate 

func (client AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (result AlertRuleModel, err error)

CreateOrUpdate creates or updates the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID alertRule - the alert rule

func (AlertRulesClient) CreateOrUpdateAction 

func (client AlertRulesClient) CreateOrUpdateAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (result ActionResponse, err error)

CreateOrUpdateAction creates or updates the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID action - the action

func (AlertRulesClient) CreateOrUpdateActionPreparer 

func (client AlertRulesClient) CreateOrUpdateActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string, action ActionRequest) (*http.Request, error)

CreateOrUpdateActionPreparer prepares the CreateOrUpdateAction request.

func (AlertRulesClient) CreateOrUpdateActionResponder 

func (client AlertRulesClient) CreateOrUpdateActionResponder(resp *http.Response) (result ActionResponse, err error)

CreateOrUpdateActionResponder handles the response to the CreateOrUpdateAction request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateActionSender 

func (client AlertRulesClient) CreateOrUpdateActionSender(req *http.Request) (*http.Response, error)

CreateOrUpdateActionSender sends the CreateOrUpdateAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) CreateOrUpdatePreparer 

func (client AlertRulesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, alertRule BasicAlertRule) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (AlertRulesClient) CreateOrUpdateResponder 

func (client AlertRulesClient) CreateOrUpdateResponder(resp *http.Response) (result AlertRuleModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (AlertRulesClient) CreateOrUpdateSender 

func (client AlertRulesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Delete 

func (client AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result autorest.Response, err error)

Delete delete the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) DeleteAction 

func (client AlertRulesClient) DeleteAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result autorest.Response, err error)

DeleteAction delete the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (AlertRulesClient) DeleteActionPreparer 

func (client AlertRulesClient) DeleteActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

DeleteActionPreparer prepares the DeleteAction request.

func (AlertRulesClient) DeleteActionResponder 

func (client AlertRulesClient) DeleteActionResponder(resp *http.Response) (result autorest.Response, err error)

DeleteActionResponder handles the response to the DeleteAction request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteActionSender 

func (client AlertRulesClient) DeleteActionSender(req *http.Request) (*http.Response, error)

DeleteActionSender sends the DeleteAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) DeletePreparer 

func (client AlertRulesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (AlertRulesClient) DeleteResponder 

func (client AlertRulesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (AlertRulesClient) DeleteSender 

func (client AlertRulesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) Get 

func (client AlertRulesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (result AlertRuleModel, err error)

Get gets the alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID

func (AlertRulesClient) GetAction 

func (client AlertRulesClient) GetAction(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (result ActionResponse, err error)

GetAction gets the action of alert rule. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. ruleID - alert rule ID actionID - action ID

func (AlertRulesClient) GetActionPreparer 

func (client AlertRulesClient) GetActionPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string, actionID string) (*http.Request, error)

GetActionPreparer prepares the GetAction request.

func (AlertRulesClient) GetActionResponder 

func (client AlertRulesClient) GetActionResponder(resp *http.Response) (result ActionResponse, err error)

GetActionResponder handles the response to the GetAction request. The method always closes the http.Response Body.

func (AlertRulesClient) GetActionSender 

func (client AlertRulesClient) GetActionSender(req *http.Request) (*http.Response, error)

GetActionSender sends the GetAction request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) GetPreparer 

func (client AlertRulesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, ruleID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (AlertRulesClient) GetResponder 

func (client AlertRulesClient) GetResponder(resp *http.Response) (result AlertRuleModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (AlertRulesClient) GetSender 

func (client AlertRulesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (AlertRulesClient) List 

func (client AlertRulesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListPage, err error)

List gets all alert rules. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (AlertRulesClient) ListComplete 

func (client AlertRulesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result AlertRulesListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (AlertRulesClient) ListPreparer 

func (client AlertRulesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (AlertRulesClient) ListResponder 

func (client AlertRulesClient) ListResponder(resp *http.Response) (result AlertRulesList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (AlertRulesClient) ListSender 

func (client AlertRulesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type AlertRulesList 

type AlertRulesList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of alert rules.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of alert rules.
	Value *[]BasicAlertRule `json:"value,omitempty"`
}

AlertRulesList list all the alert rules.

func (AlertRulesList) IsEmpty 

func (arl AlertRulesList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (AlertRulesList) MarshalJSON 

func (arl AlertRulesList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AlertRulesList.

func (*AlertRulesList) UnmarshalJSON 

func (arl *AlertRulesList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AlertRulesList struct.

type AlertRulesListIterator 

type AlertRulesListIterator struct {
	// contains filtered or unexported fields
}

AlertRulesListIterator provides access to a complete listing of AlertRule values.

func NewAlertRulesListIterator 

func NewAlertRulesListIterator(page AlertRulesListPage) AlertRulesListIterator

Creates a new instance of the AlertRulesListIterator type.

func (*AlertRulesListIterator) Next 

func (iter *AlertRulesListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListIterator) NextWithContext 

func (iter *AlertRulesListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (AlertRulesListIterator) NotDone 

func (iter AlertRulesListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (AlertRulesListIterator) Response 

func (iter AlertRulesListIterator) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListIterator) Value 

func (iter AlertRulesListIterator) Value() BasicAlertRule

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type AlertRulesListPage 

type AlertRulesListPage struct {
	// contains filtered or unexported fields
}

AlertRulesListPage contains a page of BasicAlertRule values.

func NewAlertRulesListPage 

func NewAlertRulesListPage(cur AlertRulesList, getNextPage func(context.Context, AlertRulesList) (AlertRulesList, error)) AlertRulesListPage

Creates a new instance of the AlertRulesListPage type.

func (*AlertRulesListPage) Next 

func (page *AlertRulesListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*AlertRulesListPage) NextWithContext 

func (page *AlertRulesListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (AlertRulesListPage) NotDone 

func (page AlertRulesListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (AlertRulesListPage) Response 

func (page AlertRulesListPage) Response() AlertRulesList

Response returns the raw server response from the last page request.

func (AlertRulesListPage) Values 

func (page AlertRulesListPage) Values() []BasicAlertRule

Values returns the slice of values for the current page or nil if there are no values.

type AlertSeverity 

type AlertSeverity string

AlertSeverity enumerates the values for alert severity. 

const (
	// High High severity
	High AlertSeverity = "High"
	// Informational Informational severity
	Informational AlertSeverity = "Informational"
	// Low Low severity
	Low AlertSeverity = "Low"
	// Medium Medium severity
	Medium AlertSeverity = "Medium"
)

func PossibleAlertSeverityValues 

func PossibleAlertSeverityValues() []AlertSeverity

PossibleAlertSeverityValues returns an array of possible values for the AlertSeverity const type.

type AlertStatus 

type AlertStatus string

AlertStatus enumerates the values for alert status. 

const (
	// AlertStatusDismissed Alert dismissed as false positive
	AlertStatusDismissed AlertStatus = "Dismissed"
	// AlertStatusInProgress Alert is being handled
	AlertStatusInProgress AlertStatus = "InProgress"
	// AlertStatusNew New alert
	AlertStatusNew AlertStatus = "New"
	// AlertStatusResolved Alert closed after handling
	AlertStatusResolved AlertStatus = "Resolved"
	// AlertStatusUnknown Unknown value
	AlertStatusUnknown AlertStatus = "Unknown"
)

func PossibleAlertStatusValues 

func PossibleAlertStatusValues() []AlertStatus

PossibleAlertStatusValues returns an array of possible values for the AlertStatus const type.

type AlertsDataTypeOfDataConnector 

type AlertsDataTypeOfDataConnector struct {
	// Alerts - Alerts data type connection.
	Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"`
}

AlertsDataTypeOfDataConnector alerts data type for data connectors.

type AlertsDataTypeOfDataConnectorAlerts 

type AlertsDataTypeOfDataConnectorAlerts struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

AlertsDataTypeOfDataConnectorAlerts alerts data type connection.

type AttackTactic 

type AttackTactic string

AttackTactic enumerates the values for attack tactic. 

const (
	// Collection ...
	Collection AttackTactic = "Collection"
	// CommandAndControl ...
	CommandAndControl AttackTactic = "CommandAndControl"
	// CredentialAccess ...
	CredentialAccess AttackTactic = "CredentialAccess"
	// DefenseEvasion ...
	DefenseEvasion AttackTactic = "DefenseEvasion"
	// Discovery ...
	Discovery AttackTactic = "Discovery"
	// Execution ...
	Execution AttackTactic = "Execution"
	// Exfiltration ...
	Exfiltration AttackTactic = "Exfiltration"
	// Impact ...
	Impact AttackTactic = "Impact"
	// InitialAccess ...
	InitialAccess AttackTactic = "InitialAccess"
	// LateralMovement ...
	LateralMovement AttackTactic = "LateralMovement"
	// Persistence ...
	Persistence AttackTactic = "Persistence"
	// PreAttack ...
	PreAttack AttackTactic = "PreAttack"
	// PrivilegeEscalation ...
	PrivilegeEscalation AttackTactic = "PrivilegeEscalation"
)

func PossibleAttackTacticValues 

func PossibleAttackTacticValues() []AttackTactic

PossibleAttackTacticValues returns an array of possible values for the AttackTactic const type.

type AwsCloudTrailCheckRequirements 

type AwsCloudTrailCheckRequirements struct {
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

AwsCloudTrailCheckRequirements amazon Web Services CloudTrail requirements check request.

func (AwsCloudTrailCheckRequirements) AsAADCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsAATPCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsASCCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsDataConnectorsCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsMCASCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsTICheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) AsTiTaxiiCheckRequirements 

func (actcr AwsCloudTrailCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) MarshalJSON 

func (actcr AwsCloudTrailCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsCloudTrailCheckRequirements.

type AwsCloudTrailDataConnector 

type AwsCloudTrailDataConnector struct {
	// AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.
	*AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

AwsCloudTrailDataConnector represents Amazon Web Services CloudTrail data connector.

func (AwsCloudTrailDataConnector) AsAADDataConnector 

func (actdc AwsCloudTrailDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAATPDataConnector 

func (actdc AwsCloudTrailDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsASCDataConnector 

func (actdc AwsCloudTrailDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector 

func (actdc AwsCloudTrailDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsBasicDataConnector 

func (actdc AwsCloudTrailDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsDataConnector 

func (actdc AwsCloudTrailDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMCASDataConnector 

func (actdc AwsCloudTrailDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsMDATPDataConnector 

func (actdc AwsCloudTrailDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsOfficeATPDataConnector 

func (actdc AwsCloudTrailDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsOfficeDataConnector 

func (actdc AwsCloudTrailDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsTIDataConnector 

func (actdc AwsCloudTrailDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) AsTiTaxiiDataConnector 

func (actdc AwsCloudTrailDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) MarshalJSON 

func (actdc AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AwsCloudTrailDataConnector.

func (*AwsCloudTrailDataConnector) UnmarshalJSON 

func (actdc *AwsCloudTrailDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AwsCloudTrailDataConnector struct.

type AwsCloudTrailDataConnectorDataTypes 

type AwsCloudTrailDataConnectorDataTypes struct {
	// Logs - Logs data type.
	Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsCloudTrailDataConnectorDataTypes the available data types for Amazon Web Services CloudTrail data connector.

type AwsCloudTrailDataConnectorDataTypesLogs 

type AwsCloudTrailDataConnectorDataTypesLogs struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

AwsCloudTrailDataConnectorDataTypesLogs logs data type.

type AwsCloudTrailDataConnectorProperties 

type AwsCloudTrailDataConnectorProperties struct {
	// AwsRoleArn - The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
	AwsRoleArn *string `json:"awsRoleArn,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"`
}

AwsCloudTrailDataConnectorProperties amazon Web Services CloudTrail data connector properties.

type AzureResourceEntity 

type AzureResourceEntity struct {
	// AzureResourceEntityProperties - AzureResource entity properties
	*AzureResourceEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

AzureResourceEntity represents an azure resource entity.

func (AzureResourceEntity) AsAccountEntity 

func (are AzureResourceEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsAzureResourceEntity 

func (are AzureResourceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsBasicEntity 

func (are AzureResourceEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsCloudApplicationEntity 

func (are AzureResourceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsDNSEntity 

func (are AzureResourceEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsEntity 

func (are AzureResourceEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsFileEntity 

func (are AzureResourceEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsFileHashEntity 

func (are AzureResourceEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsHostEntity 

func (are AzureResourceEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsHuntingBookmark 

func (are AzureResourceEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsIPEntity 

func (are AzureResourceEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsIoTDeviceEntity 

func (are AzureResourceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsMalwareEntity 

func (are AzureResourceEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsProcessEntity 

func (are AzureResourceEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsRegistryKeyEntity 

func (are AzureResourceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsRegistryValueEntity 

func (are AzureResourceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSecurityAlert 

func (are AzureResourceEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsSecurityGroupEntity 

func (are AzureResourceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) AsURLEntity 

func (are AzureResourceEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for AzureResourceEntity.

func (AzureResourceEntity) MarshalJSON 

func (are AzureResourceEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureResourceEntity.

func (*AzureResourceEntity) UnmarshalJSON 

func (are *AzureResourceEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for AzureResourceEntity struct.

type AzureResourceEntityProperties 

type AzureResourceEntityProperties struct {
	// ResourceID - READ-ONLY; The azure resource id of the resource
	ResourceID *string `json:"resourceId,omitempty"`
	// SubscriptionID - READ-ONLY; The subscription id of the resource
	SubscriptionID *string `json:"subscriptionId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

AzureResourceEntityProperties azureResource entity property bag.

func (AzureResourceEntityProperties) MarshalJSON 

func (arep AzureResourceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for AzureResourceEntityProperties.

type BaseClient 

type BaseClient struct {
	autorest.Client
	BaseURI        string
	SubscriptionID string
}

BaseClient is the base client for Securityinsight.

func New 

func New(subscriptionID string) BaseClient

New creates an instance of the BaseClient client.

func NewWithBaseURI 

func NewWithBaseURI(baseURI string, subscriptionID string) BaseClient

NewWithBaseURI creates an instance of the BaseClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

type BasicAggregations 

type BasicAggregations interface {
	AsCasesAggregation() (*CasesAggregation, bool)
	AsAggregations() (*Aggregations, bool)
}

BasicAggregations the aggregation.

type BasicAlertRule 

type BasicAlertRule interface {
	AsFusionAlertRule() (*FusionAlertRule, bool)
	AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)
	AsScheduledAlertRule() (*ScheduledAlertRule, bool)
	AsAlertRule() (*AlertRule, bool)
}

BasicAlertRule alert rule.

type BasicAlertRuleTemplate 

type BasicAlertRuleTemplate interface {
	AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)
	AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)
	AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)
	AsAlertRuleTemplate() (*AlertRuleTemplate, bool)
}

BasicAlertRuleTemplate alert rule template.

type BasicDataConnector 

type BasicDataConnector interface {
	AsAADDataConnector() (*AADDataConnector, bool)
	AsAATPDataConnector() (*AATPDataConnector, bool)
	AsASCDataConnector() (*ASCDataConnector, bool)
	AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)
	AsMCASDataConnector() (*MCASDataConnector, bool)
	AsMDATPDataConnector() (*MDATPDataConnector, bool)
	AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)
	AsOfficeDataConnector() (*OfficeDataConnector, bool)
	AsTIDataConnector() (*TIDataConnector, bool)
	AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)
	AsDataConnector() (*DataConnector, bool)
}

BasicDataConnector data connector.

type BasicDataConnectorsCheckRequirements 

type BasicDataConnectorsCheckRequirements interface {
	AsAADCheckRequirements() (*AADCheckRequirements, bool)
	AsAATPCheckRequirements() (*AATPCheckRequirements, bool)
	AsASCCheckRequirements() (*ASCCheckRequirements, bool)
	AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)
	AsMCASCheckRequirements() (*MCASCheckRequirements, bool)
	AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)
	AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)
	AsTICheckRequirements() (*TICheckRequirements, bool)
	AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)
	AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)
}

BasicDataConnectorsCheckRequirements data connector requirements properties.

type BasicEntity 

type BasicEntity interface {
	AsAccountEntity() (*AccountEntity, bool)
	AsAzureResourceEntity() (*AzureResourceEntity, bool)
	AsCloudApplicationEntity() (*CloudApplicationEntity, bool)
	AsDNSEntity() (*DNSEntity, bool)
	AsFileEntity() (*FileEntity, bool)
	AsFileHashEntity() (*FileHashEntity, bool)
	AsHostEntity() (*HostEntity, bool)
	AsHuntingBookmark() (*HuntingBookmark, bool)
	AsSecurityAlert() (*SecurityAlert, bool)
	AsIPEntity() (*IPEntity, bool)
	AsMalwareEntity() (*MalwareEntity, bool)
	AsProcessEntity() (*ProcessEntity, bool)
	AsRegistryKeyEntity() (*RegistryKeyEntity, bool)
	AsRegistryValueEntity() (*RegistryValueEntity, bool)
	AsSecurityGroupEntity() (*SecurityGroupEntity, bool)
	AsURLEntity() (*URLEntity, bool)
	AsIoTDeviceEntity() (*IoTDeviceEntity, bool)
	AsEntity() (*Entity, bool)
}

BasicEntity specific entity.

type BasicEntityTimelineItem 

type BasicEntityTimelineItem interface {
	AsActivityTimelineItem() (*ActivityTimelineItem, bool)
	AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)
	AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)
	AsEntityTimelineItem() (*EntityTimelineItem, bool)
}

BasicEntityTimelineItem entity timeline Item.

type BasicSettings 

type BasicSettings interface {
	AsEyesOn() (*EyesOn, bool)
	AsEntityAnalytics() (*EntityAnalytics, bool)
	AsUeba() (*Ueba, bool)
	AsSettings() (*Settings, bool)
}

BasicSettings the Setting.

type BasicThreatIntelligenceInformation 

type BasicThreatIntelligenceInformation interface {
	AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)
	AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)
}

BasicThreatIntelligenceInformation threat intelligence information object.

type Bookmark 

type Bookmark struct {
	autorest.Response `json:"-"`
	// BookmarkProperties - Bookmark properties
	*BookmarkProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Bookmark represents a bookmark in Azure Security Insights.

func (Bookmark) MarshalJSON 

func (b Bookmark) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Bookmark.

func (*Bookmark) UnmarshalJSON 

func (b *Bookmark) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Bookmark struct.

type BookmarkClient 

type BookmarkClient struct {
	BaseClient
}

BookmarkClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarkClient 

func NewBookmarkClient(subscriptionID string) BookmarkClient

NewBookmarkClient creates an instance of the BookmarkClient client.

func NewBookmarkClientWithBaseURI 

func NewBookmarkClientWithBaseURI(baseURI string, subscriptionID string) BookmarkClient

NewBookmarkClientWithBaseURI creates an instance of the BookmarkClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (BookmarkClient) Expand 

func (client BookmarkClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters) (result BookmarkExpandResponse, err error)

Expand expand an bookmark Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID parameters - the parameters required to execute an expand operation on the given bookmark.

func (BookmarkClient) ExpandPreparer 

func (client BookmarkClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters) (*http.Request, error)

ExpandPreparer prepares the Expand request.

func (BookmarkClient) ExpandResponder 

func (client BookmarkClient) ExpandResponder(resp *http.Response) (result BookmarkExpandResponse, err error)

ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.

func (BookmarkClient) ExpandSender 

func (client BookmarkClient) ExpandSender(req *http.Request) (*http.Response, error)

ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.

type BookmarkExpandParameters 

type BookmarkExpandParameters struct {
	// EndTime - The end date filter, so the only expansion results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// ExpansionID - The Id of the expansion to perform.
	ExpansionID *uuid.UUID `json:"expansionId,omitempty"`
	// StartTime - The start date filter, so the only expansion results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
}

BookmarkExpandParameters the parameters required to execute an expand operation on the given bookmark.

type BookmarkExpandResponse 

type BookmarkExpandResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`
	// Value - The expansion result values.
	Value *BookmarkExpandResponseValue `json:"value,omitempty"`
}

BookmarkExpandResponse the entity expansion result operation response.

type BookmarkExpandResponseValue 

type BookmarkExpandResponseValue struct {
	// Entities - Array of the expansion result entities.
	Entities *[]BasicEntity `json:"entities,omitempty"`
}

BookmarkExpandResponseValue the expansion result values.

func (*BookmarkExpandResponseValue) UnmarshalJSON 

func (ber *BookmarkExpandResponseValue) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for BookmarkExpandResponseValue struct.

type BookmarkList 

type BookmarkList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of cases.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of bookmarks.
	Value *[]Bookmark `json:"value,omitempty"`
}

BookmarkList list all the bookmarks.

func (BookmarkList) IsEmpty 

func (bl BookmarkList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (BookmarkList) MarshalJSON 

func (bl BookmarkList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for BookmarkList.

type BookmarkListIterator 

type BookmarkListIterator struct {
	// contains filtered or unexported fields
}

BookmarkListIterator provides access to a complete listing of Bookmark values.

func NewBookmarkListIterator 

func NewBookmarkListIterator(page BookmarkListPage) BookmarkListIterator

Creates a new instance of the BookmarkListIterator type.

func (*BookmarkListIterator) Next 

func (iter *BookmarkListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListIterator) NextWithContext 

func (iter *BookmarkListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (BookmarkListIterator) NotDone 

func (iter BookmarkListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (BookmarkListIterator) Response 

func (iter BookmarkListIterator) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListIterator) Value 

func (iter BookmarkListIterator) Value() Bookmark

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type BookmarkListPage 

type BookmarkListPage struct {
	// contains filtered or unexported fields
}

BookmarkListPage contains a page of Bookmark values.

func NewBookmarkListPage 

func NewBookmarkListPage(cur BookmarkList, getNextPage func(context.Context, BookmarkList) (BookmarkList, error)) BookmarkListPage

Creates a new instance of the BookmarkListPage type.

func (*BookmarkListPage) Next 

func (page *BookmarkListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*BookmarkListPage) NextWithContext 

func (page *BookmarkListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (BookmarkListPage) NotDone 

func (page BookmarkListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (BookmarkListPage) Response 

func (page BookmarkListPage) Response() BookmarkList

Response returns the raw server response from the last page request.

func (BookmarkListPage) Values 

func (page BookmarkListPage) Values() []Bookmark

Values returns the slice of values for the current page or nil if there are no values.

type BookmarkProperties 

type BookmarkProperties struct {
	// Created - The time the bookmark was created
	Created *date.Time `json:"created,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// DisplayName - The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// Query - The query of the bookmark.
	Query *string `json:"query,omitempty"`
	// QueryResult - The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`
	// Updated - The last time the bookmark was updated
	Updated *date.Time `json:"updated,omitempty"`
	// UpdatedBy - Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// IncidentInfo - Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`
}

BookmarkProperties describes bookmark properties

type BookmarkRelationsClient 

type BookmarkRelationsClient struct {
	BaseClient
}

BookmarkRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarkRelationsClient 

func NewBookmarkRelationsClient(subscriptionID string) BookmarkRelationsClient

NewBookmarkRelationsClient creates an instance of the BookmarkRelationsClient client.

func NewBookmarkRelationsClientWithBaseURI 

func NewBookmarkRelationsClientWithBaseURI(baseURI string, subscriptionID string) BookmarkRelationsClient

NewBookmarkRelationsClientWithBaseURI creates an instance of the BookmarkRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (BookmarkRelationsClient) CreateOrUpdateRelation 

func (client BookmarkRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relation Relation) (result Relation, err error)

CreateOrUpdateRelation creates the bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name relation - the relation model

func (BookmarkRelationsClient) CreateOrUpdateRelationPreparer 

func (client BookmarkRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string, relation Relation) (*http.Request, error)

CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.

func (BookmarkRelationsClient) CreateOrUpdateRelationResponder 

func (client BookmarkRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result Relation, err error)

CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) CreateOrUpdateRelationSender 

func (client BookmarkRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)

CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) DeleteRelation 

func (client BookmarkRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result autorest.Response, err error)

DeleteRelation delete the bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name

func (BookmarkRelationsClient) DeleteRelationPreparer 

func (client BookmarkRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)

DeleteRelationPreparer prepares the DeleteRelation request.

func (BookmarkRelationsClient) DeleteRelationResponder 

func (client BookmarkRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)

DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) DeleteRelationSender 

func (client BookmarkRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)

DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) GetRelation 

func (client BookmarkRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (result Relation, err error)

GetRelation gets a bookmark relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID relationName - relation Name

func (BookmarkRelationsClient) GetRelationPreparer 

func (client BookmarkRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (BookmarkRelationsClient) GetRelationResponder 

func (client BookmarkRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) GetRelationSender 

func (client BookmarkRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

func (BookmarkRelationsClient) List 

func (client BookmarkRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)

List gets all bookmark relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (BookmarkRelationsClient) ListComplete 

func (client BookmarkRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (BookmarkRelationsClient) ListPreparer 

func (client BookmarkRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (BookmarkRelationsClient) ListResponder 

func (client BookmarkRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (BookmarkRelationsClient) ListSender 

func (client BookmarkRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type BookmarkTimelineItem 

type BookmarkTimelineItem struct {
	// AzureResourceID - The bookmark azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`
	// DisplayName - The bookmark display name.
	DisplayName *string `json:"displayName,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// EndTimeUtc - The bookmark end time.
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// StartTimeUtc - TThe bookmark start time.
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// EventTime - The bookmark event time.
	EventTime *date.Time `json:"eventTime,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

BookmarkTimelineItem represents bookmark timeline item.

func (BookmarkTimelineItem) AsActivityTimelineItem 

func (bti BookmarkTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsBasicEntityTimelineItem 

func (bti BookmarkTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsBookmarkTimelineItem 

func (bti BookmarkTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsEntityTimelineItem 

func (bti BookmarkTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) AsSecurityAlertTimelineItem 

func (bti BookmarkTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for BookmarkTimelineItem.

func (BookmarkTimelineItem) MarshalJSON 

func (bti BookmarkTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for BookmarkTimelineItem.

type BookmarksClient 

type BookmarksClient struct {
	BaseClient
}

BookmarksClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewBookmarksClient 

func NewBookmarksClient(subscriptionID string) BookmarksClient

NewBookmarksClient creates an instance of the BookmarksClient client.

func NewBookmarksClientWithBaseURI 

func NewBookmarksClientWithBaseURI(baseURI string, subscriptionID string) BookmarksClient

NewBookmarksClientWithBaseURI creates an instance of the BookmarksClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (BookmarksClient) CreateOrUpdate 

func (client BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (result Bookmark, err error)

CreateOrUpdate creates or updates the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID bookmark - the bookmark

func (BookmarksClient) CreateOrUpdatePreparer 

func (client BookmarksClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string, bookmark Bookmark) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (BookmarksClient) CreateOrUpdateResponder 

func (client BookmarksClient) CreateOrUpdateResponder(resp *http.Response) (result Bookmark, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (BookmarksClient) CreateOrUpdateSender 

func (client BookmarksClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Delete 

func (client BookmarksClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result autorest.Response, err error)

Delete delete the bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) DeletePreparer 

func (client BookmarksClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (BookmarksClient) DeleteResponder 

func (client BookmarksClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (BookmarksClient) DeleteSender 

func (client BookmarksClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) Get 

func (client BookmarksClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (result Bookmark, err error)

Get gets a bookmark. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. bookmarkID - bookmark ID

func (BookmarksClient) GetPreparer 

func (client BookmarksClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, bookmarkID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (BookmarksClient) GetResponder 

func (client BookmarksClient) GetResponder(resp *http.Response) (result Bookmark, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (BookmarksClient) GetSender 

func (client BookmarksClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (BookmarksClient) List 

func (client BookmarksClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListPage, err error)

List gets all bookmarks. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (BookmarksClient) ListComplete 

func (client BookmarksClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result BookmarkListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (BookmarksClient) ListPreparer 

func (client BookmarksClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (BookmarksClient) ListResponder 

func (client BookmarksClient) ListResponder(resp *http.Response) (result BookmarkList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (BookmarksClient) ListSender 

func (client BookmarksClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type Case 

type Case struct {
	autorest.Response `json:"-"`
	// CaseProperties - Case properties
	*CaseProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Case represents a case in Azure Security Insights.

func (Case) MarshalJSON 

func (c Case) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Case.

func (*Case) UnmarshalJSON 

func (c *Case) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Case struct.

type CaseComment 

type CaseComment struct {
	autorest.Response `json:"-"`
	// CaseCommentProperties - Case comment properties
	*CaseCommentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

CaseComment represents a case comment

func (CaseComment) MarshalJSON 

func (cc CaseComment) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseComment.

func (*CaseComment) UnmarshalJSON 

func (cc *CaseComment) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CaseComment struct.

type CaseCommentList 

type CaseCommentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of comments.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of comments.
	Value *[]CaseComment `json:"value,omitempty"`
}

CaseCommentList list of case comments.

func (CaseCommentList) IsEmpty 

func (ccl CaseCommentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (CaseCommentList) MarshalJSON 

func (ccl CaseCommentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseCommentList.

type CaseCommentListIterator 

type CaseCommentListIterator struct {
	// contains filtered or unexported fields
}

CaseCommentListIterator provides access to a complete listing of CaseComment values.

func NewCaseCommentListIterator 

func NewCaseCommentListIterator(page CaseCommentListPage) CaseCommentListIterator

Creates a new instance of the CaseCommentListIterator type.

func (*CaseCommentListIterator) Next 

func (iter *CaseCommentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseCommentListIterator) NextWithContext 

func (iter *CaseCommentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseCommentListIterator) NotDone 

func (iter CaseCommentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseCommentListIterator) Response 

func (iter CaseCommentListIterator) Response() CaseCommentList

Response returns the raw server response from the last page request.

func (CaseCommentListIterator) Value 

func (iter CaseCommentListIterator) Value() CaseComment

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseCommentListPage 

type CaseCommentListPage struct {
	// contains filtered or unexported fields
}

CaseCommentListPage contains a page of CaseComment values.

func NewCaseCommentListPage 

func NewCaseCommentListPage(cur CaseCommentList, getNextPage func(context.Context, CaseCommentList) (CaseCommentList, error)) CaseCommentListPage

Creates a new instance of the CaseCommentListPage type.

func (*CaseCommentListPage) Next 

func (page *CaseCommentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseCommentListPage) NextWithContext 

func (page *CaseCommentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseCommentListPage) NotDone 

func (page CaseCommentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseCommentListPage) Response 

func (page CaseCommentListPage) Response() CaseCommentList

Response returns the raw server response from the last page request.

func (CaseCommentListPage) Values 

func (page CaseCommentListPage) Values() []CaseComment

Values returns the slice of values for the current page or nil if there are no values.

type CaseCommentProperties 

type CaseCommentProperties struct {
	// CreatedTimeUtc - READ-ONLY; The time the comment was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Message - The comment message
	Message *string `json:"message,omitempty"`
	// UserInfo - READ-ONLY; Describes the user that created the comment
	UserInfo *UserInfo `json:"userInfo,omitempty"`
}

CaseCommentProperties case comment property bag.

func (CaseCommentProperties) MarshalJSON 

func (ccp CaseCommentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseCommentProperties.

type CaseCommentsClient 

type CaseCommentsClient struct {
	BaseClient
}

CaseCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCaseCommentsClient 

func NewCaseCommentsClient(subscriptionID string) CaseCommentsClient

NewCaseCommentsClient creates an instance of the CaseCommentsClient client.

func NewCaseCommentsClientWithBaseURI 

func NewCaseCommentsClientWithBaseURI(baseURI string, subscriptionID string) CaseCommentsClient

NewCaseCommentsClientWithBaseURI creates an instance of the CaseCommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (CaseCommentsClient) CreateComment 

func (client CaseCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (result CaseComment, err error)

CreateComment creates the case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID caseComment - the case comment

func (CaseCommentsClient) CreateCommentPreparer 

func (client CaseCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string, caseComment CaseComment) (*http.Request, error)

CreateCommentPreparer prepares the CreateComment request.

func (CaseCommentsClient) CreateCommentResponder 

func (client CaseCommentsClient) CreateCommentResponder(resp *http.Response) (result CaseComment, err error)

CreateCommentResponder handles the response to the CreateComment request. The method always closes the http.Response Body.

func (CaseCommentsClient) CreateCommentSender 

func (client CaseCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error)

CreateCommentSender sends the CreateComment request. The method will close the http.Response Body if it receives an error.

type CaseList 

type CaseList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of cases.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of cases.
	Value *[]Case `json:"value,omitempty"`
}

CaseList list all the cases.

func (CaseList) IsEmpty 

func (cl CaseList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (CaseList) MarshalJSON 

func (cl CaseList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseList.

type CaseListIterator 

type CaseListIterator struct {
	// contains filtered or unexported fields
}

CaseListIterator provides access to a complete listing of Case values.

func NewCaseListIterator 

func NewCaseListIterator(page CaseListPage) CaseListIterator

Creates a new instance of the CaseListIterator type.

func (*CaseListIterator) Next 

func (iter *CaseListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseListIterator) NextWithContext 

func (iter *CaseListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseListIterator) NotDone 

func (iter CaseListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseListIterator) Response 

func (iter CaseListIterator) Response() CaseList

Response returns the raw server response from the last page request.

func (CaseListIterator) Value 

func (iter CaseListIterator) Value() Case

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseListPage 

type CaseListPage struct {
	// contains filtered or unexported fields
}

CaseListPage contains a page of Case values.

func NewCaseListPage 

func NewCaseListPage(cur CaseList, getNextPage func(context.Context, CaseList) (CaseList, error)) CaseListPage

Creates a new instance of the CaseListPage type.

func (*CaseListPage) Next 

func (page *CaseListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseListPage) NextWithContext 

func (page *CaseListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseListPage) NotDone 

func (page CaseListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseListPage) Response 

func (page CaseListPage) Response() CaseList

Response returns the raw server response from the last page request.

func (CaseListPage) Values 

func (page CaseListPage) Values() []Case

Values returns the slice of values for the current page or nil if there are no values.

type CaseProperties 

type CaseProperties struct {
	// CaseNumber - READ-ONLY; a sequential number
	CaseNumber *int32 `json:"caseNumber,omitempty"`
	// CloseReason - The reason the case was closed. Possible values include: 'Resolved', 'Dismissed', 'TruePositive', 'FalsePositive', 'Other'
	CloseReason CloseReason `json:"closeReason,omitempty"`
	// ClosedReasonText - the case close reason details
	ClosedReasonText *string `json:"closedReasonText,omitempty"`
	// CreatedTimeUtc - READ-ONLY; The time the case was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Description - The description of the case
	Description *string `json:"description,omitempty"`
	// EndTimeUtc - The end time of the case
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// Labels - List of labels relevant to this case
	Labels *[]string `json:"labels,omitempty"`
	// LastComment - READ-ONLY; the last comment in the case
	LastComment *string `json:"lastComment,omitempty"`
	// LastUpdatedTimeUtc - READ-ONLY; The last time the case was updated
	LastUpdatedTimeUtc *date.Time `json:"lastUpdatedTimeUtc,omitempty"`
	// Owner - Describes a user that the case is assigned to
	Owner *UserInfo `json:"owner,omitempty"`
	// RelatedAlertIds - READ-ONLY; List of related alert identifiers
	RelatedAlertIds *[]string `json:"relatedAlertIds,omitempty"`
	// Tactics - READ-ONLY; The tactics associated with case
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// Severity - The severity of the case. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational'
	Severity CaseSeverity `json:"severity,omitempty"`
	// StartTimeUtc - The start time of the case
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// Status - The status of the case. Possible values include: 'CaseStatusDraft', 'CaseStatusNew', 'CaseStatusInProgress', 'CaseStatusClosed'
	Status CaseStatus `json:"status,omitempty"`
	// Title - The title of the case
	Title *string `json:"title,omitempty"`
	// TotalComments - READ-ONLY; the number of total comments in the case
	TotalComments *int32 `json:"totalComments,omitempty"`
}

CaseProperties describes case properties

func (CaseProperties) MarshalJSON 

func (cp CaseProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseProperties.

type CaseRelation 

type CaseRelation struct {
	autorest.Response `json:"-"`
	// CaseRelationProperties - Case relation properties
	*CaseRelationProperties `json:"properties,omitempty"`
	// Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks'
	Kind RelationTypes `json:"kind,omitempty"`
	// Etag - ETag for relation
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

CaseRelation represents a case relation

func (CaseRelation) MarshalJSON 

func (cr CaseRelation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseRelation.

func (*CaseRelation) UnmarshalJSON 

func (cr *CaseRelation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CaseRelation struct.

type CaseRelationList 

type CaseRelationList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of relations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of relations.
	Value *[]CaseRelation `json:"value,omitempty"`
}

CaseRelationList list of case relations.

func (CaseRelationList) IsEmpty 

func (crl CaseRelationList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (CaseRelationList) MarshalJSON 

func (crl CaseRelationList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CaseRelationList.

type CaseRelationListIterator 

type CaseRelationListIterator struct {
	// contains filtered or unexported fields
}

CaseRelationListIterator provides access to a complete listing of CaseRelation values.

func NewCaseRelationListIterator 

func NewCaseRelationListIterator(page CaseRelationListPage) CaseRelationListIterator

Creates a new instance of the CaseRelationListIterator type.

func (*CaseRelationListIterator) Next 

func (iter *CaseRelationListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseRelationListIterator) NextWithContext 

func (iter *CaseRelationListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (CaseRelationListIterator) NotDone 

func (iter CaseRelationListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (CaseRelationListIterator) Response 

func (iter CaseRelationListIterator) Response() CaseRelationList

Response returns the raw server response from the last page request.

func (CaseRelationListIterator) Value 

func (iter CaseRelationListIterator) Value() CaseRelation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type CaseRelationListPage 

type CaseRelationListPage struct {
	// contains filtered or unexported fields
}

CaseRelationListPage contains a page of CaseRelation values.

func NewCaseRelationListPage 

func NewCaseRelationListPage(cur CaseRelationList, getNextPage func(context.Context, CaseRelationList) (CaseRelationList, error)) CaseRelationListPage

Creates a new instance of the CaseRelationListPage type.

func (*CaseRelationListPage) Next 

func (page *CaseRelationListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*CaseRelationListPage) NextWithContext 

func (page *CaseRelationListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (CaseRelationListPage) NotDone 

func (page CaseRelationListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (CaseRelationListPage) Response 

func (page CaseRelationListPage) Response() CaseRelationList

Response returns the raw server response from the last page request.

func (CaseRelationListPage) Values 

func (page CaseRelationListPage) Values() []CaseRelation

Values returns the slice of values for the current page or nil if there are no values.

type CaseRelationProperties 

type CaseRelationProperties struct {
	// RelationName - Name of relation
	RelationName *string `json:"relationName,omitempty"`
	// BookmarkID - The case related bookmark id
	BookmarkID *string `json:"bookmarkId,omitempty"`
	// CaseIdentifier - The case identifier
	CaseIdentifier *string `json:"caseIdentifier,omitempty"`
	// BookmarkName - The case related bookmark name
	BookmarkName *string `json:"bookmarkName,omitempty"`
}

CaseRelationProperties case relation properties

type CaseRelationsClient 

type CaseRelationsClient struct {
	BaseClient
}

CaseRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCaseRelationsClient 

func NewCaseRelationsClient(subscriptionID string) CaseRelationsClient

NewCaseRelationsClient creates an instance of the CaseRelationsClient client.

func NewCaseRelationsClientWithBaseURI 

func NewCaseRelationsClientWithBaseURI(baseURI string, subscriptionID string) CaseRelationsClient

NewCaseRelationsClientWithBaseURI creates an instance of the CaseRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (CaseRelationsClient) CreateOrUpdateRelation 

func (client CaseRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (result CaseRelation, err error)

CreateOrUpdateRelation creates or updates the case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name relationInputModel - the relation input model

func (CaseRelationsClient) CreateOrUpdateRelationPreparer 

func (client CaseRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string, relationInputModel RelationsModelInput) (*http.Request, error)

CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.

func (CaseRelationsClient) CreateOrUpdateRelationResponder 

func (client CaseRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result CaseRelation, err error)

CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.

func (CaseRelationsClient) CreateOrUpdateRelationSender 

func (client CaseRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)

CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.

func (CaseRelationsClient) DeleteRelation 

func (client CaseRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result autorest.Response, err error)

DeleteRelation delete the case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name

func (CaseRelationsClient) DeleteRelationPreparer 

func (client CaseRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error)

DeleteRelationPreparer prepares the DeleteRelation request.

func (CaseRelationsClient) DeleteRelationResponder 

func (client CaseRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)

DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.

func (CaseRelationsClient) DeleteRelationSender 

func (client CaseRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)

DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.

func (CaseRelationsClient) GetRelation 

func (client CaseRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (result CaseRelation, err error)

GetRelation gets a case relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID relationName - relation Name

func (CaseRelationsClient) GetRelationPreparer 

func (client CaseRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (CaseRelationsClient) GetRelationResponder 

func (client CaseRelationsClient) GetRelationResponder(resp *http.Response) (result CaseRelation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (CaseRelationsClient) GetRelationSender 

func (client CaseRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

func (CaseRelationsClient) List 

func (client CaseRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListPage, err error)

List gets all case relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CaseRelationsClient) ListComplete 

func (client CaseRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseRelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (CaseRelationsClient) ListPreparer 

func (client CaseRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (CaseRelationsClient) ListResponder 

func (client CaseRelationsClient) ListResponder(resp *http.Response) (result CaseRelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (CaseRelationsClient) ListSender 

func (client CaseRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type CaseSeverity 

type CaseSeverity string

CaseSeverity enumerates the values for case severity. 

const (
	// CaseSeverityCritical Critical severity
	CaseSeverityCritical CaseSeverity = "Critical"
	// CaseSeverityHigh High severity
	CaseSeverityHigh CaseSeverity = "High"
	// CaseSeverityInformational Informational severity
	CaseSeverityInformational CaseSeverity = "Informational"
	// CaseSeverityLow Low severity
	CaseSeverityLow CaseSeverity = "Low"
	// CaseSeverityMedium Medium severity
	CaseSeverityMedium CaseSeverity = "Medium"
)

func PossibleCaseSeverityValues 

func PossibleCaseSeverityValues() []CaseSeverity

PossibleCaseSeverityValues returns an array of possible values for the CaseSeverity const type.

type CaseStatus 

type CaseStatus string

CaseStatus enumerates the values for case status. 

const (
	// CaseStatusClosed A non active case
	CaseStatusClosed CaseStatus = "Closed"
	// CaseStatusDraft Case that wasn't promoted yet to active
	CaseStatusDraft CaseStatus = "Draft"
	// CaseStatusInProgress An active case which is handled
	CaseStatusInProgress CaseStatus = "InProgress"
	// CaseStatusNew An active case which isn't handled currently
	CaseStatusNew CaseStatus = "New"
)

func PossibleCaseStatusValues 

func PossibleCaseStatusValues() []CaseStatus

PossibleCaseStatusValues returns an array of possible values for the CaseStatus const type.

type CasesAggregation 

type CasesAggregation struct {
	// CasesAggregationProperties - Properties of aggregations results of cases.
	*CasesAggregationProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindAggregations', 'KindCasesAggregation'
	Kind Kind `json:"kind,omitempty"`
}

CasesAggregation represents aggregations results for cases.

func (CasesAggregation) AsAggregations 

func (ca CasesAggregation) AsAggregations() (*Aggregations, bool)

AsAggregations is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) AsBasicAggregations 

func (ca CasesAggregation) AsBasicAggregations() (BasicAggregations, bool)

AsBasicAggregations is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) AsCasesAggregation 

func (ca CasesAggregation) AsCasesAggregation() (*CasesAggregation, bool)

AsCasesAggregation is the BasicAggregations implementation for CasesAggregation.

func (CasesAggregation) MarshalJSON 

func (ca CasesAggregation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CasesAggregation.

func (*CasesAggregation) UnmarshalJSON 

func (ca *CasesAggregation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CasesAggregation struct.

type CasesAggregationBySeverityProperties 

type CasesAggregationBySeverityProperties struct {
	// TotalCriticalSeverity - READ-ONLY; Total amount of open cases with severity Critical
	TotalCriticalSeverity *int32 `json:"totalCriticalSeverity,omitempty"`
	// TotalHighSeverity - READ-ONLY; Total amount of open cases with severity High
	TotalHighSeverity *int32 `json:"totalHighSeverity,omitempty"`
	// TotalInformationalSeverity - READ-ONLY; Total amount of open cases with severity Informational
	TotalInformationalSeverity *int32 `json:"totalInformationalSeverity,omitempty"`
	// TotalLowSeverity - READ-ONLY; Total amount of open cases with severity Low
	TotalLowSeverity *int32 `json:"totalLowSeverity,omitempty"`
	// TotalMediumSeverity - READ-ONLY; Total amount of open cases with severity medium
	TotalMediumSeverity *int32 `json:"totalMediumSeverity,omitempty"`
}

CasesAggregationBySeverityProperties aggregative results of cases by severity property bag.

type CasesAggregationByStatusProperties 

type CasesAggregationByStatusProperties struct {
	// TotalDismissedStatus - READ-ONLY; Total amount of open cases with status Dismissed
	TotalDismissedStatus *int32 `json:"totalDismissedStatus,omitempty"`
	// TotalInProgressStatus - READ-ONLY; Total amount of open cases with status InProgress
	TotalInProgressStatus *int32 `json:"totalInProgressStatus,omitempty"`
	// TotalNewStatus - READ-ONLY; Total amount of open cases with status New
	TotalNewStatus *int32 `json:"totalNewStatus,omitempty"`
	// TotalResolvedStatus - READ-ONLY; Total amount of open cases with status Resolved
	TotalResolvedStatus *int32 `json:"totalResolvedStatus,omitempty"`
}

CasesAggregationByStatusProperties aggregative results of cases by status property bag.

type CasesAggregationProperties 

type CasesAggregationProperties struct {
	// AggregationBySeverity - Aggregations results by case severity.
	AggregationBySeverity *CasesAggregationBySeverityProperties `json:"aggregationBySeverity,omitempty"`
	// AggregationByStatus - Aggregations results by case status.
	AggregationByStatus *CasesAggregationByStatusProperties `json:"aggregationByStatus,omitempty"`
}

CasesAggregationProperties aggregative results of cases property bag.

type CasesAggregationsClient 

type CasesAggregationsClient struct {
	BaseClient
}

CasesAggregationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCasesAggregationsClient 

func NewCasesAggregationsClient(subscriptionID string) CasesAggregationsClient

NewCasesAggregationsClient creates an instance of the CasesAggregationsClient client.

func NewCasesAggregationsClientWithBaseURI 

func NewCasesAggregationsClientWithBaseURI(baseURI string, subscriptionID string) CasesAggregationsClient

NewCasesAggregationsClientWithBaseURI creates an instance of the CasesAggregationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (CasesAggregationsClient) Get 

func (client CasesAggregationsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (result AggregationsModel, err error)

Get get aggregative result for the given resources under the defined workspace Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. aggregationsName - the aggregation name. Supports - Cases

func (CasesAggregationsClient) GetPreparer 

func (client CasesAggregationsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, aggregationsName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (CasesAggregationsClient) GetResponder 

func (client CasesAggregationsClient) GetResponder(resp *http.Response) (result AggregationsModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (CasesAggregationsClient) GetSender 

func (client CasesAggregationsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

type CasesClient 

type CasesClient struct {
	BaseClient
}

CasesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCasesClient 

func NewCasesClient(subscriptionID string) CasesClient

NewCasesClient creates an instance of the CasesClient client.

func NewCasesClientWithBaseURI 

func NewCasesClientWithBaseURI(baseURI string, subscriptionID string) CasesClient

NewCasesClientWithBaseURI creates an instance of the CasesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (CasesClient) CreateOrUpdate 

func (client CasesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (result Case, err error)

CreateOrUpdate creates or updates the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseParameter - the case

func (CasesClient) CreateOrUpdatePreparer 

func (client CasesClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseParameter Case) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (CasesClient) CreateOrUpdateResponder 

func (client CasesClient) CreateOrUpdateResponder(resp *http.Response) (result Case, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (CasesClient) CreateOrUpdateSender 

func (client CasesClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (CasesClient) Delete 

func (client CasesClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result autorest.Response, err error)

Delete delete the case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID

func (CasesClient) DeletePreparer 

func (client CasesClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (CasesClient) DeleteResponder 

func (client CasesClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (CasesClient) DeleteSender 

func (client CasesClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (CasesClient) Get 

func (client CasesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (result Case, err error)

Get gets a case. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID

func (CasesClient) GetComment 

func (client CasesClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (result CaseComment, err error)

GetComment gets a case comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID caseCommentID - case comment ID

func (CasesClient) GetCommentPreparer 

func (client CasesClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, caseCommentID string) (*http.Request, error)

GetCommentPreparer prepares the GetComment request.

func (CasesClient) GetCommentResponder 

func (client CasesClient) GetCommentResponder(resp *http.Response) (result CaseComment, err error)

GetCommentResponder handles the response to the GetComment request. The method always closes the http.Response Body.

func (CasesClient) GetCommentSender 

func (client CasesClient) GetCommentSender(req *http.Request) (*http.Response, error)

GetCommentSender sends the GetComment request. The method will close the http.Response Body if it receives an error.

func (CasesClient) GetPreparer 

func (client CasesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (CasesClient) GetResponder 

func (client CasesClient) GetResponder(resp *http.Response) (result Case, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (CasesClient) GetSender 

func (client CasesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (CasesClient) List 

func (client CasesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListPage, err error)

List gets all cases. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CasesClient) ListComplete 

func (client CasesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result CaseListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (CasesClient) ListPreparer 

func (client CasesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (CasesClient) ListResponder 

func (client CasesClient) ListResponder(resp *http.Response) (result CaseList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (CasesClient) ListSender 

func (client CasesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type ClientInfo 

type ClientInfo struct {
	// Email - The email of the client.
	Email *string `json:"email,omitempty"`
	// Name - The name of the client.
	Name *string `json:"name,omitempty"`
	// ObjectID - The object id of the client.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
	// UserPrincipalName - The user principal name of the client.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
}

ClientInfo information on the client (user or application) that made some action

type CloseReason 

type CloseReason string

CloseReason enumerates the values for close reason. 

const (
	// Dismissed Case was dismissed
	Dismissed CloseReason = "Dismissed"
	// FalsePositive Case was false positive
	FalsePositive CloseReason = "FalsePositive"
	// Other Case was closed for another reason
	Other CloseReason = "Other"
	// Resolved Case was resolved
	Resolved CloseReason = "Resolved"
	// TruePositive Case was true positive
	TruePositive CloseReason = "TruePositive"
)

func PossibleCloseReasonValues 

func PossibleCloseReasonValues() []CloseReason

PossibleCloseReasonValues returns an array of possible values for the CloseReason const type.

type CloudApplicationEntity 

type CloudApplicationEntity struct {
	// CloudApplicationEntityProperties - CloudApplication entity properties
	*CloudApplicationEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

CloudApplicationEntity represents a cloud application entity.

func (CloudApplicationEntity) AsAccountEntity 

func (cae CloudApplicationEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsAzureResourceEntity 

func (cae CloudApplicationEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsBasicEntity 

func (cae CloudApplicationEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsCloudApplicationEntity 

func (cae CloudApplicationEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsDNSEntity 

func (cae CloudApplicationEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsEntity 

func (cae CloudApplicationEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsFileEntity 

func (cae CloudApplicationEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsFileHashEntity 

func (cae CloudApplicationEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsHostEntity 

func (cae CloudApplicationEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsHuntingBookmark 

func (cae CloudApplicationEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsIPEntity 

func (cae CloudApplicationEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsIoTDeviceEntity 

func (cae CloudApplicationEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsMalwareEntity 

func (cae CloudApplicationEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsProcessEntity 

func (cae CloudApplicationEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsRegistryKeyEntity 

func (cae CloudApplicationEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsRegistryValueEntity 

func (cae CloudApplicationEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSecurityAlert 

func (cae CloudApplicationEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsSecurityGroupEntity 

func (cae CloudApplicationEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) AsURLEntity 

func (cae CloudApplicationEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for CloudApplicationEntity.

func (CloudApplicationEntity) MarshalJSON 

func (cae CloudApplicationEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudApplicationEntity.

func (*CloudApplicationEntity) UnmarshalJSON 

func (cae *CloudApplicationEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CloudApplicationEntity struct.

type CloudApplicationEntityProperties 

type CloudApplicationEntityProperties struct {
	// AppID - READ-ONLY; The technical identifier of the application.
	AppID *int32 `json:"appId,omitempty"`
	// AppName - READ-ONLY; The name of the related cloud application.
	AppName *string `json:"appName,omitempty"`
	// InstanceName - READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications of the same type that a customer has.
	InstanceName *string `json:"instanceName,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

CloudApplicationEntityProperties cloudApplication entity property bag.

func (CloudApplicationEntityProperties) MarshalJSON 

func (caep CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudApplicationEntityProperties.

type CloudError 

type CloudError struct {
	// CloudErrorBody - Error data
	*CloudErrorBody `json:"error,omitempty"`
}

CloudError error response structure.

func (CloudError) MarshalJSON 

func (ce CloudError) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for CloudError.

func (*CloudError) UnmarshalJSON 

func (ce *CloudError) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for CloudError struct.

type CloudErrorBody 

type CloudErrorBody struct {
	// Code - READ-ONLY; An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
	Code *string `json:"code,omitempty"`
	// Message - READ-ONLY; A message describing the error, intended to be suitable for display in a user interface.
	Message *string `json:"message,omitempty"`
}

CloudErrorBody error details.

type CommentsClient 

type CommentsClient struct {
	BaseClient
}

CommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewCommentsClient 

func NewCommentsClient(subscriptionID string) CommentsClient

NewCommentsClient creates an instance of the CommentsClient client.

func NewCommentsClientWithBaseURI 

func NewCommentsClientWithBaseURI(baseURI string, subscriptionID string) CommentsClient

NewCommentsClientWithBaseURI creates an instance of the CommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (CommentsClient) ListByCase 

func (client CommentsClient) ListByCase(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListPage, err error)

ListByCase gets all case comments. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. caseID - case ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (CommentsClient) ListByCaseComplete 

func (client CommentsClient) ListByCaseComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (result CaseCommentListIterator, err error)

ListByCaseComplete enumerates all values, automatically crossing page boundaries as required.

func (CommentsClient) ListByCasePreparer 

func (client CommentsClient) ListByCasePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, caseID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListByCasePreparer prepares the ListByCase request.

func (CommentsClient) ListByCaseResponder 

func (client CommentsClient) ListByCaseResponder(resp *http.Response) (result CaseCommentList, err error)

ListByCaseResponder handles the response to the ListByCase request. The method always closes the http.Response Body.

func (CommentsClient) ListByCaseSender 

func (client CommentsClient) ListByCaseSender(req *http.Request) (*http.Response, error)

ListByCaseSender sends the ListByCase request. The method will close the http.Response Body if it receives an error.

type ConfidenceLevel 

type ConfidenceLevel string

ConfidenceLevel enumerates the values for confidence level. 

const (
	// ConfidenceLevelHigh High confidence that the alert is true positive malicious
	ConfidenceLevelHigh ConfidenceLevel = "High"
	// ConfidenceLevelLow Low confidence, meaning we have some doubts this is indeed malicious or part of an
	// attack
	ConfidenceLevelLow ConfidenceLevel = "Low"
	// ConfidenceLevelUnknown Unknown confidence, the is the default value
	ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)

func PossibleConfidenceLevelValues 

func PossibleConfidenceLevelValues() []ConfidenceLevel

PossibleConfidenceLevelValues returns an array of possible values for the ConfidenceLevel const type.

type ConfidenceScoreStatus 

type ConfidenceScoreStatus string

ConfidenceScoreStatus enumerates the values for confidence score status. 

const (
	// Final Final score was calculated and available
	Final ConfidenceScoreStatus = "Final"
	// InProcess No score was set yet and calculation is in progress
	InProcess ConfidenceScoreStatus = "InProcess"
	// NotApplicable Score will not be calculated for this alert as it is not supported by virtual analyst
	NotApplicable ConfidenceScoreStatus = "NotApplicable"
	// NotFinal Score is calculated and shown as part of the alert, but may be updated again at a later time
	// following the processing of additional data
	NotFinal ConfidenceScoreStatus = "NotFinal"
)

func PossibleConfidenceScoreStatusValues 

func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus

PossibleConfidenceScoreStatusValues returns an array of possible values for the ConfidenceScoreStatus const type.

type DNSEntity 

type DNSEntity struct {
	// DNSEntityProperties - Dns entity properties
	*DNSEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

DNSEntity represents a dns entity.

func (DNSEntity) AsAccountEntity 

func (de DNSEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsAzureResourceEntity 

func (de DNSEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsBasicEntity 

func (de DNSEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsCloudApplicationEntity 

func (de DNSEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsDNSEntity 

func (de DNSEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsEntity 

func (de DNSEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsFileEntity 

func (de DNSEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsFileHashEntity 

func (de DNSEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsHostEntity 

func (de DNSEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsHuntingBookmark 

func (de DNSEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsIPEntity 

func (de DNSEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsIoTDeviceEntity 

func (de DNSEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsMalwareEntity 

func (de DNSEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsProcessEntity 

func (de DNSEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsRegistryKeyEntity 

func (de DNSEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsRegistryValueEntity 

func (de DNSEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSecurityAlert 

func (de DNSEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsSecurityGroupEntity 

func (de DNSEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) AsURLEntity 

func (de DNSEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for DNSEntity.

func (DNSEntity) MarshalJSON 

func (de DNSEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DNSEntity.

func (*DNSEntity) UnmarshalJSON 

func (de *DNSEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DNSEntity struct.

type DNSEntityProperties 

type DNSEntityProperties struct {
	// DNSServerIPEntityID - READ-ONLY; An ip entity id for the dns server resolving the request
	DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty"`
	// DomainName - READ-ONLY; The name of the dns record associated with the alert
	DomainName *string `json:"domainName,omitempty"`
	// HostIPAddressEntityID - READ-ONLY; An ip entity id for the dns request client
	HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty"`
	// IPAddressEntityIds - READ-ONLY; Ip entity identifiers for the resolved ip address.
	IPAddressEntityIds *[]string `json:"ipAddressEntityIds,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

DNSEntityProperties dns entity property bag.

func (DNSEntityProperties) MarshalJSON 

func (dep DNSEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DNSEntityProperties.

type DataConnector 

type DataConnector struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

DataConnector data connector.

func (DataConnector) AsAADDataConnector 

func (dc DataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAATPDataConnector 

func (dc DataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsASCDataConnector 

func (dc DataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsAwsCloudTrailDataConnector 

func (dc DataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsBasicDataConnector 

func (dc DataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsDataConnector 

func (dc DataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMCASDataConnector 

func (dc DataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsMDATPDataConnector 

func (dc DataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsOfficeATPDataConnector 

func (dc DataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsOfficeDataConnector 

func (dc DataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsTIDataConnector 

func (dc DataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) AsTiTaxiiDataConnector 

func (dc DataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for DataConnector.

func (DataConnector) MarshalJSON 

func (dc DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnector.

type DataConnectorAuthorizationState 

type DataConnectorAuthorizationState string

DataConnectorAuthorizationState enumerates the values for data connector authorization state. 

const (
	// Invalid ...
	Invalid DataConnectorAuthorizationState = "Invalid"
	// Valid ...
	Valid DataConnectorAuthorizationState = "Valid"
)

func PossibleDataConnectorAuthorizationStateValues 

func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState

PossibleDataConnectorAuthorizationStateValues returns an array of possible values for the DataConnectorAuthorizationState const type.

type DataConnectorDataTypeCommon 

type DataConnectorDataTypeCommon struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

DataConnectorDataTypeCommon common field for data type in data connectors.

type DataConnectorKind 

type DataConnectorKind string

DataConnectorKind enumerates the values for data connector kind. 

const (
	// DataConnectorKindAmazonWebServicesCloudTrail ...
	DataConnectorKindAmazonWebServicesCloudTrail DataConnectorKind = "AmazonWebServicesCloudTrail"
	// DataConnectorKindAzureActiveDirectory ...
	DataConnectorKindAzureActiveDirectory DataConnectorKind = "AzureActiveDirectory"
	// DataConnectorKindAzureAdvancedThreatProtection ...
	DataConnectorKindAzureAdvancedThreatProtection DataConnectorKind = "AzureAdvancedThreatProtection"
	// DataConnectorKindAzureSecurityCenter ...
	DataConnectorKindAzureSecurityCenter DataConnectorKind = "AzureSecurityCenter"
	// DataConnectorKindMicrosoftCloudAppSecurity ...
	DataConnectorKindMicrosoftCloudAppSecurity DataConnectorKind = "MicrosoftCloudAppSecurity"
	// DataConnectorKindMicrosoftDefenderAdvancedThreatProtection ...
	DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
	// DataConnectorKindOffice365 ...
	DataConnectorKindOffice365 DataConnectorKind = "Office365"
	// DataConnectorKindOfficeATP ...
	DataConnectorKindOfficeATP DataConnectorKind = "OfficeATP"
	// DataConnectorKindThreatIntelligence ...
	DataConnectorKindThreatIntelligence DataConnectorKind = "ThreatIntelligence"
	// DataConnectorKindThreatIntelligenceTaxii ...
	DataConnectorKindThreatIntelligenceTaxii DataConnectorKind = "ThreatIntelligenceTaxii"
)

func PossibleDataConnectorKindValues 

func PossibleDataConnectorKindValues() []DataConnectorKind

PossibleDataConnectorKindValues returns an array of possible values for the DataConnectorKind const type.

type DataConnectorKind1 

type DataConnectorKind1 struct {
	// Kind - The kind of the data connector. Possible values include: 'DataConnectorKindAzureActiveDirectory', 'DataConnectorKindAzureSecurityCenter', 'DataConnectorKindMicrosoftCloudAppSecurity', 'DataConnectorKindThreatIntelligence', 'DataConnectorKindThreatIntelligenceTaxii', 'DataConnectorKindOffice365', 'DataConnectorKindOfficeATP', 'DataConnectorKindAmazonWebServicesCloudTrail', 'DataConnectorKindAzureAdvancedThreatProtection', 'DataConnectorKindMicrosoftDefenderAdvancedThreatProtection'
	Kind DataConnectorKind `json:"kind,omitempty"`
}

DataConnectorKind1 describes an Azure resource with kind.

type DataConnectorLicenseState 

type DataConnectorLicenseState string

DataConnectorLicenseState enumerates the values for data connector license state. 

const (
	// DataConnectorLicenseStateInvalid ...
	DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid"
	// DataConnectorLicenseStateUnknown ...
	DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown"
	// DataConnectorLicenseStateValid ...
	DataConnectorLicenseStateValid DataConnectorLicenseState = "Valid"
)

func PossibleDataConnectorLicenseStateValues 

func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState

PossibleDataConnectorLicenseStateValues returns an array of possible values for the DataConnectorLicenseState const type.

type DataConnectorList 

type DataConnectorList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of data connectors.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of data connectors.
	Value *[]BasicDataConnector `json:"value,omitempty"`
}

DataConnectorList list all the data connectors.

func (DataConnectorList) IsEmpty 

func (dcl DataConnectorList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (DataConnectorList) MarshalJSON 

func (dcl DataConnectorList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnectorList.

func (*DataConnectorList) UnmarshalJSON 

func (dcl *DataConnectorList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorList struct.

type DataConnectorListIterator 

type DataConnectorListIterator struct {
	// contains filtered or unexported fields
}

DataConnectorListIterator provides access to a complete listing of DataConnector values.

func NewDataConnectorListIterator 

func NewDataConnectorListIterator(page DataConnectorListPage) DataConnectorListIterator

Creates a new instance of the DataConnectorListIterator type.

func (*DataConnectorListIterator) Next 

func (iter *DataConnectorListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListIterator) NextWithContext 

func (iter *DataConnectorListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (DataConnectorListIterator) NotDone 

func (iter DataConnectorListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (DataConnectorListIterator) Response 

func (iter DataConnectorListIterator) Response() DataConnectorList

Response returns the raw server response from the last page request.

func (DataConnectorListIterator) Value 

func (iter DataConnectorListIterator) Value() BasicDataConnector

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type DataConnectorListPage 

type DataConnectorListPage struct {
	// contains filtered or unexported fields
}

DataConnectorListPage contains a page of BasicDataConnector values.

func NewDataConnectorListPage 

func NewDataConnectorListPage(cur DataConnectorList, getNextPage func(context.Context, DataConnectorList) (DataConnectorList, error)) DataConnectorListPage

Creates a new instance of the DataConnectorListPage type.

func (*DataConnectorListPage) Next 

func (page *DataConnectorListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*DataConnectorListPage) NextWithContext 

func (page *DataConnectorListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (DataConnectorListPage) NotDone 

func (page DataConnectorListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (DataConnectorListPage) Response 

func (page DataConnectorListPage) Response() DataConnectorList

Response returns the raw server response from the last page request.

func (DataConnectorListPage) Values 

func (page DataConnectorListPage) Values() []BasicDataConnector

Values returns the slice of values for the current page or nil if there are no values.

type DataConnectorModel 

type DataConnectorModel struct {
	autorest.Response `json:"-"`
	Value             BasicDataConnector `json:"value,omitempty"`
}

DataConnectorModel ...

func (*DataConnectorModel) UnmarshalJSON 

func (dcm *DataConnectorModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for DataConnectorModel struct.

type DataConnectorRequirementsState 

type DataConnectorRequirementsState struct {
	autorest.Response `json:"-"`
	// AuthorizationState - Authorization state for this connector. Possible values include: 'Valid', 'Invalid'
	AuthorizationState DataConnectorAuthorizationState `json:"authorizationState,omitempty"`
	// LicenseState - License state for this connector. Possible values include: 'DataConnectorLicenseStateValid', 'DataConnectorLicenseStateInvalid', 'DataConnectorLicenseStateUnknown'
	LicenseState DataConnectorLicenseState `json:"licenseState,omitempty"`
}

DataConnectorRequirementsState data connector requirements status.

type DataConnectorTenantID 

type DataConnectorTenantID struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

DataConnectorTenantID properties data connector on tenant level.

type DataConnectorWithAlertsProperties 

type DataConnectorWithAlertsProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

DataConnectorWithAlertsProperties data connector properties.

type DataConnectorsCheckRequirements 

type DataConnectorsCheckRequirements struct {
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

DataConnectorsCheckRequirements data connector requirements properties.

func (DataConnectorsCheckRequirements) AsAADCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsAATPCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsASCCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsDataConnectorsCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsMCASCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsMDATPCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsTICheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) AsTiTaxiiCheckRequirements 

func (dccr DataConnectorsCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) MarshalJSON 

func (dccr DataConnectorsCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for DataConnectorsCheckRequirements.

type DataConnectorsCheckRequirementsClient 

type DataConnectorsCheckRequirementsClient struct {
	BaseClient
}

DataConnectorsCheckRequirementsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewDataConnectorsCheckRequirementsClient 

func NewDataConnectorsCheckRequirementsClient(subscriptionID string) DataConnectorsCheckRequirementsClient

NewDataConnectorsCheckRequirementsClient creates an instance of the DataConnectorsCheckRequirementsClient client.

func NewDataConnectorsCheckRequirementsClientWithBaseURI 

func NewDataConnectorsCheckRequirementsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsCheckRequirementsClient

NewDataConnectorsCheckRequirementsClientWithBaseURI creates an instance of the DataConnectorsCheckRequirementsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (DataConnectorsCheckRequirementsClient) Post 

func (client DataConnectorsCheckRequirementsClient) Post(ctx context.Context, resourceGroupName string, workspaceName string, operationalInsightsResourceProvider string, dataConnectorsCheckRequirements BasicDataConnectorsCheckRequirements) (result DataConnectorRequirementsState, err error)

Post get requirements state for a data connector type. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. workspaceName - the name of the workspace. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. dataConnectorsCheckRequirements - the parameters for requirements check message

func (DataConnectorsCheckRequirementsClient) PostPreparer 

func (client DataConnectorsCheckRequirementsClient) PostPreparer(ctx context.Context, resourceGroupName string, workspaceName string, operationalInsightsResourceProvider string, dataConnectorsCheckRequirements BasicDataConnectorsCheckRequirements) (*http.Request, error)

PostPreparer prepares the Post request.

func (DataConnectorsCheckRequirementsClient) PostResponder 

func (client DataConnectorsCheckRequirementsClient) PostResponder(resp *http.Response) (result DataConnectorRequirementsState, err error)

PostResponder handles the response to the Post request. The method always closes the http.Response Body.

func (DataConnectorsCheckRequirementsClient) PostSender 

func (client DataConnectorsCheckRequirementsClient) PostSender(req *http.Request) (*http.Response, error)

PostSender sends the Post request. The method will close the http.Response Body if it receives an error.

type DataConnectorsClient 

type DataConnectorsClient struct {
	BaseClient
}

DataConnectorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewDataConnectorsClient 

func NewDataConnectorsClient(subscriptionID string) DataConnectorsClient

NewDataConnectorsClient creates an instance of the DataConnectorsClient client.

func NewDataConnectorsClientWithBaseURI 

func NewDataConnectorsClientWithBaseURI(baseURI string, subscriptionID string) DataConnectorsClient

NewDataConnectorsClientWithBaseURI creates an instance of the DataConnectorsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (DataConnectorsClient) CreateOrUpdate 

func (client DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (result DataConnectorModel, err error)

CreateOrUpdate creates or updates the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID dataConnector - the data connector

func (DataConnectorsClient) CreateOrUpdatePreparer 

func (client DataConnectorsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string, dataConnector BasicDataConnector) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (DataConnectorsClient) CreateOrUpdateResponder 

func (client DataConnectorsClient) CreateOrUpdateResponder(resp *http.Response) (result DataConnectorModel, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (DataConnectorsClient) CreateOrUpdateSender 

func (client DataConnectorsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Delete 

func (client DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result autorest.Response, err error)

Delete delete the data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) DeletePreparer 

func (client DataConnectorsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (DataConnectorsClient) DeleteResponder 

func (client DataConnectorsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (DataConnectorsClient) DeleteSender 

func (client DataConnectorsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) Get 

func (client DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (result DataConnectorModel, err error)

Get gets a data connector. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. dataConnectorID - connector ID

func (DataConnectorsClient) GetPreparer 

func (client DataConnectorsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, dataConnectorID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (DataConnectorsClient) GetResponder 

func (client DataConnectorsClient) GetResponder(resp *http.Response) (result DataConnectorModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (DataConnectorsClient) GetSender 

func (client DataConnectorsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (DataConnectorsClient) List 

func (client DataConnectorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListPage, err error)

List gets all data connectors. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (DataConnectorsClient) ListComplete 

func (client DataConnectorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result DataConnectorListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (DataConnectorsClient) ListPreparer 

func (client DataConnectorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (DataConnectorsClient) ListResponder 

func (client DataConnectorsClient) ListResponder(resp *http.Response) (result DataConnectorList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (DataConnectorsClient) ListSender 

func (client DataConnectorsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type DataTypeState 

type DataTypeState string

DataTypeState enumerates the values for data type state. 

const (
	// Disabled ...
	Disabled DataTypeState = "Disabled"
	// Enabled ...
	Enabled DataTypeState = "Enabled"
)

func PossibleDataTypeStateValues 

func PossibleDataTypeStateValues() []DataTypeState

PossibleDataTypeStateValues returns an array of possible values for the DataTypeState const type.

type ElevationToken 

type ElevationToken string

ElevationToken enumerates the values for elevation token. 

const (
	// Default Default elevation token
	Default ElevationToken = "Default"
	// Full Full elevation token
	Full ElevationToken = "Full"
	// Limited Limited elevation token
	Limited ElevationToken = "Limited"
)

func PossibleElevationTokenValues 

func PossibleElevationTokenValues() []ElevationToken

PossibleElevationTokenValues returns an array of possible values for the ElevationToken const type.

type EntitiesClient 

type EntitiesClient struct {
	BaseClient
}

EntitiesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesClient 

func NewEntitiesClient(subscriptionID string) EntitiesClient

NewEntitiesClient creates an instance of the EntitiesClient client.

func NewEntitiesClientWithBaseURI 

func NewEntitiesClientWithBaseURI(baseURI string, subscriptionID string) EntitiesClient

NewEntitiesClientWithBaseURI creates an instance of the EntitiesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntitiesClient) Expand 

func (client EntitiesClient) Expand(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (result EntityExpandResponse, err error)

Expand expands an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an expand operation on the given entity.

func (EntitiesClient) ExpandPreparer 

func (client EntitiesClient) ExpandPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityExpandParameters) (*http.Request, error)

ExpandPreparer prepares the Expand request.

func (EntitiesClient) ExpandResponder 

func (client EntitiesClient) ExpandResponder(resp *http.Response) (result EntityExpandResponse, err error)

ExpandResponder handles the response to the Expand request. The method always closes the http.Response Body.

func (EntitiesClient) ExpandSender 

func (client EntitiesClient) ExpandSender(req *http.Request) (*http.Response, error)

ExpandSender sends the Expand request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) Get 

func (client EntitiesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (result EntityModel, err error)

Get gets an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID

func (EntitiesClient) GetPreparer 

func (client EntitiesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntitiesClient) GetResponder 

func (client EntitiesClient) GetResponder(resp *http.Response) (result EntityModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntitiesClient) GetSender 

func (client EntitiesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntitiesClient) List 

func (client EntitiesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListPage, err error)

List gets all entities. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (EntitiesClient) ListComplete 

func (client EntitiesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntitiesClient) ListPreparer 

func (client EntitiesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesClient) ListResponder 

func (client EntitiesClient) ListResponder(resp *http.Response) (result EntityList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesClient) ListSender 

func (client EntitiesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntitiesGetTimelineClient 

type EntitiesGetTimelineClient struct {
	BaseClient
}

EntitiesGetTimelineClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesGetTimelineClient 

func NewEntitiesGetTimelineClient(subscriptionID string) EntitiesGetTimelineClient

NewEntitiesGetTimelineClient creates an instance of the EntitiesGetTimelineClient client.

func NewEntitiesGetTimelineClientWithBaseURI 

func NewEntitiesGetTimelineClientWithBaseURI(baseURI string, subscriptionID string) EntitiesGetTimelineClient

NewEntitiesGetTimelineClientWithBaseURI creates an instance of the EntitiesGetTimelineClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntitiesGetTimelineClient) List 

func (client EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityTimelineParameters) (result EntityTimelineResponse, err error)

List timeline for an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID parameters - the parameters required to execute an timeline operation on the given entity.

func (EntitiesGetTimelineClient) ListPreparer 

func (client EntitiesGetTimelineClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, parameters EntityTimelineParameters) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesGetTimelineClient) ListResponder 

func (client EntitiesGetTimelineClient) ListResponder(resp *http.Response) (result EntityTimelineResponse, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesGetTimelineClient) ListSender 

func (client EntitiesGetTimelineClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntitiesMatchingMethod 

type EntitiesMatchingMethod string

EntitiesMatchingMethod enumerates the values for entities matching method. 

const (
	// All Grouping alerts into a single incident if all the entities match
	All EntitiesMatchingMethod = "All"
	// Custom Grouping alerts into a single incident if the selected entities match
	Custom EntitiesMatchingMethod = "Custom"
	// None Grouping all alerts triggered by this rule into a single incident
	None EntitiesMatchingMethod = "None"
)

func PossibleEntitiesMatchingMethodValues 

func PossibleEntitiesMatchingMethodValues() []EntitiesMatchingMethod

PossibleEntitiesMatchingMethodValues returns an array of possible values for the EntitiesMatchingMethod const type.

type EntitiesRelationsClient 

type EntitiesRelationsClient struct {
	BaseClient
}

EntitiesRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntitiesRelationsClient 

func NewEntitiesRelationsClient(subscriptionID string) EntitiesRelationsClient

NewEntitiesRelationsClient creates an instance of the EntitiesRelationsClient client.

func NewEntitiesRelationsClientWithBaseURI 

func NewEntitiesRelationsClientWithBaseURI(baseURI string, subscriptionID string) EntitiesRelationsClient

NewEntitiesRelationsClientWithBaseURI creates an instance of the EntitiesRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntitiesRelationsClient) List 

func (client EntitiesRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)

List gets all relations of an entity. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (EntitiesRelationsClient) ListComplete 

func (client EntitiesRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntitiesRelationsClient) ListPreparer 

func (client EntitiesRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntitiesRelationsClient) ListResponder 

func (client EntitiesRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntitiesRelationsClient) ListSender 

func (client EntitiesRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type Entity 

type Entity struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

Entity specific entity.

func (Entity) AsAccountEntity 

func (e Entity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for Entity.

func (Entity) AsAzureResourceEntity 

func (e Entity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for Entity.

func (Entity) AsBasicEntity 

func (e Entity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for Entity.

func (Entity) AsCloudApplicationEntity 

func (e Entity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for Entity.

func (Entity) AsDNSEntity 

func (e Entity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for Entity.

func (Entity) AsEntity 

func (e Entity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for Entity.

func (Entity) AsFileEntity 

func (e Entity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for Entity.

func (Entity) AsFileHashEntity 

func (e Entity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for Entity.

func (Entity) AsHostEntity 

func (e Entity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for Entity.

func (Entity) AsHuntingBookmark 

func (e Entity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for Entity.

func (Entity) AsIPEntity 

func (e Entity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for Entity.

func (Entity) AsIoTDeviceEntity 

func (e Entity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for Entity.

func (Entity) AsMalwareEntity 

func (e Entity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for Entity.

func (Entity) AsProcessEntity 

func (e Entity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for Entity.

func (Entity) AsRegistryKeyEntity 

func (e Entity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for Entity.

func (Entity) AsRegistryValueEntity 

func (e Entity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for Entity.

func (Entity) AsSecurityAlert 

func (e Entity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for Entity.

func (Entity) AsSecurityGroupEntity 

func (e Entity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for Entity.

func (Entity) AsURLEntity 

func (e Entity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for Entity.

func (Entity) MarshalJSON 

func (e Entity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Entity.

type EntityAnalytics 

type EntityAnalytics struct {
	// EntityAnalyticsProperties - EntityAnalytics properties
	*EntityAnalyticsProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

EntityAnalytics settings with single toggle.

func (EntityAnalytics) AsBasicSettings 

func (ea EntityAnalytics) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsEntityAnalytics 

func (ea EntityAnalytics) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsEyesOn 

func (ea EntityAnalytics) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsSettings 

func (ea EntityAnalytics) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) AsUeba 

func (ea EntityAnalytics) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for EntityAnalytics.

func (EntityAnalytics) MarshalJSON 

func (ea EntityAnalytics) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityAnalytics.

func (*EntityAnalytics) UnmarshalJSON 

func (ea *EntityAnalytics) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityAnalytics struct.

type EntityAnalyticsProperties 

type EntityAnalyticsProperties struct {
	// IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`
}

EntityAnalyticsProperties entityAnalytics property bag.

type EntityCommonProperties 

type EntityCommonProperties struct {
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

EntityCommonProperties entity common property bag.

func (EntityCommonProperties) MarshalJSON 

func (ecp EntityCommonProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityCommonProperties.

type EntityExpandParameters 

type EntityExpandParameters struct {
	// EndTime - The end date filter, so the only expansion results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// ExpansionID - The Id of the expansion to perform.
	ExpansionID *uuid.UUID `json:"expansionId,omitempty"`
	// StartTime - The start date filter, so the only expansion results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
}

EntityExpandParameters the parameters required to execute an expand operation on the given entity.

type EntityExpandResponse 

type EntityExpandResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`
	// Value - The expansion result values.
	Value *EntityExpandResponseValue `json:"value,omitempty"`
}

EntityExpandResponse the entity expansion result operation response.

type EntityExpandResponseValue 

type EntityExpandResponseValue struct {
	// Entities - Array of the expansion result entities.
	Entities *[]BasicEntity `json:"entities,omitempty"`
}

EntityExpandResponseValue the expansion result values.

func (*EntityExpandResponseValue) UnmarshalJSON 

func (eer *EntityExpandResponseValue) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityExpandResponseValue struct.

type EntityKind 

type EntityKind string

EntityKind enumerates the values for entity kind. 

const (
	// EntityKindAccount Entity represents account in the system.
	EntityKindAccount EntityKind = "Account"
	// EntityKindAzureResource Entity represents azure resource in the system.
	EntityKindAzureResource EntityKind = "AzureResource"
	// EntityKindBookmark Entity represents bookmark in the system.
	EntityKindBookmark EntityKind = "Bookmark"
	// EntityKindCloudApplication Entity represents cloud application in the system.
	EntityKindCloudApplication EntityKind = "CloudApplication"
	// EntityKindDNSResolution Entity represents dns resolution in the system.
	EntityKindDNSResolution EntityKind = "DnsResolution"
	// EntityKindFile Entity represents file in the system.
	EntityKindFile EntityKind = "File"
	// EntityKindFileHash Entity represents file hash in the system.
	EntityKindFileHash EntityKind = "FileHash"
	// EntityKindHost Entity represents host in the system.
	EntityKindHost EntityKind = "Host"
	// EntityKindIoTDevice Entity represents IoT device in the system.
	EntityKindIoTDevice EntityKind = "IoTDevice"
	// EntityKindIP Entity represents ip in the system.
	EntityKindIP EntityKind = "Ip"
	// EntityKindMalware Entity represents malware in the system.
	EntityKindMalware EntityKind = "Malware"
	// EntityKindProcess Entity represents process in the system.
	EntityKindProcess EntityKind = "Process"
	// EntityKindRegistryKey Entity represents registry key in the system.
	EntityKindRegistryKey EntityKind = "RegistryKey"
	// EntityKindRegistryValue Entity represents registry value in the system.
	EntityKindRegistryValue EntityKind = "RegistryValue"
	// EntityKindSecurityAlert Entity represents security alert in the system.
	EntityKindSecurityAlert EntityKind = "SecurityAlert"
	// EntityKindSecurityGroup Entity represents security group in the system.
	EntityKindSecurityGroup EntityKind = "SecurityGroup"
	// EntityKindURL Entity represents url in the system.
	EntityKindURL EntityKind = "Url"
)

func PossibleEntityKindValues 

func PossibleEntityKindValues() []EntityKind

PossibleEntityKindValues returns an array of possible values for the EntityKind const type.

type EntityKind1 

type EntityKind1 struct {
	// Kind - The kind of the entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark'
	Kind EntityKind `json:"kind,omitempty"`
}

EntityKind1 describes an entity with kind.

type EntityList 

type EntityList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of entities.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of entities.
	Value *[]BasicEntity `json:"value,omitempty"`
}

EntityList list of all the entities.

func (EntityList) IsEmpty 

func (el EntityList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (EntityList) MarshalJSON 

func (el EntityList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityList.

func (*EntityList) UnmarshalJSON 

func (el *EntityList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityList struct.

type EntityListIterator 

type EntityListIterator struct {
	// contains filtered or unexported fields
}

EntityListIterator provides access to a complete listing of Entity values.

func NewEntityListIterator 

func NewEntityListIterator(page EntityListPage) EntityListIterator

Creates a new instance of the EntityListIterator type.

func (*EntityListIterator) Next 

func (iter *EntityListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityListIterator) NextWithContext 

func (iter *EntityListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityListIterator) NotDone 

func (iter EntityListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityListIterator) Response 

func (iter EntityListIterator) Response() EntityList

Response returns the raw server response from the last page request.

func (EntityListIterator) Value 

func (iter EntityListIterator) Value() BasicEntity

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityListPage 

type EntityListPage struct {
	// contains filtered or unexported fields
}

EntityListPage contains a page of BasicEntity values.

func NewEntityListPage 

func NewEntityListPage(cur EntityList, getNextPage func(context.Context, EntityList) (EntityList, error)) EntityListPage

Creates a new instance of the EntityListPage type.

func (*EntityListPage) Next 

func (page *EntityListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityListPage) NextWithContext 

func (page *EntityListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityListPage) NotDone 

func (page EntityListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityListPage) Response 

func (page EntityListPage) Response() EntityList

Response returns the raw server response from the last page request.

func (EntityListPage) Values 

func (page EntityListPage) Values() []BasicEntity

Values returns the slice of values for the current page or nil if there are no values.

type EntityModel 

type EntityModel struct {
	autorest.Response `json:"-"`
	Value             BasicEntity `json:"value,omitempty"`
}

EntityModel ...

func (*EntityModel) UnmarshalJSON 

func (em *EntityModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityModel struct.

type EntityQueriesClient 

type EntityQueriesClient struct {
	BaseClient
}

EntityQueriesClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntityQueriesClient 

func NewEntityQueriesClient(subscriptionID string) EntityQueriesClient

NewEntityQueriesClient creates an instance of the EntityQueriesClient client.

func NewEntityQueriesClientWithBaseURI 

func NewEntityQueriesClientWithBaseURI(baseURI string, subscriptionID string) EntityQueriesClient

NewEntityQueriesClientWithBaseURI creates an instance of the EntityQueriesClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntityQueriesClient) Get 

func (client EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (result EntityQuery, err error)

Get gets an entity query. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityQueryID - entity query ID

func (EntityQueriesClient) GetPreparer 

func (client EntityQueriesClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityQueryID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (EntityQueriesClient) GetResponder 

func (client EntityQueriesClient) GetResponder(resp *http.Response) (result EntityQuery, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (EntityQueriesClient) GetSender 

func (client EntityQueriesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (EntityQueriesClient) List 

func (client EntityQueriesClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListPage, err error)

List gets all entity queries. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (EntityQueriesClient) ListComplete 

func (client EntityQueriesClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result EntityQueryListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (EntityQueriesClient) ListPreparer 

func (client EntityQueriesClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (EntityQueriesClient) ListResponder 

func (client EntityQueriesClient) ListResponder(resp *http.Response) (result EntityQueryList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (EntityQueriesClient) ListSender 

func (client EntityQueriesClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type EntityQuery 

type EntityQuery struct {
	autorest.Response `json:"-"`
	// EntityQueryProperties - Entity query properties
	*EntityQueryProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

EntityQuery specific entity query.

func (EntityQuery) MarshalJSON 

func (eq EntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQuery.

func (*EntityQuery) UnmarshalJSON 

func (eq *EntityQuery) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityQuery struct.

type EntityQueryList 

type EntityQueryList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of entity queries.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of entity queries.
	Value *[]EntityQuery `json:"value,omitempty"`
}

EntityQueryList list of all the entity queries.

func (EntityQueryList) IsEmpty 

func (eql EntityQueryList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (EntityQueryList) MarshalJSON 

func (eql EntityQueryList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityQueryList.

type EntityQueryListIterator 

type EntityQueryListIterator struct {
	// contains filtered or unexported fields
}

EntityQueryListIterator provides access to a complete listing of EntityQuery values.

func NewEntityQueryListIterator 

func NewEntityQueryListIterator(page EntityQueryListPage) EntityQueryListIterator

Creates a new instance of the EntityQueryListIterator type.

func (*EntityQueryListIterator) Next 

func (iter *EntityQueryListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryListIterator) NextWithContext 

func (iter *EntityQueryListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (EntityQueryListIterator) NotDone 

func (iter EntityQueryListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (EntityQueryListIterator) Response 

func (iter EntityQueryListIterator) Response() EntityQueryList

Response returns the raw server response from the last page request.

func (EntityQueryListIterator) Value 

func (iter EntityQueryListIterator) Value() EntityQuery

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type EntityQueryListPage 

type EntityQueryListPage struct {
	// contains filtered or unexported fields
}

EntityQueryListPage contains a page of EntityQuery values.

func NewEntityQueryListPage 

func NewEntityQueryListPage(cur EntityQueryList, getNextPage func(context.Context, EntityQueryList) (EntityQueryList, error)) EntityQueryListPage

Creates a new instance of the EntityQueryListPage type.

func (*EntityQueryListPage) Next 

func (page *EntityQueryListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*EntityQueryListPage) NextWithContext 

func (page *EntityQueryListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (EntityQueryListPage) NotDone 

func (page EntityQueryListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (EntityQueryListPage) Response 

func (page EntityQueryListPage) Response() EntityQueryList

Response returns the raw server response from the last page request.

func (EntityQueryListPage) Values 

func (page EntityQueryListPage) Values() []EntityQuery

Values returns the slice of values for the current page or nil if there are no values.

type EntityQueryProperties 

type EntityQueryProperties struct {
	// DataSources - List of the data sources that are required to run the query
	DataSources *[]string `json:"dataSources,omitempty"`
	// DisplayName - The query display name
	DisplayName *string `json:"displayName,omitempty"`
	// InputEntityType - The type of the query's source entity. Possible values include: 'EntityTypeAccount', 'EntityTypeHost', 'EntityTypeFile', 'EntityTypeAzureResource', 'EntityTypeCloudApplication', 'EntityTypeDNS', 'EntityTypeFileHash', 'EntityTypeIP', 'EntityTypeMalware', 'EntityTypeProcess', 'EntityTypeRegistryKey', 'EntityTypeRegistryValue', 'EntityTypeSecurityGroup', 'EntityTypeURL', 'EntityTypeIoTDevice', 'EntityTypeSecurityAlert', 'EntityTypeHuntingBookmark'
	InputEntityType EntityType `json:"inputEntityType,omitempty"`
	// InputFields - List of the fields of the source entity that are required to run the query
	InputFields *[]string `json:"inputFields,omitempty"`
	// OutputEntityTypes - List of the desired output types to be constructed from the result
	OutputEntityTypes *[]EntityType `json:"outputEntityTypes,omitempty"`
	// QueryTemplate - The template query string to be parsed and formatted
	QueryTemplate *string `json:"queryTemplate,omitempty"`
}

EntityQueryProperties describes entity query properties

type EntityRelationsClient 

type EntityRelationsClient struct {
	BaseClient
}

EntityRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewEntityRelationsClient 

func NewEntityRelationsClient(subscriptionID string) EntityRelationsClient

NewEntityRelationsClient creates an instance of the EntityRelationsClient client.

func NewEntityRelationsClientWithBaseURI 

func NewEntityRelationsClientWithBaseURI(baseURI string, subscriptionID string) EntityRelationsClient

NewEntityRelationsClientWithBaseURI creates an instance of the EntityRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (EntityRelationsClient) GetRelation 

func (client EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, relationName string) (result Relation, err error)

GetRelation gets an entity relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. entityID - entity ID relationName - relation Name

func (EntityRelationsClient) GetRelationPreparer 

func (client EntityRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, entityID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (EntityRelationsClient) GetRelationResponder 

func (client EntityRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (EntityRelationsClient) GetRelationSender 

func (client EntityRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

type EntityTimelineItem 

type EntityTimelineItem struct {
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

EntityTimelineItem entity timeline Item.

func (EntityTimelineItem) AsActivityTimelineItem 

func (eti EntityTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsBasicEntityTimelineItem 

func (eti EntityTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsBookmarkTimelineItem 

func (eti EntityTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsEntityTimelineItem 

func (eti EntityTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) AsSecurityAlertTimelineItem 

func (eti EntityTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for EntityTimelineItem.

func (EntityTimelineItem) MarshalJSON 

func (eti EntityTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EntityTimelineItem.

type EntityTimelineKind 

type EntityTimelineKind string

EntityTimelineKind enumerates the values for entity timeline kind. 

const (
	// EntityTimelineKindActivity activity
	EntityTimelineKindActivity EntityTimelineKind = "Activity"
	// EntityTimelineKindBookmark bookmarks
	EntityTimelineKindBookmark EntityTimelineKind = "Bookmark"
	// EntityTimelineKindSecurityAlert security alerts
	EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert"
)

func PossibleEntityTimelineKindValues 

func PossibleEntityTimelineKindValues() []EntityTimelineKind

PossibleEntityTimelineKindValues returns an array of possible values for the EntityTimelineKind const type.

type EntityTimelineParameters 

type EntityTimelineParameters struct {
	// Kinds - Array of timeline Item kinds.
	Kinds *[]EntityTimelineKind `json:"kinds,omitempty"`
	// StartTime - The start timeline date, so the results returned are after this date.
	StartTime *date.Time `json:"startTime,omitempty"`
	// EndTime - The end timeline date, so the results returned are before this date.
	EndTime *date.Time `json:"endTime,omitempty"`
	// NumberOfBucket - The number of bucket for timeline queries aggregation.
	NumberOfBucket *int32 `json:"numberOfBucket,omitempty"`
}

EntityTimelineParameters the parameters required to execute s timeline operation on the given entity.

type EntityTimelineResponse 

type EntityTimelineResponse struct {
	autorest.Response `json:"-"`
	// MetaData - The metadata from the timeline operation results.
	MetaData *TimelineResultsMetadata `json:"metaData,omitempty"`
	// Value - The timeline result values.
	Value *[]BasicEntityTimelineItem `json:"value,omitempty"`
}

EntityTimelineResponse the entity timeline result operation response.

func (*EntityTimelineResponse) UnmarshalJSON 

func (etr *EntityTimelineResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EntityTimelineResponse struct.

type EntityType 

type EntityType string

EntityType enumerates the values for entity type. 

const (
	// EntityTypeAccount Entity represents account in the system.
	EntityTypeAccount EntityType = "Account"
	// EntityTypeAzureResource Entity represents azure resource in the system.
	EntityTypeAzureResource EntityType = "AzureResource"
	// EntityTypeCloudApplication Entity represents cloud application in the system.
	EntityTypeCloudApplication EntityType = "CloudApplication"
	// EntityTypeDNS Entity represents dns in the system.
	EntityTypeDNS EntityType = "DNS"
	// EntityTypeFile Entity represents file in the system.
	EntityTypeFile EntityType = "File"
	// EntityTypeFileHash Entity represents file hash in the system.
	EntityTypeFileHash EntityType = "FileHash"
	// EntityTypeHost Entity represents host in the system.
	EntityTypeHost EntityType = "Host"
	// EntityTypeHuntingBookmark Entity represents HuntingBookmark in the system.
	EntityTypeHuntingBookmark EntityType = "HuntingBookmark"
	// EntityTypeIoTDevice Entity represents IoT device in the system.
	EntityTypeIoTDevice EntityType = "IoTDevice"
	// EntityTypeIP Entity represents ip in the system.
	EntityTypeIP EntityType = "IP"
	// EntityTypeMalware Entity represents malware in the system.
	EntityTypeMalware EntityType = "Malware"
	// EntityTypeProcess Entity represents process in the system.
	EntityTypeProcess EntityType = "Process"
	// EntityTypeRegistryKey Entity represents registry key in the system.
	EntityTypeRegistryKey EntityType = "RegistryKey"
	// EntityTypeRegistryValue Entity represents registry value in the system.
	EntityTypeRegistryValue EntityType = "RegistryValue"
	// EntityTypeSecurityAlert Entity represents security alert in the system.
	EntityTypeSecurityAlert EntityType = "SecurityAlert"
	// EntityTypeSecurityGroup Entity represents security group in the system.
	EntityTypeSecurityGroup EntityType = "SecurityGroup"
	// EntityTypeURL Entity represents url in the system.
	EntityTypeURL EntityType = "URL"
)

func PossibleEntityTypeValues 

func PossibleEntityTypeValues() []EntityType

PossibleEntityTypeValues returns an array of possible values for the EntityType const type.

type EventGroupingAggregationKind 

type EventGroupingAggregationKind string

EventGroupingAggregationKind enumerates the values for event grouping aggregation kind. 

const (
	// AlertPerResult ...
	AlertPerResult EventGroupingAggregationKind = "AlertPerResult"
	// SingleAlert ...
	SingleAlert EventGroupingAggregationKind = "SingleAlert"
)

func PossibleEventGroupingAggregationKindValues 

func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind

PossibleEventGroupingAggregationKindValues returns an array of possible values for the EventGroupingAggregationKind const type.

type EventGroupingSettings 

type EventGroupingSettings struct {
	// AggregationKind - Possible values include: 'SingleAlert', 'AlertPerResult'
	AggregationKind EventGroupingAggregationKind `json:"aggregationKind,omitempty"`
}

EventGroupingSettings event grouping settings property bag.

type ExpansionResultAggregation 

type ExpansionResultAggregation struct {
	// AggregationType - The common type of the aggregation. (for e.g. entity field name)
	AggregationType *string `json:"aggregationType,omitempty"`
	// Count - Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.
	Count *int32 `json:"count,omitempty"`
	// DisplayName - The display name of the aggregation by type.
	DisplayName *string `json:"displayName,omitempty"`
	// EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark'
	EntityKind EntityKind `json:"entityKind,omitempty"`
}

ExpansionResultAggregation information of a specific aggregation in the expansion result.

type ExpansionResultsMetadata 

type ExpansionResultsMetadata struct {
	// Aggregations - Information of the aggregated nodes in the expansion result.
	Aggregations *[]ExpansionResultAggregation `json:"aggregations,omitempty"`
}

ExpansionResultsMetadata expansion result metadata.

type EyesOn 

type EyesOn struct {
	// EyesOnSettingsProperties - EyesOn properties
	*EyesOnSettingsProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

EyesOn settings with single toggle.

func (EyesOn) AsBasicSettings 

func (eo EyesOn) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for EyesOn.

func (EyesOn) AsEntityAnalytics 

func (eo EyesOn) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for EyesOn.

func (EyesOn) AsEyesOn 

func (eo EyesOn) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for EyesOn.

func (EyesOn) AsSettings 

func (eo EyesOn) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for EyesOn.

func (EyesOn) AsUeba 

func (eo EyesOn) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for EyesOn.

func (EyesOn) MarshalJSON 

func (eo EyesOn) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for EyesOn.

func (*EyesOn) UnmarshalJSON 

func (eo *EyesOn) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for EyesOn struct.

type EyesOnSettingsProperties 

type EyesOnSettingsProperties struct {
	// IsEnabled - READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`
}

EyesOnSettingsProperties eyesOn property bag.

type FileEntity 

type FileEntity struct {
	// FileEntityProperties - File entity properties
	*FileEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

FileEntity represents a file entity.

func (FileEntity) AsAccountEntity 

func (fe FileEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsAzureResourceEntity 

func (fe FileEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsBasicEntity 

func (fe FileEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsCloudApplicationEntity 

func (fe FileEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsDNSEntity 

func (fe FileEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsEntity 

func (fe FileEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsFileEntity 

func (fe FileEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsFileHashEntity 

func (fe FileEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsHostEntity 

func (fe FileEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsHuntingBookmark 

func (fe FileEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for FileEntity.

func (FileEntity) AsIPEntity 

func (fe FileEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsIoTDeviceEntity 

func (fe FileEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsMalwareEntity 

func (fe FileEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsProcessEntity 

func (fe FileEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsRegistryKeyEntity 

func (fe FileEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsRegistryValueEntity 

func (fe FileEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSecurityAlert 

func (fe FileEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for FileEntity.

func (FileEntity) AsSecurityGroupEntity 

func (fe FileEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) AsURLEntity 

func (fe FileEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for FileEntity.

func (FileEntity) MarshalJSON 

func (fe FileEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileEntity.

func (*FileEntity) UnmarshalJSON 

func (fe *FileEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FileEntity struct.

type FileEntityProperties 

type FileEntityProperties struct {
	// Directory - READ-ONLY; The full path to the file.
	Directory *string `json:"directory,omitempty"`
	// FileHashEntityIds - READ-ONLY; The file hash entity identifiers associated with this file
	FileHashEntityIds *[]string `json:"fileHashEntityIds,omitempty"`
	// FileName - READ-ONLY; The file name without path (some alerts might not include path).
	FileName *string `json:"fileName,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id which the file belongs to
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

FileEntityProperties file entity property bag.

func (FileEntityProperties) MarshalJSON 

func (fep FileEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileEntityProperties.

type FileHashAlgorithm 

type FileHashAlgorithm string

FileHashAlgorithm enumerates the values for file hash algorithm. 

const (
	// MD5 MD5 hash type
	MD5 FileHashAlgorithm = "MD5"
	// SHA1 SHA1 hash type
	SHA1 FileHashAlgorithm = "SHA1"
	// SHA256 SHA256 hash type
	SHA256 FileHashAlgorithm = "SHA256"
	// SHA256AC SHA256 Authenticode hash type
	SHA256AC FileHashAlgorithm = "SHA256AC"
	// Unknown Unknown hash algorithm
	Unknown FileHashAlgorithm = "Unknown"
)

func PossibleFileHashAlgorithmValues 

func PossibleFileHashAlgorithmValues() []FileHashAlgorithm

PossibleFileHashAlgorithmValues returns an array of possible values for the FileHashAlgorithm const type.

type FileHashEntity 

type FileHashEntity struct {
	// FileHashEntityProperties - FileHash entity properties
	*FileHashEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

FileHashEntity represents a file hash entity.

func (FileHashEntity) AsAccountEntity 

func (fhe FileHashEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsAzureResourceEntity 

func (fhe FileHashEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsBasicEntity 

func (fhe FileHashEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsCloudApplicationEntity 

func (fhe FileHashEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsDNSEntity 

func (fhe FileHashEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsEntity 

func (fhe FileHashEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsFileEntity 

func (fhe FileHashEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsFileHashEntity 

func (fhe FileHashEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsHostEntity 

func (fhe FileHashEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsHuntingBookmark 

func (fhe FileHashEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsIPEntity 

func (fhe FileHashEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsIoTDeviceEntity 

func (fhe FileHashEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsMalwareEntity 

func (fhe FileHashEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsProcessEntity 

func (fhe FileHashEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsRegistryKeyEntity 

func (fhe FileHashEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsRegistryValueEntity 

func (fhe FileHashEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsSecurityAlert 

func (fhe FileHashEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsSecurityGroupEntity 

func (fhe FileHashEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) AsURLEntity 

func (fhe FileHashEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for FileHashEntity.

func (FileHashEntity) MarshalJSON 

func (fhe FileHashEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileHashEntity.

func (*FileHashEntity) UnmarshalJSON 

func (fhe *FileHashEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FileHashEntity struct.

type FileHashEntityProperties 

type FileHashEntityProperties struct {
	// Algorithm - READ-ONLY; The hash algorithm type. Possible values include: 'Unknown', 'MD5', 'SHA1', 'SHA256', 'SHA256AC'
	Algorithm FileHashAlgorithm `json:"algorithm,omitempty"`
	// HashValue - READ-ONLY; The file hash value.
	HashValue *string `json:"hashValue,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

FileHashEntityProperties fileHash entity property bag.

func (FileHashEntityProperties) MarshalJSON 

func (fhep FileHashEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FileHashEntityProperties.

type FusionAlertRule 

type FusionAlertRule struct {
	// FusionAlertRuleProperties - Fusion alert rule properties
	*FusionAlertRuleProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

FusionAlertRule represents Fusion alert rule.

func (FusionAlertRule) AsAlertRule 

func (far FusionAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsBasicAlertRule 

func (far FusionAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsFusionAlertRule 

func (far FusionAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (far FusionAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) AsScheduledAlertRule 

func (far FusionAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for FusionAlertRule.

func (FusionAlertRule) MarshalJSON 

func (far FusionAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRule.

func (*FusionAlertRule) UnmarshalJSON 

func (far *FusionAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FusionAlertRule struct.

type FusionAlertRuleProperties 

type FusionAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// Severity - READ-ONLY; The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - READ-ONLY; The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

FusionAlertRuleProperties fusion alert rule base property bag.

func (FusionAlertRuleProperties) MarshalJSON 

func (farp FusionAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleProperties.

type FusionAlertRuleTemplate 

type FusionAlertRuleTemplate struct {
	// FusionAlertRuleTemplateProperties - Fusion alert rule template properties
	*FusionAlertRuleTemplateProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

FusionAlertRuleTemplate represents Fusion alert rule template.

func (FusionAlertRuleTemplate) AsAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (fart FusionAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) MarshalJSON 

func (fart FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleTemplate.

func (*FusionAlertRuleTemplate) UnmarshalJSON 

func (fart *FusionAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for FusionAlertRuleTemplate struct.

type FusionAlertRuleTemplateProperties 

type FusionAlertRuleTemplateProperties struct {
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
}

FusionAlertRuleTemplateProperties fusion alert rule template properties

func (FusionAlertRuleTemplateProperties) MarshalJSON 

func (fart FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for FusionAlertRuleTemplateProperties.

type GeoLocation 

type GeoLocation struct {
	// Asn - READ-ONLY; Autonomous System Number
	Asn *int32 `json:"asn,omitempty"`
	// City - READ-ONLY; City name
	City *string `json:"city,omitempty"`
	// CountryCode - READ-ONLY; The country code according to ISO 3166 format
	CountryCode *string `json:"countryCode,omitempty"`
	// CountryName - READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name
	CountryName *string `json:"countryName,omitempty"`
	// Latitude - READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with positive numbers representing East and negative numbers representing West. Latitude and longitude are derived from the city or postal code.
	Latitude *float64 `json:"latitude,omitempty"`
	// Longitude - READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with positive numbers representing North and negative numbers representing South. Latitude and longitude are derived from the city or postal code.
	Longitude *float64 `json:"longitude,omitempty"`
	// State - READ-ONLY; State name
	State *string `json:"state,omitempty"`
}

GeoLocation the geo-location context attached to the ip entity

type GroupingConfiguration 

type GroupingConfiguration struct {
	// Enabled - Grouping enabled
	Enabled *bool `json:"enabled,omitempty"`
	// ReopenClosedIncident - Re-open closed matching incidents
	ReopenClosedIncident *bool `json:"reopenClosedIncident,omitempty"`
	// LookbackDuration - Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
	LookbackDuration *string `json:"lookbackDuration,omitempty"`
	// EntitiesMatchingMethod - Grouping matching method. Possible values include: 'All', 'None', 'Custom'
	EntitiesMatchingMethod EntitiesMatchingMethod `json:"entitiesMatchingMethod,omitempty"`
	// GroupByEntities - A list of entity types to group by (when entitiesMatchingMethod is Custom)
	GroupByEntities *[]GroupingEntityType `json:"groupByEntities,omitempty"`
}

GroupingConfiguration grouping configuration property bag.

type GroupingEntityType 

type GroupingEntityType string

GroupingEntityType enumerates the values for grouping entity type. 

const (
	// Account Account entity
	Account GroupingEntityType = "Account"
	// Host Host entity
	Host GroupingEntityType = "Host"
	// IP Ip entity
	IP GroupingEntityType = "Ip"
	// URL Url entity
	URL GroupingEntityType = "Url"
)

func PossibleGroupingEntityTypeValues 

func PossibleGroupingEntityTypeValues() []GroupingEntityType

PossibleGroupingEntityTypeValues returns an array of possible values for the GroupingEntityType const type.

type HostEntity 

type HostEntity struct {
	// HostEntityProperties - Host entity properties
	*HostEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

HostEntity represents a host entity.

func (HostEntity) AsAccountEntity 

func (he HostEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsAzureResourceEntity 

func (he HostEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsBasicEntity 

func (he HostEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsCloudApplicationEntity 

func (he HostEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsDNSEntity 

func (he HostEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsEntity 

func (he HostEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsFileEntity 

func (he HostEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsFileHashEntity 

func (he HostEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsHostEntity 

func (he HostEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsHuntingBookmark 

func (he HostEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for HostEntity.

func (HostEntity) AsIPEntity 

func (he HostEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsIoTDeviceEntity 

func (he HostEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsMalwareEntity 

func (he HostEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsProcessEntity 

func (he HostEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsRegistryKeyEntity 

func (he HostEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsRegistryValueEntity 

func (he HostEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsSecurityAlert 

func (he HostEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for HostEntity.

func (HostEntity) AsSecurityGroupEntity 

func (he HostEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) AsURLEntity 

func (he HostEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for HostEntity.

func (HostEntity) MarshalJSON 

func (he HostEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HostEntity.

func (*HostEntity) UnmarshalJSON 

func (he *HostEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for HostEntity struct.

type HostEntityProperties 

type HostEntityProperties struct {
	// AzureID - READ-ONLY; The azure resource id of the VM.
	AzureID *string `json:"azureID,omitempty"`
	// DNSDomain - READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain
	DNSDomain *string `json:"dnsDomain,omitempty"`
	// HostName - READ-ONLY; The hostname without the domain suffix.
	HostName *string `json:"hostName,omitempty"`
	// IsDomainJoined - READ-ONLY; Determines whether this host belongs to a domain.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty"`
	// NetBiosName - READ-ONLY; The host name (pre-windows2000).
	NetBiosName *string `json:"netBiosName,omitempty"`
	// NtDomain - READ-ONLY; The NT domain that this host belongs to.
	NtDomain *string `json:"ntDomain,omitempty"`
	// OmsAgentID - READ-ONLY; The OMS agent id, if the host has OMS agent installed.
	OmsAgentID *string `json:"omsAgentID,omitempty"`
	// OsFamily - The operating system type. Possible values include: 'Linux', 'Windows', 'Android', 'IOS'
	OsFamily OSFamily `json:"osFamily,omitempty"`
	// OsVersion - READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more fine grained than OSFamily or future values not supported by OSFamily enumeration
	OsVersion *string `json:"osVersion,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

HostEntityProperties host entity property bag.

func (HostEntityProperties) MarshalJSON 

func (hep HostEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HostEntityProperties.

type HuntingBookmark 

type HuntingBookmark struct {
	// HuntingBookmarkProperties - HuntingBookmark entity properties
	*HuntingBookmarkProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

HuntingBookmark represents a Hunting bookmark entity.

func (HuntingBookmark) AsAccountEntity 

func (hb HuntingBookmark) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsAzureResourceEntity 

func (hb HuntingBookmark) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsBasicEntity 

func (hb HuntingBookmark) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsCloudApplicationEntity 

func (hb HuntingBookmark) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsDNSEntity 

func (hb HuntingBookmark) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsEntity 

func (hb HuntingBookmark) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsFileEntity 

func (hb HuntingBookmark) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsFileHashEntity 

func (hb HuntingBookmark) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsHostEntity 

func (hb HuntingBookmark) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsHuntingBookmark 

func (hb HuntingBookmark) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsIPEntity 

func (hb HuntingBookmark) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsIoTDeviceEntity 

func (hb HuntingBookmark) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsMalwareEntity 

func (hb HuntingBookmark) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsProcessEntity 

func (hb HuntingBookmark) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsRegistryKeyEntity 

func (hb HuntingBookmark) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsRegistryValueEntity 

func (hb HuntingBookmark) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsSecurityAlert 

func (hb HuntingBookmark) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsSecurityGroupEntity 

func (hb HuntingBookmark) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) AsURLEntity 

func (hb HuntingBookmark) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for HuntingBookmark.

func (HuntingBookmark) MarshalJSON 

func (hb HuntingBookmark) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HuntingBookmark.

func (*HuntingBookmark) UnmarshalJSON 

func (hb *HuntingBookmark) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for HuntingBookmark struct.

type HuntingBookmarkProperties 

type HuntingBookmarkProperties struct {
	// Created - The time the bookmark was created
	Created *date.Time `json:"created,omitempty"`
	// CreatedBy - Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// DisplayName - The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`
	// EventTime - The time of the event
	EventTime *date.Time `json:"eventTime,omitempty"`
	// Labels - List of labels relevant to this bookmark
	Labels *[]string `json:"labels,omitempty"`
	// Notes - The notes of the bookmark
	Notes *string `json:"notes,omitempty"`
	// Query - The query of the bookmark.
	Query *string `json:"query,omitempty"`
	// QueryResult - The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`
	// Updated - The last time the bookmark was updated
	Updated *date.Time `json:"updated,omitempty"`
	// UpdatedBy - Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// IncidentInfo - Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

HuntingBookmarkProperties describes bookmark properties

func (HuntingBookmarkProperties) MarshalJSON 

func (hbp HuntingBookmarkProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for HuntingBookmarkProperties.

type IPEntity 

type IPEntity struct {
	// IPEntityProperties - Ip entity properties
	*IPEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

IPEntity represents an ip entity.

func (IPEntity) AsAccountEntity 

func (ie IPEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsAzureResourceEntity 

func (ie IPEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsBasicEntity 

func (ie IPEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsCloudApplicationEntity 

func (ie IPEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsDNSEntity 

func (ie IPEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsEntity 

func (ie IPEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsFileEntity 

func (ie IPEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsFileHashEntity 

func (ie IPEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsHostEntity 

func (ie IPEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsHuntingBookmark 

func (ie IPEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for IPEntity.

func (IPEntity) AsIPEntity 

func (ie IPEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsIoTDeviceEntity 

func (ie IPEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsMalwareEntity 

func (ie IPEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsProcessEntity 

func (ie IPEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsRegistryKeyEntity 

func (ie IPEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsRegistryValueEntity 

func (ie IPEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsSecurityAlert 

func (ie IPEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for IPEntity.

func (IPEntity) AsSecurityGroupEntity 

func (ie IPEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) AsURLEntity 

func (ie IPEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for IPEntity.

func (IPEntity) MarshalJSON 

func (ie IPEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IPEntity.

func (*IPEntity) UnmarshalJSON 

func (ie *IPEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IPEntity struct.

type IPEntityProperties 

type IPEntityProperties struct {
	// Address - READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
	Address *string `json:"address,omitempty"`
	// Location - The geo-location context attached to the ip entity
	Location *GeoLocation `json:"location,omitempty"`
	// ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the ip entity.
	ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

IPEntityProperties ip entity property bag.

func (IPEntityProperties) MarshalJSON 

func (iep IPEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IPEntityProperties.

type Incident 

type Incident struct {
	autorest.Response `json:"-"`
	// IncidentProperties - Incident properties
	*IncidentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Incident represents an incident in Azure Security Insights.

func (Incident) MarshalJSON 

func (i Incident) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Incident.

func (*Incident) UnmarshalJSON 

func (i *Incident) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Incident struct.

type IncidentAdditionalData 

type IncidentAdditionalData struct {
	// AlertsCount - READ-ONLY; The number of alerts in the incident
	AlertsCount *int32 `json:"alertsCount,omitempty"`
	// BookmarksCount - READ-ONLY; The number of bookmarks in the incident
	BookmarksCount *int32 `json:"bookmarksCount,omitempty"`
	// CommentsCount - READ-ONLY; The number of comments in the incident
	CommentsCount *int32 `json:"commentsCount,omitempty"`
	// AlertProductNames - READ-ONLY; List of product names of alerts in the incident
	AlertProductNames *[]string `json:"alertProductNames,omitempty"`
	// Tactics - READ-ONLY; The tactics associated with incident
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

IncidentAdditionalData incident additional data property bag.

type IncidentAlertList 

type IncidentAlertList struct {
	autorest.Response `json:"-"`
	// Value - Array of incident alerts.
	Value *[]SecurityAlert `json:"value,omitempty"`
}

IncidentAlertList list of incident alerts.

type IncidentBookmarkList 

type IncidentBookmarkList struct {
	autorest.Response `json:"-"`
	// Value - Array of incident bookmarks.
	Value *[]HuntingBookmark `json:"value,omitempty"`
}

IncidentBookmarkList list of incident bookmarks.

type IncidentClassification 

type IncidentClassification string

IncidentClassification enumerates the values for incident classification. 

const (
	// IncidentClassificationBenignPositive Incident was benign positive
	IncidentClassificationBenignPositive IncidentClassification = "BenignPositive"
	// IncidentClassificationFalsePositive Incident was false positive
	IncidentClassificationFalsePositive IncidentClassification = "FalsePositive"
	// IncidentClassificationTruePositive Incident was true positive
	IncidentClassificationTruePositive IncidentClassification = "TruePositive"
	// IncidentClassificationUndetermined Incident classification was undetermined
	IncidentClassificationUndetermined IncidentClassification = "Undetermined"
)

func PossibleIncidentClassificationValues 

func PossibleIncidentClassificationValues() []IncidentClassification

PossibleIncidentClassificationValues returns an array of possible values for the IncidentClassification const type.

type IncidentClassificationReason 

type IncidentClassificationReason string

IncidentClassificationReason enumerates the values for incident classification reason. 

const (
	// InaccurateData Classification reason was inaccurate data
	InaccurateData IncidentClassificationReason = "InaccurateData"
	// IncorrectAlertLogic Classification reason was incorrect alert logic
	IncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic"
	// SuspiciousActivity Classification reason was suspicious activity
	SuspiciousActivity IncidentClassificationReason = "SuspiciousActivity"
	// SuspiciousButExpected Classification reason was suspicious but expected
	SuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected"
)

func PossibleIncidentClassificationReasonValues 

func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason

PossibleIncidentClassificationReasonValues returns an array of possible values for the IncidentClassificationReason const type.

type IncidentComment 

type IncidentComment struct {
	autorest.Response `json:"-"`
	// IncidentCommentProperties - Incident comment properties
	*IncidentCommentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

IncidentComment represents an incident comment

func (IncidentComment) MarshalJSON 

func (ic IncidentComment) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentComment.

func (*IncidentComment) UnmarshalJSON 

func (ic *IncidentComment) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IncidentComment struct.

type IncidentCommentList 

type IncidentCommentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of comments.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of comments.
	Value *[]IncidentComment `json:"value,omitempty"`
}

IncidentCommentList list of incident comments.

func (IncidentCommentList) IsEmpty 

func (icl IncidentCommentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (IncidentCommentList) MarshalJSON 

func (icl IncidentCommentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentCommentList.

type IncidentCommentListIterator 

type IncidentCommentListIterator struct {
	// contains filtered or unexported fields
}

IncidentCommentListIterator provides access to a complete listing of IncidentComment values.

func NewIncidentCommentListIterator 

func NewIncidentCommentListIterator(page IncidentCommentListPage) IncidentCommentListIterator

Creates a new instance of the IncidentCommentListIterator type.

func (*IncidentCommentListIterator) Next 

func (iter *IncidentCommentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentCommentListIterator) NextWithContext 

func (iter *IncidentCommentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (IncidentCommentListIterator) NotDone 

func (iter IncidentCommentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (IncidentCommentListIterator) Response 

func (iter IncidentCommentListIterator) Response() IncidentCommentList

Response returns the raw server response from the last page request.

func (IncidentCommentListIterator) Value 

func (iter IncidentCommentListIterator) Value() IncidentComment

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type IncidentCommentListPage 

type IncidentCommentListPage struct {
	// contains filtered or unexported fields
}

IncidentCommentListPage contains a page of IncidentComment values.

func NewIncidentCommentListPage 

func NewIncidentCommentListPage(cur IncidentCommentList, getNextPage func(context.Context, IncidentCommentList) (IncidentCommentList, error)) IncidentCommentListPage

Creates a new instance of the IncidentCommentListPage type.

func (*IncidentCommentListPage) Next 

func (page *IncidentCommentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentCommentListPage) NextWithContext 

func (page *IncidentCommentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (IncidentCommentListPage) NotDone 

func (page IncidentCommentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (IncidentCommentListPage) Response 

func (page IncidentCommentListPage) Response() IncidentCommentList

Response returns the raw server response from the last page request.

func (IncidentCommentListPage) Values 

func (page IncidentCommentListPage) Values() []IncidentComment

Values returns the slice of values for the current page or nil if there are no values.

type IncidentCommentProperties 

type IncidentCommentProperties struct {
	// CreatedTimeUtc - READ-ONLY; The time the comment was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// LastModifiedTimeUtc - READ-ONLY; The time the comment was updated
	LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"`
	// Message - The comment message
	Message *string `json:"message,omitempty"`
	// Author - READ-ONLY; Describes the client that created the comment
	Author *ClientInfo `json:"author,omitempty"`
}

IncidentCommentProperties incident comment property bag.

func (IncidentCommentProperties) MarshalJSON 

func (icp IncidentCommentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentCommentProperties.

type IncidentCommentsClient 

type IncidentCommentsClient struct {
	BaseClient
}

IncidentCommentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentCommentsClient 

func NewIncidentCommentsClient(subscriptionID string) IncidentCommentsClient

NewIncidentCommentsClient creates an instance of the IncidentCommentsClient client.

func NewIncidentCommentsClientWithBaseURI 

func NewIncidentCommentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentCommentsClient

NewIncidentCommentsClientWithBaseURI creates an instance of the IncidentCommentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentCommentsClient) CreateComment 

func (client IncidentCommentsClient) CreateComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (result IncidentComment, err error)

CreateComment creates or updates the incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID incidentComment - the incident comment

func (IncidentCommentsClient) CreateCommentPreparer 

func (client IncidentCommentsClient) CreateCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment) (*http.Request, error)

CreateCommentPreparer prepares the CreateComment request.

func (IncidentCommentsClient) CreateCommentResponder 

func (client IncidentCommentsClient) CreateCommentResponder(resp *http.Response) (result IncidentComment, err error)

CreateCommentResponder handles the response to the CreateComment request. The method always closes the http.Response Body.

func (IncidentCommentsClient) CreateCommentSender 

func (client IncidentCommentsClient) CreateCommentSender(req *http.Request) (*http.Response, error)

CreateCommentSender sends the CreateComment request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) DeleteComment 

func (client IncidentCommentsClient) DeleteComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result autorest.Response, err error)

DeleteComment delete the incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID

func (IncidentCommentsClient) DeleteCommentPreparer 

func (client IncidentCommentsClient) DeleteCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error)

DeleteCommentPreparer prepares the DeleteComment request.

func (IncidentCommentsClient) DeleteCommentResponder 

func (client IncidentCommentsClient) DeleteCommentResponder(resp *http.Response) (result autorest.Response, err error)

DeleteCommentResponder handles the response to the DeleteComment request. The method always closes the http.Response Body.

func (IncidentCommentsClient) DeleteCommentSender 

func (client IncidentCommentsClient) DeleteCommentSender(req *http.Request) (*http.Response, error)

DeleteCommentSender sends the DeleteComment request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) GetComment 

func (client IncidentCommentsClient) GetComment(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (result IncidentComment, err error)

GetComment gets an incident comment. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incidentCommentID - incident comment ID

func (IncidentCommentsClient) GetCommentPreparer 

func (client IncidentCommentsClient) GetCommentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incidentCommentID string) (*http.Request, error)

GetCommentPreparer prepares the GetComment request.

func (IncidentCommentsClient) GetCommentResponder 

func (client IncidentCommentsClient) GetCommentResponder(resp *http.Response) (result IncidentComment, err error)

GetCommentResponder handles the response to the GetComment request. The method always closes the http.Response Body.

func (IncidentCommentsClient) GetCommentSender 

func (client IncidentCommentsClient) GetCommentSender(req *http.Request) (*http.Response, error)

GetCommentSender sends the GetComment request. The method will close the http.Response Body if it receives an error.

func (IncidentCommentsClient) ListByIncident 

func (client IncidentCommentsClient) ListByIncident(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListPage, err error)

ListByIncident gets all incident comments. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentCommentsClient) ListByIncidentComplete 

func (client IncidentCommentsClient) ListByIncidentComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result IncidentCommentListIterator, err error)

ListByIncidentComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentCommentsClient) ListByIncidentPreparer 

func (client IncidentCommentsClient) ListByIncidentPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListByIncidentPreparer prepares the ListByIncident request.

func (IncidentCommentsClient) ListByIncidentResponder 

func (client IncidentCommentsClient) ListByIncidentResponder(resp *http.Response) (result IncidentCommentList, err error)

ListByIncidentResponder handles the response to the ListByIncident request. The method always closes the http.Response Body.

func (IncidentCommentsClient) ListByIncidentSender 

func (client IncidentCommentsClient) ListByIncidentSender(req *http.Request) (*http.Response, error)

ListByIncidentSender sends the ListByIncident request. The method will close the http.Response Body if it receives an error.

type IncidentConfiguration 

type IncidentConfiguration struct {
	// CreateIncident - Create incidents from alerts triggered by this analytics rule
	CreateIncident *bool `json:"createIncident,omitempty"`
	// GroupingConfiguration - Set how the alerts that are triggered by this analytics rule, are grouped into incidents
	GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"`
}

IncidentConfiguration incident Configuration property bag.

type IncidentEntitiesResponse 

type IncidentEntitiesResponse struct {
	autorest.Response `json:"-"`
	// Entities - Array of the incident related entities.
	Entities *[]BasicEntity `json:"entities,omitempty"`
	// MetaData - The metadata from the incident related entities results.
	MetaData *[]IncidentEntitiesResultsMetadata `json:"metaData,omitempty"`
}

IncidentEntitiesResponse the incident related entities response.

func (*IncidentEntitiesResponse) UnmarshalJSON 

func (ier *IncidentEntitiesResponse) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IncidentEntitiesResponse struct.

type IncidentEntitiesResultsMetadata 

type IncidentEntitiesResultsMetadata struct {
	// Count - Total number of aggregations of the given kind in the incident related entities result.
	Count *int32 `json:"count,omitempty"`
	// EntityKind - The kind of the aggregated entity. Possible values include: 'EntityKindAccount', 'EntityKindHost', 'EntityKindFile', 'EntityKindAzureResource', 'EntityKindCloudApplication', 'EntityKindDNSResolution', 'EntityKindFileHash', 'EntityKindIP', 'EntityKindMalware', 'EntityKindProcess', 'EntityKindRegistryKey', 'EntityKindRegistryValue', 'EntityKindSecurityGroup', 'EntityKindURL', 'EntityKindIoTDevice', 'EntityKindSecurityAlert', 'EntityKindBookmark'
	EntityKind EntityKind `json:"entityKind,omitempty"`
}

IncidentEntitiesResultsMetadata information of a specific aggregation in the incident related entities result.

type IncidentInfo 

type IncidentInfo struct {
	// IncidentID - Incident Id
	IncidentID *string `json:"incidentId,omitempty"`
	// Severity - The severity of the incident. Possible values include: 'CaseSeverityCritical', 'CaseSeverityHigh', 'CaseSeverityMedium', 'CaseSeverityLow', 'CaseSeverityInformational'
	Severity CaseSeverity `json:"severity,omitempty"`
	// Title - The title of the incident
	Title *string `json:"title,omitempty"`
	// RelationName - Relation Name
	RelationName *string `json:"relationName,omitempty"`
}

IncidentInfo describes related incident information for the bookmark

type IncidentLabel 

type IncidentLabel struct {
	// LabelName - The name of the label
	LabelName *string `json:"labelName,omitempty"`
	// LabelType - READ-ONLY; The type of the label. Possible values include: 'User', 'System'
	LabelType IncidentLabelType `json:"labelType,omitempty"`
}

IncidentLabel represents an incident label

func (IncidentLabel) MarshalJSON 

func (il IncidentLabel) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentLabel.

type IncidentLabelType 

type IncidentLabelType string

IncidentLabelType enumerates the values for incident label type. 

const (
	// System Label automatically created by the system
	System IncidentLabelType = "System"
	// User Label manually created by a user
	User IncidentLabelType = "User"
)

func PossibleIncidentLabelTypeValues 

func PossibleIncidentLabelTypeValues() []IncidentLabelType

PossibleIncidentLabelTypeValues returns an array of possible values for the IncidentLabelType const type.

type IncidentList 

type IncidentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of incidents.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of incidents.
	Value *[]Incident `json:"value,omitempty"`
}

IncidentList list all the incidents.

func (IncidentList) IsEmpty 

func (il IncidentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (IncidentList) MarshalJSON 

func (il IncidentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentList.

type IncidentListIterator 

type IncidentListIterator struct {
	// contains filtered or unexported fields
}

IncidentListIterator provides access to a complete listing of Incident values.

func NewIncidentListIterator 

func NewIncidentListIterator(page IncidentListPage) IncidentListIterator

Creates a new instance of the IncidentListIterator type.

func (*IncidentListIterator) Next 

func (iter *IncidentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentListIterator) NextWithContext 

func (iter *IncidentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (IncidentListIterator) NotDone 

func (iter IncidentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (IncidentListIterator) Response 

func (iter IncidentListIterator) Response() IncidentList

Response returns the raw server response from the last page request.

func (IncidentListIterator) Value 

func (iter IncidentListIterator) Value() Incident

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type IncidentListPage 

type IncidentListPage struct {
	// contains filtered or unexported fields
}

IncidentListPage contains a page of Incident values.

func NewIncidentListPage 

func NewIncidentListPage(cur IncidentList, getNextPage func(context.Context, IncidentList) (IncidentList, error)) IncidentListPage

Creates a new instance of the IncidentListPage type.

func (*IncidentListPage) Next 

func (page *IncidentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*IncidentListPage) NextWithContext 

func (page *IncidentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (IncidentListPage) NotDone 

func (page IncidentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (IncidentListPage) Response 

func (page IncidentListPage) Response() IncidentList

Response returns the raw server response from the last page request.

func (IncidentListPage) Values 

func (page IncidentListPage) Values() []Incident

Values returns the slice of values for the current page or nil if there are no values.

type IncidentOwnerInfo 

type IncidentOwnerInfo struct {
	// Email - The email of the user the incident is assigned to.
	Email *string `json:"email,omitempty"`
	// AssignedTo - The name of the user the incident is assigned to.
	AssignedTo *string `json:"assignedTo,omitempty"`
	// ObjectID - The object id of the user the incident is assigned to.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
	// UserPrincipalName - The user principal name of the user the incident is assigned to.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
}

IncidentOwnerInfo information on the user an incident is assigned to

type IncidentProperties 

type IncidentProperties struct {
	// AdditionalData - READ-ONLY; Additional data on the incident
	AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty"`
	// Classification - The reason the incident was closed. Possible values include: 'IncidentClassificationUndetermined', 'IncidentClassificationTruePositive', 'IncidentClassificationBenignPositive', 'IncidentClassificationFalsePositive'
	Classification IncidentClassification `json:"classification,omitempty"`
	// ClassificationComment - Describes the reason the incident was closed
	ClassificationComment *string `json:"classificationComment,omitempty"`
	// ClassificationReason - The classification reason the incident was closed with. Possible values include: 'SuspiciousActivity', 'SuspiciousButExpected', 'IncorrectAlertLogic', 'InaccurateData'
	ClassificationReason IncidentClassificationReason `json:"classificationReason,omitempty"`
	// CreatedTimeUtc - READ-ONLY; The time the incident was created
	CreatedTimeUtc *date.Time `json:"createdTimeUtc,omitempty"`
	// Description - The description of the incident
	Description *string `json:"description,omitempty"`
	// FirstActivityTimeUtc - The time of the first activity in the incident
	FirstActivityTimeUtc *date.Time `json:"firstActivityTimeUtc,omitempty"`
	// IncidentURL - READ-ONLY; The deep-link url to the incident in Azure portal
	IncidentURL *string `json:"incidentUrl,omitempty"`
	// IncidentNumber - READ-ONLY; A sequential number
	IncidentNumber *int32 `json:"incidentNumber,omitempty"`
	// Labels - List of labels relevant to this incident
	Labels *[]IncidentLabel `json:"labels,omitempty"`
	// LastActivityTimeUtc - The time of the last activity in the incident
	LastActivityTimeUtc *date.Time `json:"lastActivityTimeUtc,omitempty"`
	// LastModifiedTimeUtc - READ-ONLY; The last time the incident was updated
	LastModifiedTimeUtc *date.Time `json:"lastModifiedTimeUtc,omitempty"`
	// Owner - Describes a user that the incident is assigned to
	Owner *IncidentOwnerInfo `json:"owner,omitempty"`
	// RelatedAnalyticRuleIds - READ-ONLY; List of resource ids of Analytic rules related to the incident
	RelatedAnalyticRuleIds *[]string `json:"relatedAnalyticRuleIds,omitempty"`
	// Severity - The severity of the incident. Possible values include: 'IncidentSeverityHigh', 'IncidentSeverityMedium', 'IncidentSeverityLow', 'IncidentSeverityInformational'
	Severity IncidentSeverity `json:"severity,omitempty"`
	// Status - The status of the incident. Possible values include: 'IncidentStatusNew', 'IncidentStatusActive', 'IncidentStatusClosed'
	Status IncidentStatus `json:"status,omitempty"`
	// Title - The title of the incident
	Title *string `json:"title,omitempty"`
}

IncidentProperties describes incident properties

func (IncidentProperties) MarshalJSON 

func (IP IncidentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IncidentProperties.

type IncidentRelationsClient 

type IncidentRelationsClient struct {
	BaseClient
}

IncidentRelationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentRelationsClient 

func NewIncidentRelationsClient(subscriptionID string) IncidentRelationsClient

NewIncidentRelationsClient creates an instance of the IncidentRelationsClient client.

func NewIncidentRelationsClientWithBaseURI 

func NewIncidentRelationsClientWithBaseURI(baseURI string, subscriptionID string) IncidentRelationsClient

NewIncidentRelationsClientWithBaseURI creates an instance of the IncidentRelationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentRelationsClient) CreateOrUpdateRelation 

func (client IncidentRelationsClient) CreateOrUpdateRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string, relation Relation) (result Relation, err error)

CreateOrUpdateRelation creates or updates the incident relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name relation - the relation model

func (IncidentRelationsClient) CreateOrUpdateRelationPreparer 

func (client IncidentRelationsClient) CreateOrUpdateRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string, relation Relation) (*http.Request, error)

CreateOrUpdateRelationPreparer prepares the CreateOrUpdateRelation request.

func (IncidentRelationsClient) CreateOrUpdateRelationResponder 

func (client IncidentRelationsClient) CreateOrUpdateRelationResponder(resp *http.Response) (result Relation, err error)

CreateOrUpdateRelationResponder handles the response to the CreateOrUpdateRelation request. The method always closes the http.Response Body.

func (IncidentRelationsClient) CreateOrUpdateRelationSender 

func (client IncidentRelationsClient) CreateOrUpdateRelationSender(req *http.Request) (*http.Response, error)

CreateOrUpdateRelationSender sends the CreateOrUpdateRelation request. The method will close the http.Response Body if it receives an error.

func (IncidentRelationsClient) DeleteRelation 

func (client IncidentRelationsClient) DeleteRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (result autorest.Response, err error)

DeleteRelation delete the incident relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name

func (IncidentRelationsClient) DeleteRelationPreparer 

func (client IncidentRelationsClient) DeleteRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (*http.Request, error)

DeleteRelationPreparer prepares the DeleteRelation request.

func (IncidentRelationsClient) DeleteRelationResponder 

func (client IncidentRelationsClient) DeleteRelationResponder(resp *http.Response) (result autorest.Response, err error)

DeleteRelationResponder handles the response to the DeleteRelation request. The method always closes the http.Response Body.

func (IncidentRelationsClient) DeleteRelationSender 

func (client IncidentRelationsClient) DeleteRelationSender(req *http.Request) (*http.Response, error)

DeleteRelationSender sends the DeleteRelation request. The method will close the http.Response Body if it receives an error.

func (IncidentRelationsClient) GetRelation 

func (client IncidentRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (result Relation, err error)

GetRelation gets an incident relation. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID relationName - relation Name

func (IncidentRelationsClient) GetRelationPreparer 

func (client IncidentRelationsClient) GetRelationPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, relationName string) (*http.Request, error)

GetRelationPreparer prepares the GetRelation request.

func (IncidentRelationsClient) GetRelationResponder 

func (client IncidentRelationsClient) GetRelationResponder(resp *http.Response) (result Relation, err error)

GetRelationResponder handles the response to the GetRelation request. The method always closes the http.Response Body.

func (IncidentRelationsClient) GetRelationSender 

func (client IncidentRelationsClient) GetRelationSender(req *http.Request) (*http.Response, error)

GetRelationSender sends the GetRelation request. The method will close the http.Response Body if it receives an error.

func (IncidentRelationsClient) List 

func (client IncidentRelationsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result RelationListPage, err error)

List gets all incident relations. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentRelationsClient) ListComplete 

func (client IncidentRelationsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (result RelationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentRelationsClient) ListPreparer 

func (client IncidentRelationsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (IncidentRelationsClient) ListResponder 

func (client IncidentRelationsClient) ListResponder(resp *http.Response) (result RelationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (IncidentRelationsClient) ListSender 

func (client IncidentRelationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type IncidentSeverity 

type IncidentSeverity string

IncidentSeverity enumerates the values for incident severity. 

const (
	// IncidentSeverityHigh High severity
	IncidentSeverityHigh IncidentSeverity = "High"
	// IncidentSeverityInformational Informational severity
	IncidentSeverityInformational IncidentSeverity = "Informational"
	// IncidentSeverityLow Low severity
	IncidentSeverityLow IncidentSeverity = "Low"
	// IncidentSeverityMedium Medium severity
	IncidentSeverityMedium IncidentSeverity = "Medium"
)

func PossibleIncidentSeverityValues 

func PossibleIncidentSeverityValues() []IncidentSeverity

PossibleIncidentSeverityValues returns an array of possible values for the IncidentSeverity const type.

type IncidentStatus 

type IncidentStatus string

IncidentStatus enumerates the values for incident status. 

const (
	// IncidentStatusActive An active incident which is being handled
	IncidentStatusActive IncidentStatus = "Active"
	// IncidentStatusClosed A non-active incident
	IncidentStatusClosed IncidentStatus = "Closed"
	// IncidentStatusNew An active incident which isn't being handled currently
	IncidentStatusNew IncidentStatus = "New"
)

func PossibleIncidentStatusValues 

func PossibleIncidentStatusValues() []IncidentStatus

PossibleIncidentStatusValues returns an array of possible values for the IncidentStatus const type.

type IncidentsClient 

type IncidentsClient struct {
	BaseClient
}

IncidentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewIncidentsClient 

func NewIncidentsClient(subscriptionID string) IncidentsClient

NewIncidentsClient creates an instance of the IncidentsClient client.

func NewIncidentsClientWithBaseURI 

func NewIncidentsClientWithBaseURI(baseURI string, subscriptionID string) IncidentsClient

NewIncidentsClientWithBaseURI creates an instance of the IncidentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (IncidentsClient) CreateOrUpdate 

func (client IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incident Incident) (result Incident, err error)

CreateOrUpdate creates or updates the incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID incident - the incident

func (IncidentsClient) CreateOrUpdatePreparer 

func (client IncidentsClient) CreateOrUpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string, incident Incident) (*http.Request, error)

CreateOrUpdatePreparer prepares the CreateOrUpdate request.

func (IncidentsClient) CreateOrUpdateResponder 

func (client IncidentsClient) CreateOrUpdateResponder(resp *http.Response) (result Incident, err error)

CreateOrUpdateResponder handles the response to the CreateOrUpdate request. The method always closes the http.Response Body.

func (IncidentsClient) CreateOrUpdateSender 

func (client IncidentsClient) CreateOrUpdateSender(req *http.Request) (*http.Response, error)

CreateOrUpdateSender sends the CreateOrUpdate request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) Delete 

func (client IncidentsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result autorest.Response, err error)

Delete delete the incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) DeletePreparer 

func (client IncidentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (IncidentsClient) DeleteResponder 

func (client IncidentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (IncidentsClient) DeleteSender 

func (client IncidentsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) Get 

func (client IncidentsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result Incident, err error)

Get gets an incident. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) GetPreparer 

func (client IncidentsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (IncidentsClient) GetResponder 

func (client IncidentsClient) GetResponder(resp *http.Response) (result Incident, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (IncidentsClient) GetSender 

func (client IncidentsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) List 

func (client IncidentsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListPage, err error)

List gets all incidents. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. orderby - sorts the results. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

func (IncidentsClient) ListComplete 

func (client IncidentsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (result IncidentListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (IncidentsClient) ListOfAlerts 

func (client IncidentsClient) ListOfAlerts(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentAlertList, err error)

ListOfAlerts gets all incident alerts. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) ListOfAlertsPreparer 

func (client IncidentsClient) ListOfAlertsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)

ListOfAlertsPreparer prepares the ListOfAlerts request.

func (IncidentsClient) ListOfAlertsResponder 

func (client IncidentsClient) ListOfAlertsResponder(resp *http.Response) (result IncidentAlertList, err error)

ListOfAlertsResponder handles the response to the ListOfAlerts request. The method always closes the http.Response Body.

func (IncidentsClient) ListOfAlertsSender 

func (client IncidentsClient) ListOfAlertsSender(req *http.Request) (*http.Response, error)

ListOfAlertsSender sends the ListOfAlerts request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) ListOfBookmarks 

func (client IncidentsClient) ListOfBookmarks(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentBookmarkList, err error)

ListOfBookmarks gets all incident bookmarks. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) ListOfBookmarksPreparer 

func (client IncidentsClient) ListOfBookmarksPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)

ListOfBookmarksPreparer prepares the ListOfBookmarks request.

func (IncidentsClient) ListOfBookmarksResponder 

func (client IncidentsClient) ListOfBookmarksResponder(resp *http.Response) (result IncidentBookmarkList, err error)

ListOfBookmarksResponder handles the response to the ListOfBookmarks request. The method always closes the http.Response Body.

func (IncidentsClient) ListOfBookmarksSender 

func (client IncidentsClient) ListOfBookmarksSender(req *http.Request) (*http.Response, error)

ListOfBookmarksSender sends the ListOfBookmarks request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) ListOfEntities 

func (client IncidentsClient) ListOfEntities(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (result IncidentEntitiesResponse, err error)

ListOfEntities gets all incident related entities. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. incidentID - incident ID

func (IncidentsClient) ListOfEntitiesPreparer 

func (client IncidentsClient) ListOfEntitiesPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, incidentID string) (*http.Request, error)

ListOfEntitiesPreparer prepares the ListOfEntities request.

func (IncidentsClient) ListOfEntitiesResponder 

func (client IncidentsClient) ListOfEntitiesResponder(resp *http.Response) (result IncidentEntitiesResponse, err error)

ListOfEntitiesResponder handles the response to the ListOfEntities request. The method always closes the http.Response Body.

func (IncidentsClient) ListOfEntitiesSender 

func (client IncidentsClient) ListOfEntitiesSender(req *http.Request) (*http.Response, error)

ListOfEntitiesSender sends the ListOfEntities request. The method will close the http.Response Body if it receives an error.

func (IncidentsClient) ListPreparer 

func (client IncidentsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, orderby string, top *int32, skipToken string) (*http.Request, error)

ListPreparer prepares the List request.

func (IncidentsClient) ListResponder 

func (client IncidentsClient) ListResponder(resp *http.Response) (result IncidentList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (IncidentsClient) ListSender 

func (client IncidentsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type IoTDeviceEntity 

type IoTDeviceEntity struct {
	// IoTDeviceEntityProperties - IoTDevice entity properties
	*IoTDeviceEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

IoTDeviceEntity represents an IoT device entity.

func (IoTDeviceEntity) AsAccountEntity 

func (itde IoTDeviceEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsAzureResourceEntity 

func (itde IoTDeviceEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsBasicEntity 

func (itde IoTDeviceEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsCloudApplicationEntity 

func (itde IoTDeviceEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsDNSEntity 

func (itde IoTDeviceEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsEntity 

func (itde IoTDeviceEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsFileEntity 

func (itde IoTDeviceEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsFileHashEntity 

func (itde IoTDeviceEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsHostEntity 

func (itde IoTDeviceEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsHuntingBookmark 

func (itde IoTDeviceEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsIPEntity 

func (itde IoTDeviceEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsIoTDeviceEntity 

func (itde IoTDeviceEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsMalwareEntity 

func (itde IoTDeviceEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsProcessEntity 

func (itde IoTDeviceEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsRegistryKeyEntity 

func (itde IoTDeviceEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsRegistryValueEntity 

func (itde IoTDeviceEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsSecurityAlert 

func (itde IoTDeviceEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsSecurityGroupEntity 

func (itde IoTDeviceEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) AsURLEntity 

func (itde IoTDeviceEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for IoTDeviceEntity.

func (IoTDeviceEntity) MarshalJSON 

func (itde IoTDeviceEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IoTDeviceEntity.

func (*IoTDeviceEntity) UnmarshalJSON 

func (itde *IoTDeviceEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for IoTDeviceEntity struct.

type IoTDeviceEntityProperties 

type IoTDeviceEntityProperties struct {
	// DeviceID - READ-ONLY; The ID of the IoT Device in the IoT Hub
	DeviceID *string `json:"deviceId,omitempty"`
	// IotSecurityAgentID - READ-ONLY; The ID of the security agent running on the device
	IotSecurityAgentID *uuid.UUID `json:"iotSecurityAgentId,omitempty"`
	// DeviceType - READ-ONLY; The type of the device
	DeviceType *string `json:"deviceType,omitempty"`
	// Vendor - READ-ONLY; The vendor of the device
	Vendor *string `json:"vendor,omitempty"`
	// EdgeID - READ-ONLY; The ID of the edge device
	EdgeID *string `json:"edgeId,omitempty"`
	// IotHubEntityID - READ-ONLY; The AzureResource entity id of the IoT Hub
	IotHubEntityID *string `json:"iotHubEntityId,omitempty"`
	// HostEntityID - READ-ONLY; The Host entity id of this device
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// ThreatIntelligence - READ-ONLY; A list of TI contexts attached to the IoTDevice entity.
	ThreatIntelligence *[]ThreatIntelligence `json:"threatIntelligence,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

IoTDeviceEntityProperties ioTDevice entity property bag.

func (IoTDeviceEntityProperties) MarshalJSON 

func (itdep IoTDeviceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for IoTDeviceEntityProperties.

type KillChainIntent 

type KillChainIntent string

KillChainIntent enumerates the values for kill chain intent. 

const (
	// KillChainIntentCollection Collection consists of techniques used to identify and gather information,
	// such as sensitive files, from a target network prior to exfiltration. This category also covers
	// locations on a system or network where the adversary may look for information to exfiltrate.
	KillChainIntentCollection KillChainIntent = "Collection"
	// KillChainIntentCommandAndControl The command and control tactic represents how adversaries communicate
	// with systems under their control within a target network.
	KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl"
	// KillChainIntentCredentialAccess Credential access represents techniques resulting in access to or
	// control over system, domain, or service credentials that are used within an enterprise environment.
	// Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts
	// (local system administrator or domain users with administrator access) to use within the network. With
	// sufficient access within a network, an adversary can create accounts for later use within the
	// environment.
	KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess"
	// KillChainIntentDefenseEvasion Defense evasion consists of techniques an adversary may use to evade
	// detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques
	// in other categories that have the added benefit of subverting a particular defense or mitigation.
	KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion"
	// KillChainIntentDiscovery Discovery consists of techniques that allow the adversary to gain knowledge
	// about the system and internal network. When adversaries gain access to a new system, they must orient
	// themselves to what they now have control of and what benefits operating from that system give to their
	// current objective or overall goals during the intrusion. The operating system provides many native tools
	// that aid in this post-compromise information-gathering phase.
	KillChainIntentDiscovery KillChainIntent = "Discovery"
	// KillChainIntentExecution The execution tactic represents techniques that result in execution of
	// adversary-controlled code on a local or remote system. This tactic is often used in conjunction with
	// lateral movement to expand access to remote systems on a network.
	KillChainIntentExecution KillChainIntent = "Execution"
	// KillChainIntentExfiltration Exfiltration refers to techniques and attributes that result or aid in the
	// adversary removing files and information from a target network. This category also covers locations on a
	// system or network where the adversary may look for information to exfiltrate.
	KillChainIntentExfiltration KillChainIntent = "Exfiltration"
	// KillChainIntentExploitation Exploitation is the stage where an attacker manage to get foothold on the
	// attacked resource. This stage is applicable not only for compute hosts, but also for resources such as
	// user accounts, certificates etc. Adversaries will often be able to control the resource after this
	// stage.
	KillChainIntentExploitation KillChainIntent = "Exploitation"
	// KillChainIntentImpact The impact intent primary objective is to directly reduce the availability or
	// integrity of a system, service, or network; including manipulation of data to impact a business or
	// operational process. This would often refer to techniques such as ransom-ware, defacement, data
	// manipulation and others.
	KillChainIntentImpact KillChainIntent = "Impact"
	// KillChainIntentLateralMovement Lateral movement consists of techniques that enable an adversary to
	// access and control remote systems on a network and could, but does not necessarily, include execution of
	// tools on remote systems. The lateral movement techniques could allow an adversary to gather information
	// from a system without needing additional tools, such as a remote access tool. An adversary can use
	// lateral movement for many purposes, including remote Execution of tools, pivoting to additional systems,
	// access to specific information or files, access to additional credentials, or to cause an effect.
	KillChainIntentLateralMovement KillChainIntent = "LateralMovement"
	// KillChainIntentPersistence Persistence is any access, action, or configuration change to a system that
	// gives an adversary a persistent presence on that system. Adversaries will often need to maintain access
	// to systems through interruptions such as system restarts, loss of credentials, or other failures that
	// would require a remote access tool to restart or alternate backdoor for them to regain access.
	KillChainIntentPersistence KillChainIntent = "Persistence"
	// KillChainIntentPrivilegeEscalation Privilege escalation is the result of actions that allow an adversary
	// to obtain a higher level of permissions on a system or network. Certain tools or actions require a
	// higher level of privilege to work and are likely necessary at many points throughout an operation. User
	// accounts with permissions to access specific systems or perform specific functions necessary for
	// adversaries to achieve their objective may also be considered an escalation of privilege.
	KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
	// KillChainIntentProbing Probing could be an attempt to access a certain resource regardless of a
	// malicious intent or a failed attempt to gain access to a target system to gather information prior to
	// exploitation. This step is usually detected as an attempt originating from outside the network in
	// attempt to scan the target system and find a way in.
	KillChainIntentProbing KillChainIntent = "Probing"
	// KillChainIntentUnknown The default value.
	KillChainIntentUnknown KillChainIntent = "Unknown"
)

func PossibleKillChainIntentValues 

func PossibleKillChainIntentValues() []KillChainIntent

PossibleKillChainIntentValues returns an array of possible values for the KillChainIntent const type.

type Kind 

type Kind string

Kind enumerates the values for kind. 

const (
	// KindAggregations ...
	KindAggregations Kind = "Aggregations"
	// KindCasesAggregation ...
	KindCasesAggregation Kind = "CasesAggregation"
)

func PossibleKindValues 

func PossibleKindValues() []Kind

PossibleKindValues returns an array of possible values for the Kind const type.

type KindBasicAlertRule 

type KindBasicAlertRule string

KindBasicAlertRule enumerates the values for kind basic alert rule. 

const (
	// KindAlertRule ...
	KindAlertRule KindBasicAlertRule = "AlertRule"
	// KindFusion ...
	KindFusion KindBasicAlertRule = "Fusion"
	// KindMicrosoftSecurityIncidentCreation ...
	KindMicrosoftSecurityIncidentCreation KindBasicAlertRule = "MicrosoftSecurityIncidentCreation"
	// KindScheduled ...
	KindScheduled KindBasicAlertRule = "Scheduled"
)

func PossibleKindBasicAlertRuleValues 

func PossibleKindBasicAlertRuleValues() []KindBasicAlertRule

PossibleKindBasicAlertRuleValues returns an array of possible values for the KindBasicAlertRule const type.

type KindBasicAlertRuleTemplate 

type KindBasicAlertRuleTemplate string

KindBasicAlertRuleTemplate enumerates the values for kind basic alert rule template. 

const (
	// KindBasicAlertRuleTemplateKindAlertRuleTemplate ...
	KindBasicAlertRuleTemplateKindAlertRuleTemplate KindBasicAlertRuleTemplate = "AlertRuleTemplate"
	// KindBasicAlertRuleTemplateKindFusion ...
	KindBasicAlertRuleTemplateKindFusion KindBasicAlertRuleTemplate = "Fusion"
	// KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation ...
	KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation KindBasicAlertRuleTemplate = "MicrosoftSecurityIncidentCreation"
	// KindBasicAlertRuleTemplateKindScheduled ...
	KindBasicAlertRuleTemplateKindScheduled KindBasicAlertRuleTemplate = "Scheduled"
)

func PossibleKindBasicAlertRuleTemplateValues 

func PossibleKindBasicAlertRuleTemplateValues() []KindBasicAlertRuleTemplate

PossibleKindBasicAlertRuleTemplateValues returns an array of possible values for the KindBasicAlertRuleTemplate const type.

type KindBasicDataConnector 

type KindBasicDataConnector string

KindBasicDataConnector enumerates the values for kind basic data connector. 

const (
	// KindAmazonWebServicesCloudTrail ...
	KindAmazonWebServicesCloudTrail KindBasicDataConnector = "AmazonWebServicesCloudTrail"
	// KindAzureActiveDirectory ...
	KindAzureActiveDirectory KindBasicDataConnector = "AzureActiveDirectory"
	// KindAzureAdvancedThreatProtection ...
	KindAzureAdvancedThreatProtection KindBasicDataConnector = "AzureAdvancedThreatProtection"
	// KindAzureSecurityCenter ...
	KindAzureSecurityCenter KindBasicDataConnector = "AzureSecurityCenter"
	// KindDataConnector ...
	KindDataConnector KindBasicDataConnector = "DataConnector"
	// KindMicrosoftCloudAppSecurity ...
	KindMicrosoftCloudAppSecurity KindBasicDataConnector = "MicrosoftCloudAppSecurity"
	// KindMicrosoftDefenderAdvancedThreatProtection ...
	KindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnector = "MicrosoftDefenderAdvancedThreatProtection"
	// KindOffice365 ...
	KindOffice365 KindBasicDataConnector = "Office365"
	// KindOfficeATP ...
	KindOfficeATP KindBasicDataConnector = "OfficeATP"
	// KindThreatIntelligence ...
	KindThreatIntelligence KindBasicDataConnector = "ThreatIntelligence"
	// KindThreatIntelligenceTaxii ...
	KindThreatIntelligenceTaxii KindBasicDataConnector = "ThreatIntelligenceTaxii"
)

func PossibleKindBasicDataConnectorValues 

func PossibleKindBasicDataConnectorValues() []KindBasicDataConnector

PossibleKindBasicDataConnectorValues returns an array of possible values for the KindBasicDataConnector const type.

type KindBasicDataConnectorsCheckRequirements 

type KindBasicDataConnectorsCheckRequirements string

KindBasicDataConnectorsCheckRequirements enumerates the values for kind basic data connectors check requirements. 

const (
	// KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail ...
	KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail KindBasicDataConnectorsCheckRequirements = "AmazonWebServicesCloudTrail"
	// KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory ...
	KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory KindBasicDataConnectorsCheckRequirements = "AzureActiveDirectory"
	// KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection ...
	KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "AzureAdvancedThreatProtection"
	// KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter ...
	KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter KindBasicDataConnectorsCheckRequirements = "AzureSecurityCenter"
	// KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements ...
	KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements KindBasicDataConnectorsCheckRequirements = "DataConnectorsCheckRequirements"
	// KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity ...
	KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity KindBasicDataConnectorsCheckRequirements = "MicrosoftCloudAppSecurity"
	// KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection ...
	KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection KindBasicDataConnectorsCheckRequirements = "MicrosoftDefenderAdvancedThreatProtection"
	// KindBasicDataConnectorsCheckRequirementsKindOfficeATP ...
	KindBasicDataConnectorsCheckRequirementsKindOfficeATP KindBasicDataConnectorsCheckRequirements = "OfficeATP"
	// KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence ...
	KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence KindBasicDataConnectorsCheckRequirements = "ThreatIntelligence"
	// KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii ...
	KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii KindBasicDataConnectorsCheckRequirements = "ThreatIntelligenceTaxii"
)

func PossibleKindBasicDataConnectorsCheckRequirementsValues 

func PossibleKindBasicDataConnectorsCheckRequirementsValues() []KindBasicDataConnectorsCheckRequirements

PossibleKindBasicDataConnectorsCheckRequirementsValues returns an array of possible values for the KindBasicDataConnectorsCheckRequirements const type.

type KindBasicEntity 

type KindBasicEntity string

KindBasicEntity enumerates the values for kind basic entity. 

const (
	// KindAccount ...
	KindAccount KindBasicEntity = "Account"
	// KindAzureResource ...
	KindAzureResource KindBasicEntity = "AzureResource"
	// KindBookmark ...
	KindBookmark KindBasicEntity = "Bookmark"
	// KindCloudApplication ...
	KindCloudApplication KindBasicEntity = "CloudApplication"
	// KindDNSResolution ...
	KindDNSResolution KindBasicEntity = "DnsResolution"
	// KindEntity ...
	KindEntity KindBasicEntity = "Entity"
	// KindFile ...
	KindFile KindBasicEntity = "File"
	// KindFileHash ...
	KindFileHash KindBasicEntity = "FileHash"
	// KindHost ...
	KindHost KindBasicEntity = "Host"
	// KindIoTDevice ...
	KindIoTDevice KindBasicEntity = "IoTDevice"
	// KindIP ...
	KindIP KindBasicEntity = "Ip"
	// KindMalware ...
	KindMalware KindBasicEntity = "Malware"
	// KindProcess ...
	KindProcess KindBasicEntity = "Process"
	// KindRegistryKey ...
	KindRegistryKey KindBasicEntity = "RegistryKey"
	// KindRegistryValue ...
	KindRegistryValue KindBasicEntity = "RegistryValue"
	// KindSecurityAlert ...
	KindSecurityAlert KindBasicEntity = "SecurityAlert"
	// KindSecurityGroup ...
	KindSecurityGroup KindBasicEntity = "SecurityGroup"
	// KindURL ...
	KindURL KindBasicEntity = "Url"
)

func PossibleKindBasicEntityValues 

func PossibleKindBasicEntityValues() []KindBasicEntity

PossibleKindBasicEntityValues returns an array of possible values for the KindBasicEntity const type.

type KindBasicEntityTimelineItem 

type KindBasicEntityTimelineItem string

KindBasicEntityTimelineItem enumerates the values for kind basic entity timeline item. 

const (
	// KindBasicEntityTimelineItemKindActivity ...
	KindBasicEntityTimelineItemKindActivity KindBasicEntityTimelineItem = "Activity"
	// KindBasicEntityTimelineItemKindBookmark ...
	KindBasicEntityTimelineItemKindBookmark KindBasicEntityTimelineItem = "Bookmark"
	// KindBasicEntityTimelineItemKindEntityTimelineItem ...
	KindBasicEntityTimelineItemKindEntityTimelineItem KindBasicEntityTimelineItem = "EntityTimelineItem"
	// KindBasicEntityTimelineItemKindSecurityAlert ...
	KindBasicEntityTimelineItemKindSecurityAlert KindBasicEntityTimelineItem = "SecurityAlert"
)

func PossibleKindBasicEntityTimelineItemValues 

func PossibleKindBasicEntityTimelineItemValues() []KindBasicEntityTimelineItem

PossibleKindBasicEntityTimelineItemValues returns an array of possible values for the KindBasicEntityTimelineItem const type.

type KindBasicSettings 

type KindBasicSettings string

KindBasicSettings enumerates the values for kind basic settings. 

const (
	// KindEntityAnalytics ...
	KindEntityAnalytics KindBasicSettings = "EntityAnalytics"
	// KindEyesOn ...
	KindEyesOn KindBasicSettings = "EyesOn"
	// KindSettings ...
	KindSettings KindBasicSettings = "Settings"
	// KindUeba ...
	KindUeba KindBasicSettings = "Ueba"
)

func PossibleKindBasicSettingsValues 

func PossibleKindBasicSettingsValues() []KindBasicSettings

PossibleKindBasicSettingsValues returns an array of possible values for the KindBasicSettings const type.

type KindBasicThreatIntelligenceInformation 

type KindBasicThreatIntelligenceInformation string

KindBasicThreatIntelligenceInformation enumerates the values for kind basic threat intelligence information. 

const (
	// KindIndicator ...
	KindIndicator KindBasicThreatIntelligenceInformation = "indicator"
	// KindThreatIntelligenceInformation ...
	KindThreatIntelligenceInformation KindBasicThreatIntelligenceInformation = "ThreatIntelligenceInformation"
)

func PossibleKindBasicThreatIntelligenceInformationValues 

func PossibleKindBasicThreatIntelligenceInformationValues() []KindBasicThreatIntelligenceInformation

PossibleKindBasicThreatIntelligenceInformationValues returns an array of possible values for the KindBasicThreatIntelligenceInformation const type.

type MCASCheckRequirements 

type MCASCheckRequirements struct {
	// MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties.
	*MCASCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

MCASCheckRequirements represents MCAS (Microsoft Cloud App Security) requirements check request.

func (MCASCheckRequirements) AsAADCheckRequirements 

func (mcr MCASCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsAATPCheckRequirements 

func (mcr MCASCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsASCCheckRequirements 

func (mcr MCASCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (mcr MCASCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (mcr MCASCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsDataConnectorsCheckRequirements 

func (mcr MCASCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsMCASCheckRequirements 

func (mcr MCASCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsMDATPCheckRequirements 

func (mcr MCASCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsOfficeATPCheckRequirements 

func (mcr MCASCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsTICheckRequirements 

func (mcr MCASCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) AsTiTaxiiCheckRequirements 

func (mcr MCASCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MCASCheckRequirements.

func (MCASCheckRequirements) MarshalJSON 

func (mcr MCASCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MCASCheckRequirements.

func (*MCASCheckRequirements) UnmarshalJSON 

func (mcr *MCASCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MCASCheckRequirements struct.

type MCASCheckRequirementsProperties 

type MCASCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASCheckRequirementsProperties MCAS (Microsoft Cloud App Security) requirements check properties.

type MCASDataConnector 

type MCASDataConnector struct {
	// MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties.
	*MCASDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

MCASDataConnector represents MCAS (Microsoft Cloud App Security) data connector.

func (MCASDataConnector) AsAADDataConnector 

func (mdc MCASDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAATPDataConnector 

func (mdc MCASDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsASCDataConnector 

func (mdc MCASDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsAwsCloudTrailDataConnector 

func (mdc MCASDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsBasicDataConnector 

func (mdc MCASDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsDataConnector 

func (mdc MCASDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMCASDataConnector 

func (mdc MCASDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsMDATPDataConnector 

func (mdc MCASDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsOfficeATPDataConnector 

func (mdc MCASDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsOfficeDataConnector 

func (mdc MCASDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsTIDataConnector 

func (mdc MCASDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) AsTiTaxiiDataConnector 

func (mdc MCASDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for MCASDataConnector.

func (MCASDataConnector) MarshalJSON 

func (mdc MCASDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MCASDataConnector.

func (*MCASDataConnector) UnmarshalJSON 

func (mdc *MCASDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MCASDataConnector struct.

type MCASDataConnectorDataTypes 

type MCASDataConnectorDataTypes struct {
	// DiscoveryLogs - Discovery log data type connection.
	DiscoveryLogs *MCASDataConnectorDataTypesDiscoveryLogs `json:"discoveryLogs,omitempty"`
	// Alerts - Alerts data type connection.
	Alerts *AlertsDataTypeOfDataConnectorAlerts `json:"alerts,omitempty"`
}

MCASDataConnectorDataTypes the available data types for MCAS (Microsoft Cloud App Security) data connector.

type MCASDataConnectorDataTypesDiscoveryLogs 

type MCASDataConnectorDataTypesDiscoveryLogs struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

MCASDataConnectorDataTypesDiscoveryLogs discovery log data type connection.

type MCASDataConnectorProperties 

type MCASDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASDataConnectorProperties MCAS (Microsoft Cloud App Security) data connector properties.

type MDATPCheckRequirements 

type MDATPCheckRequirements struct {
	// MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.
	*MDATPCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

MDATPCheckRequirements represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.

func (MDATPCheckRequirements) AsAADCheckRequirements 

func (mcr MDATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsAATPCheckRequirements 

func (mcr MDATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsASCCheckRequirements 

func (mcr MDATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (mcr MDATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (mcr MDATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsDataConnectorsCheckRequirements 

func (mcr MDATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsMCASCheckRequirements 

func (mcr MDATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsMDATPCheckRequirements 

func (mcr MDATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsOfficeATPCheckRequirements 

func (mcr MDATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsTICheckRequirements 

func (mcr MDATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) AsTiTaxiiCheckRequirements 

func (mcr MDATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for MDATPCheckRequirements.

func (MDATPCheckRequirements) MarshalJSON 

func (mcr MDATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MDATPCheckRequirements.

func (*MDATPCheckRequirements) UnmarshalJSON 

func (mcr *MDATPCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MDATPCheckRequirements struct.

type MDATPCheckRequirementsProperties 

type MDATPCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MDATPCheckRequirementsProperties MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.

type MDATPDataConnector 

type MDATPDataConnector struct {
	// MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
	*MDATPDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

MDATPDataConnector represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

func (MDATPDataConnector) AsAADDataConnector 

func (mdc MDATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAATPDataConnector 

func (mdc MDATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsASCDataConnector 

func (mdc MDATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsAwsCloudTrailDataConnector 

func (mdc MDATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsBasicDataConnector 

func (mdc MDATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsDataConnector 

func (mdc MDATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMCASDataConnector 

func (mdc MDATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsMDATPDataConnector 

func (mdc MDATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsOfficeATPDataConnector 

func (mdc MDATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsOfficeDataConnector 

func (mdc MDATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsTIDataConnector 

func (mdc MDATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) AsTiTaxiiDataConnector 

func (mdc MDATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for MDATPDataConnector.

func (MDATPDataConnector) MarshalJSON 

func (mdc MDATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MDATPDataConnector.

func (*MDATPDataConnector) UnmarshalJSON 

func (mdc *MDATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MDATPDataConnector struct.

type MDATPDataConnectorProperties 

type MDATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

MDATPDataConnectorProperties MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.

type MalwareEntity 

type MalwareEntity struct {
	// MalwareEntityProperties - File entity properties
	*MalwareEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

MalwareEntity represents a malware entity.

func (MalwareEntity) AsAccountEntity 

func (me MalwareEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsAzureResourceEntity 

func (me MalwareEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsBasicEntity 

func (me MalwareEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsCloudApplicationEntity 

func (me MalwareEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsDNSEntity 

func (me MalwareEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsEntity 

func (me MalwareEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsFileEntity 

func (me MalwareEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsFileHashEntity 

func (me MalwareEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsHostEntity 

func (me MalwareEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsHuntingBookmark 

func (me MalwareEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsIPEntity 

func (me MalwareEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsIoTDeviceEntity 

func (me MalwareEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsMalwareEntity 

func (me MalwareEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsProcessEntity 

func (me MalwareEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsRegistryKeyEntity 

func (me MalwareEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsRegistryValueEntity 

func (me MalwareEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsSecurityAlert 

func (me MalwareEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsSecurityGroupEntity 

func (me MalwareEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) AsURLEntity 

func (me MalwareEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for MalwareEntity.

func (MalwareEntity) MarshalJSON 

func (me MalwareEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MalwareEntity.

func (*MalwareEntity) UnmarshalJSON 

func (me *MalwareEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MalwareEntity struct.

type MalwareEntityProperties 

type MalwareEntityProperties struct {
	// Category - READ-ONLY; The malware category by the vendor, e.g. Trojan
	Category *string `json:"category,omitempty"`
	// FileEntityIds - READ-ONLY; List of linked file entity identifiers on which the malware was found
	FileEntityIds *[]string `json:"fileEntityIds,omitempty"`
	// MalwareName - READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn
	MalwareName *string `json:"malwareName,omitempty"`
	// ProcessEntityIds - READ-ONLY; List of linked process entity identifiers on which the malware was found.
	ProcessEntityIds *[]string `json:"processEntityIds,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

MalwareEntityProperties malware entity property bag.

func (MalwareEntityProperties) MarshalJSON 

func (mep MalwareEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MalwareEntityProperties.

type MicrosoftSecurityIncidentCreationAlertRule 

type MicrosoftSecurityIncidentCreationAlertRule struct {
	// MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule properties
	*MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRule represents MicrosoftSecurityIncidentCreation rule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON 

func (msicar MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRule.

func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON 

func (msicar *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRule struct.

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties 

type MicrosoftSecurityIncidentCreationAlertRuleCommonProperties struct {
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleCommonProperties microsoftSecurityIncidentCreation rule common property bag.

type MicrosoftSecurityIncidentCreationAlertRuleProperties 

type MicrosoftSecurityIncidentCreationAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleProperties microsoftSecurityIncidentCreation rule property bag.

func (MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON 

func (msicarp MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleProperties.

type MicrosoftSecurityIncidentCreationAlertRuleTemplate 

type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct {
	// MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties
	*MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplate represents MicrosoftSecurityIncidentCreation rule template.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON 

func (msicart *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplate struct.

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties 

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// DisplayNamesFilter - the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter *[]string `json:"displayNamesFilter,omitempty"`
	// DisplayNamesExcludeFilter - the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter *[]string `json:"displayNamesExcludeFilter,omitempty"`
	// ProductFilter - The alerts' productName on which the cases will be generated. Possible values include: 'MicrosoftCloudAppSecurity', 'AzureSecurityCenter', 'AzureAdvancedThreatProtection', 'AzureActiveDirectoryIdentityProtection', 'AzureSecurityCenterforIoT', 'Office365AdvancedThreatProtection', 'MicrosoftDefenderAdvancedThreatProtection'
	ProductFilter MicrosoftSecurityProductName `json:"productFilter,omitempty"`
	// SeveritiesFilter - the alerts' severities on which the cases will be generated
	SeveritiesFilter *[]AlertSeverity `json:"severitiesFilter,omitempty"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties microsoftSecurityIncidentCreation rule template properties

func (MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON 

func (msicart MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.

type MicrosoftSecurityProductName 

type MicrosoftSecurityProductName string

MicrosoftSecurityProductName enumerates the values for microsoft security product name. 

const (
	// AzureActiveDirectoryIdentityProtection ...
	AzureActiveDirectoryIdentityProtection MicrosoftSecurityProductName = "Azure Active Directory Identity Protection"
	// AzureAdvancedThreatProtection ...
	AzureAdvancedThreatProtection MicrosoftSecurityProductName = "Azure Advanced Threat Protection"
	// AzureSecurityCenter ...
	AzureSecurityCenter MicrosoftSecurityProductName = "Azure Security Center"
	// AzureSecurityCenterforIoT ...
	AzureSecurityCenterforIoT MicrosoftSecurityProductName = "Azure Security Center for IoT"
	// MicrosoftCloudAppSecurity ...
	MicrosoftCloudAppSecurity MicrosoftSecurityProductName = "Microsoft Cloud App Security"
	// MicrosoftDefenderAdvancedThreatProtection ...
	MicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection"
	// Office365AdvancedThreatProtection ...
	Office365AdvancedThreatProtection MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection"
)

func PossibleMicrosoftSecurityProductNameValues 

func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName

PossibleMicrosoftSecurityProductNameValues returns an array of possible values for the MicrosoftSecurityProductName const type.

type OSFamily 

type OSFamily string

OSFamily enumerates the values for os family. 

const (
	// Android Host with Android operating system.
	Android OSFamily = "Android"
	// IOS Host with IOS operating system.
	IOS OSFamily = "IOS"
	// Linux Host with Linux operating system.
	Linux OSFamily = "Linux"
	// Windows Host with Windows operating system.
	Windows OSFamily = "Windows"
)

func PossibleOSFamilyValues 

func PossibleOSFamilyValues() []OSFamily

PossibleOSFamilyValues returns an array of possible values for the OSFamily const type.

type OfficeATPCheckRequirements 

type OfficeATPCheckRequirements struct {
	// OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.
	*OfficeATPCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

OfficeATPCheckRequirements represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.

func (OfficeATPCheckRequirements) AsAADCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsAATPCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsASCCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsMCASCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsMDATPCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsOfficeATPCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsTICheckRequirements 

func (oacr OfficeATPCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements 

func (oacr OfficeATPCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) MarshalJSON 

func (oacr OfficeATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeATPCheckRequirements.

func (*OfficeATPCheckRequirements) UnmarshalJSON 

func (oacr *OfficeATPCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeATPCheckRequirements struct.

type OfficeATPCheckRequirementsProperties 

type OfficeATPCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeATPCheckRequirementsProperties officeATP (Office 365 Advanced Threat Protection) requirements check properties.

type OfficeATPDataConnector 

type OfficeATPDataConnector struct {
	// OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties.
	*OfficeATPDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

OfficeATPDataConnector represents OfficeATP (Office 365 Advanced Threat Protection) data connector.

func (OfficeATPDataConnector) AsAADDataConnector 

func (oadc OfficeATPDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsAATPDataConnector 

func (oadc OfficeATPDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsASCDataConnector 

func (oadc OfficeATPDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsAwsCloudTrailDataConnector 

func (oadc OfficeATPDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsBasicDataConnector 

func (oadc OfficeATPDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsDataConnector 

func (oadc OfficeATPDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsMCASDataConnector 

func (oadc OfficeATPDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsMDATPDataConnector 

func (oadc OfficeATPDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsOfficeATPDataConnector 

func (oadc OfficeATPDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsOfficeDataConnector 

func (oadc OfficeATPDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsTIDataConnector 

func (oadc OfficeATPDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) AsTiTaxiiDataConnector 

func (oadc OfficeATPDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeATPDataConnector.

func (OfficeATPDataConnector) MarshalJSON 

func (oadc OfficeATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeATPDataConnector.

func (*OfficeATPDataConnector) UnmarshalJSON 

func (oadc *OfficeATPDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeATPDataConnector struct.

type OfficeATPDataConnectorProperties 

type OfficeATPDataConnectorProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
	// DataTypes - The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

OfficeATPDataConnectorProperties officeATP (Office 365 Advanced Threat Protection) data connector properties.

type OfficeConsent 

type OfficeConsent struct {
	autorest.Response `json:"-"`
	// OfficeConsentProperties - Office consent properties
	*OfficeConsentProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

OfficeConsent consent for Office365 tenant that already made.

func (OfficeConsent) MarshalJSON 

func (oc OfficeConsent) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsent.

func (*OfficeConsent) UnmarshalJSON 

func (oc *OfficeConsent) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeConsent struct.

type OfficeConsentList 

type OfficeConsentList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of office consents.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of the consents.
	Value *[]OfficeConsent `json:"value,omitempty"`
}

OfficeConsentList list of all the office365 consents.

func (OfficeConsentList) IsEmpty 

func (ocl OfficeConsentList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (OfficeConsentList) MarshalJSON 

func (ocl OfficeConsentList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsentList.

type OfficeConsentListIterator 

type OfficeConsentListIterator struct {
	// contains filtered or unexported fields
}

OfficeConsentListIterator provides access to a complete listing of OfficeConsent values.

func NewOfficeConsentListIterator 

func NewOfficeConsentListIterator(page OfficeConsentListPage) OfficeConsentListIterator

Creates a new instance of the OfficeConsentListIterator type.

func (*OfficeConsentListIterator) Next 

func (iter *OfficeConsentListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OfficeConsentListIterator) NextWithContext 

func (iter *OfficeConsentListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (OfficeConsentListIterator) NotDone 

func (iter OfficeConsentListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (OfficeConsentListIterator) Response 

func (iter OfficeConsentListIterator) Response() OfficeConsentList

Response returns the raw server response from the last page request.

func (OfficeConsentListIterator) Value 

func (iter OfficeConsentListIterator) Value() OfficeConsent

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type OfficeConsentListPage 

type OfficeConsentListPage struct {
	// contains filtered or unexported fields
}

OfficeConsentListPage contains a page of OfficeConsent values.

func NewOfficeConsentListPage 

func NewOfficeConsentListPage(cur OfficeConsentList, getNextPage func(context.Context, OfficeConsentList) (OfficeConsentList, error)) OfficeConsentListPage

Creates a new instance of the OfficeConsentListPage type.

func (*OfficeConsentListPage) Next 

func (page *OfficeConsentListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OfficeConsentListPage) NextWithContext 

func (page *OfficeConsentListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (OfficeConsentListPage) NotDone 

func (page OfficeConsentListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (OfficeConsentListPage) Response 

func (page OfficeConsentListPage) Response() OfficeConsentList

Response returns the raw server response from the last page request.

func (OfficeConsentListPage) Values 

func (page OfficeConsentListPage) Values() []OfficeConsent

Values returns the slice of values for the current page or nil if there are no values.

type OfficeConsentProperties 

type OfficeConsentProperties struct {
	// TenantID - The tenantId of the Office365 with the consent.
	TenantID *string `json:"tenantId,omitempty"`
	// TenantName - READ-ONLY; The tenant name of the Office365 with the consent.
	TenantName *string `json:"tenantName,omitempty"`
}

OfficeConsentProperties consent property bag.

func (OfficeConsentProperties) MarshalJSON 

func (ocp OfficeConsentProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeConsentProperties.

type OfficeConsentsClient 

type OfficeConsentsClient struct {
	BaseClient
}

OfficeConsentsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewOfficeConsentsClient 

func NewOfficeConsentsClient(subscriptionID string) OfficeConsentsClient

NewOfficeConsentsClient creates an instance of the OfficeConsentsClient client.

func NewOfficeConsentsClientWithBaseURI 

func NewOfficeConsentsClientWithBaseURI(baseURI string, subscriptionID string) OfficeConsentsClient

NewOfficeConsentsClientWithBaseURI creates an instance of the OfficeConsentsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (OfficeConsentsClient) Delete 

func (client OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result autorest.Response, err error)

Delete delete the office365 consent. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. consentID - consent ID

func (OfficeConsentsClient) DeletePreparer 

func (client OfficeConsentsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (OfficeConsentsClient) DeleteResponder 

func (client OfficeConsentsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (OfficeConsentsClient) DeleteSender 

func (client OfficeConsentsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (OfficeConsentsClient) Get 

func (client OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (result OfficeConsent, err error)

Get gets an office365 consent. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. consentID - consent ID

func (OfficeConsentsClient) GetPreparer 

func (client OfficeConsentsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, consentID string) (*http.Request, error)

GetPreparer prepares the Get request.

func (OfficeConsentsClient) GetResponder 

func (client OfficeConsentsClient) GetResponder(resp *http.Response) (result OfficeConsent, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (OfficeConsentsClient) GetSender 

func (client OfficeConsentsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (OfficeConsentsClient) List 

func (client OfficeConsentsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result OfficeConsentListPage, err error)

List gets all office365 consents. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (OfficeConsentsClient) ListComplete 

func (client OfficeConsentsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result OfficeConsentListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (OfficeConsentsClient) ListPreparer 

func (client OfficeConsentsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (OfficeConsentsClient) ListResponder 

func (client OfficeConsentsClient) ListResponder(resp *http.Response) (result OfficeConsentList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (OfficeConsentsClient) ListSender 

func (client OfficeConsentsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type OfficeDataConnector 

type OfficeDataConnector struct {
	// OfficeDataConnectorProperties - Office data connector properties.
	*OfficeDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

OfficeDataConnector represents office data connector.

func (OfficeDataConnector) AsAADDataConnector 

func (odc OfficeDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAATPDataConnector 

func (odc OfficeDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsASCDataConnector 

func (odc OfficeDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsAwsCloudTrailDataConnector 

func (odc OfficeDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsBasicDataConnector 

func (odc OfficeDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsDataConnector 

func (odc OfficeDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMCASDataConnector 

func (odc OfficeDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsMDATPDataConnector 

func (odc OfficeDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsOfficeATPDataConnector 

func (odc OfficeDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsOfficeDataConnector 

func (odc OfficeDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsTIDataConnector 

func (odc OfficeDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) AsTiTaxiiDataConnector 

func (odc OfficeDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for OfficeDataConnector.

func (OfficeDataConnector) MarshalJSON 

func (odc OfficeDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for OfficeDataConnector.

func (*OfficeDataConnector) UnmarshalJSON 

func (odc *OfficeDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for OfficeDataConnector struct.

type OfficeDataConnectorDataTypes 

type OfficeDataConnectorDataTypes struct {
	// Exchange - Exchange data type connection.
	Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"`
	// SharePoint - SharePoint data type connection.
	SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"`
	// Teams - Teams data type connection.
	Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"`
}

OfficeDataConnectorDataTypes the available data types for office data connector.

type OfficeDataConnectorDataTypesExchange 

type OfficeDataConnectorDataTypesExchange struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesExchange exchange data type connection.

type OfficeDataConnectorDataTypesSharePoint 

type OfficeDataConnectorDataTypesSharePoint struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesSharePoint sharePoint data type connection.

type OfficeDataConnectorDataTypesTeams 

type OfficeDataConnectorDataTypesTeams struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesTeams teams data type connection.

type OfficeDataConnectorProperties 

type OfficeDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeDataConnectorProperties office data connector properties.

type Operation 

type Operation struct {
	// Display - Properties of the operation
	Display *OperationDisplay `json:"display,omitempty"`
	// Name - Name of the operation
	Name *string `json:"name,omitempty"`
}

Operation operation provided by provider

type OperationDisplay 

type OperationDisplay struct {
	// Description - Description of the operation
	Description *string `json:"description,omitempty"`
	// Operation - Operation name
	Operation *string `json:"operation,omitempty"`
	// Provider - Provider name
	Provider *string `json:"provider,omitempty"`
	// Resource - Resource name
	Resource *string `json:"resource,omitempty"`
}

OperationDisplay properties of the operation

type OperationsClient 

type OperationsClient struct {
	BaseClient
}

OperationsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewOperationsClient 

func NewOperationsClient(subscriptionID string) OperationsClient

NewOperationsClient creates an instance of the OperationsClient client.

func NewOperationsClientWithBaseURI 

func NewOperationsClientWithBaseURI(baseURI string, subscriptionID string) OperationsClient

NewOperationsClientWithBaseURI creates an instance of the OperationsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (OperationsClient) List 

func (client OperationsClient) List(ctx context.Context) (result OperationsListPage, err error)

List lists all operations available Azure Security Insights Resource Provider.

func (OperationsClient) ListComplete 

func (client OperationsClient) ListComplete(ctx context.Context) (result OperationsListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (OperationsClient) ListPreparer 

func (client OperationsClient) ListPreparer(ctx context.Context) (*http.Request, error)

ListPreparer prepares the List request.

func (OperationsClient) ListResponder 

func (client OperationsClient) ListResponder(resp *http.Response) (result OperationsList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (OperationsClient) ListSender 

func (client OperationsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type OperationsList 

type OperationsList struct {
	autorest.Response `json:"-"`
	// NextLink - URL to fetch the next set of operations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of operations
	Value *[]Operation `json:"value,omitempty"`
}

OperationsList lists the operations available in the SecurityInsights RP.

func (OperationsList) IsEmpty 

func (ol OperationsList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

type OperationsListIterator 

type OperationsListIterator struct {
	// contains filtered or unexported fields
}

OperationsListIterator provides access to a complete listing of Operation values.

func NewOperationsListIterator 

func NewOperationsListIterator(page OperationsListPage) OperationsListIterator

Creates a new instance of the OperationsListIterator type.

func (*OperationsListIterator) Next 

func (iter *OperationsListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OperationsListIterator) NextWithContext 

func (iter *OperationsListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (OperationsListIterator) NotDone 

func (iter OperationsListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (OperationsListIterator) Response 

func (iter OperationsListIterator) Response() OperationsList

Response returns the raw server response from the last page request.

func (OperationsListIterator) Value 

func (iter OperationsListIterator) Value() Operation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type OperationsListPage 

type OperationsListPage struct {
	// contains filtered or unexported fields
}

OperationsListPage contains a page of Operation values.

func NewOperationsListPage 

func NewOperationsListPage(cur OperationsList, getNextPage func(context.Context, OperationsList) (OperationsList, error)) OperationsListPage

Creates a new instance of the OperationsListPage type.

func (*OperationsListPage) Next 

func (page *OperationsListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*OperationsListPage) NextWithContext 

func (page *OperationsListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (OperationsListPage) NotDone 

func (page OperationsListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (OperationsListPage) Response 

func (page OperationsListPage) Response() OperationsList

Response returns the raw server response from the last page request.

func (OperationsListPage) Values 

func (page OperationsListPage) Values() []Operation

Values returns the slice of values for the current page or nil if there are no values.

type ProcessEntity 

type ProcessEntity struct {
	// ProcessEntityProperties - Process entity properties
	*ProcessEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

ProcessEntity represents a process entity.

func (ProcessEntity) AsAccountEntity 

func (peVar ProcessEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsAzureResourceEntity 

func (peVar ProcessEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsBasicEntity 

func (peVar ProcessEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsCloudApplicationEntity 

func (peVar ProcessEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsDNSEntity 

func (peVar ProcessEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsEntity 

func (peVar ProcessEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsFileEntity 

func (peVar ProcessEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsFileHashEntity 

func (peVar ProcessEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsHostEntity 

func (peVar ProcessEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsHuntingBookmark 

func (peVar ProcessEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsIPEntity 

func (peVar ProcessEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsIoTDeviceEntity 

func (peVar ProcessEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsMalwareEntity 

func (peVar ProcessEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsProcessEntity 

func (peVar ProcessEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsRegistryKeyEntity 

func (peVar ProcessEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsRegistryValueEntity 

func (peVar ProcessEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsSecurityAlert 

func (peVar ProcessEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsSecurityGroupEntity 

func (peVar ProcessEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) AsURLEntity 

func (peVar ProcessEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for ProcessEntity.

func (ProcessEntity) MarshalJSON 

func (peVar ProcessEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ProcessEntity.

func (*ProcessEntity) UnmarshalJSON 

func (peVar *ProcessEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ProcessEntity struct.

type ProcessEntityProperties 

type ProcessEntityProperties struct {
	// AccountEntityID - READ-ONLY; The account entity id running the processes.
	AccountEntityID *string `json:"accountEntityId,omitempty"`
	// CommandLine - READ-ONLY; The command line used to create the process
	CommandLine *string `json:"commandLine,omitempty"`
	// CreationTimeUtc - READ-ONLY; The time when the process started to run
	CreationTimeUtc *date.Time `json:"creationTimeUtc,omitempty"`
	// ElevationToken - The elevation token associated with the process. Possible values include: 'Default', 'Full', 'Limited'
	ElevationToken ElevationToken `json:"elevationToken,omitempty"`
	// HostEntityID - READ-ONLY; The host entity id on which the process was running
	HostEntityID *string `json:"hostEntityId,omitempty"`
	// HostLogonSessionEntityID - READ-ONLY; The session entity id in which the process was running
	HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty"`
	// ImageFileEntityID - READ-ONLY; Image file entity id
	ImageFileEntityID *string `json:"imageFileEntityId,omitempty"`
	// ParentProcessEntityID - READ-ONLY; The parent process entity id.
	ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty"`
	// ProcessID - READ-ONLY; The process ID
	ProcessID *string `json:"processId,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

ProcessEntityProperties process entity property bag.

func (ProcessEntityProperties) MarshalJSON 

func (pep ProcessEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ProcessEntityProperties.

type ProductSettingsClient 

type ProductSettingsClient struct {
	BaseClient
}

ProductSettingsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewProductSettingsClient 

func NewProductSettingsClient(subscriptionID string) ProductSettingsClient

NewProductSettingsClient creates an instance of the ProductSettingsClient client.

func NewProductSettingsClientWithBaseURI 

func NewProductSettingsClientWithBaseURI(baseURI string, subscriptionID string) ProductSettingsClient

NewProductSettingsClientWithBaseURI creates an instance of the ProductSettingsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ProductSettingsClient) Delete 

func (client ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result autorest.Response, err error)

Delete delete setting of the product. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba

func (ProductSettingsClient) DeletePreparer 

func (client ProductSettingsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (ProductSettingsClient) DeleteResponder 

func (client ProductSettingsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (ProductSettingsClient) DeleteSender 

func (client ProductSettingsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (ProductSettingsClient) Get 

func (client ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (result SettingsModel, err error)

Get gets a setting. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba

func (ProductSettingsClient) GetAll 

func (client ProductSettingsClient) GetAll(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result SettingList, err error)

GetAll list of all the settings Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (ProductSettingsClient) GetAllPreparer 

func (client ProductSettingsClient) GetAllPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

GetAllPreparer prepares the GetAll request.

func (ProductSettingsClient) GetAllResponder 

func (client ProductSettingsClient) GetAllResponder(resp *http.Response) (result SettingList, err error)

GetAllResponder handles the response to the GetAll request. The method always closes the http.Response Body.

func (ProductSettingsClient) GetAllSender 

func (client ProductSettingsClient) GetAllSender(req *http.Request) (*http.Response, error)

GetAllSender sends the GetAll request. The method will close the http.Response Body if it receives an error.

func (ProductSettingsClient) GetPreparer 

func (client ProductSettingsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string) (*http.Request, error)

GetPreparer prepares the Get request.

func (ProductSettingsClient) GetResponder 

func (client ProductSettingsClient) GetResponder(resp *http.Response) (result SettingsModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (ProductSettingsClient) GetSender 

func (client ProductSettingsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (ProductSettingsClient) Update 

func (client ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (result SettingsModel, err error)

Update updates setting. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. settingsName - the setting name. Supports - EyesOn, EntityAnalytics, Ueba settings - the setting

func (ProductSettingsClient) UpdatePreparer 

func (client ProductSettingsClient) UpdatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, settingsName string, settings BasicSettings) (*http.Request, error)

UpdatePreparer prepares the Update request.

func (ProductSettingsClient) UpdateResponder 

func (client ProductSettingsClient) UpdateResponder(resp *http.Response) (result SettingsModel, err error)

UpdateResponder handles the response to the Update request. The method always closes the http.Response Body.

func (ProductSettingsClient) UpdateSender 

func (client ProductSettingsClient) UpdateSender(req *http.Request) (*http.Response, error)

UpdateSender sends the Update request. The method will close the http.Response Body if it receives an error.

type RegistryHive 

type RegistryHive string

RegistryHive enumerates the values for registry hive. 

const (
	// HKEYA HKEY_A
	HKEYA RegistryHive = "HKEY_A"
	// HKEYCLASSESROOT HKEY_CLASSES_ROOT
	HKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT"
	// HKEYCURRENTCONFIG HKEY_CURRENT_CONFIG
	HKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG"
	// HKEYCURRENTUSER HKEY_CURRENT_USER
	HKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER"
	// HKEYCURRENTUSERLOCALSETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS
	HKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS"
	// HKEYLOCALMACHINE HKEY_LOCAL_MACHINE
	HKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE"
	// HKEYPERFORMANCEDATA HKEY_PERFORMANCE_DATA
	HKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA"
	// HKEYPERFORMANCENLSTEXT HKEY_PERFORMANCE_NLSTEXT
	HKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT"
	// HKEYPERFORMANCETEXT HKEY_PERFORMANCE_TEXT
	HKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT"
	// HKEYUSERS HKEY_USERS
	HKEYUSERS RegistryHive = "HKEY_USERS"
)

func PossibleRegistryHiveValues 

func PossibleRegistryHiveValues() []RegistryHive

PossibleRegistryHiveValues returns an array of possible values for the RegistryHive const type.

type RegistryKeyEntity 

type RegistryKeyEntity struct {
	// RegistryKeyEntityProperties - RegistryKey entity properties
	*RegistryKeyEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

RegistryKeyEntity represents a registry key entity.

func (RegistryKeyEntity) AsAccountEntity 

func (rke RegistryKeyEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsAzureResourceEntity 

func (rke RegistryKeyEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsBasicEntity 

func (rke RegistryKeyEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsCloudApplicationEntity 

func (rke RegistryKeyEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsDNSEntity 

func (rke RegistryKeyEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsEntity 

func (rke RegistryKeyEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsFileEntity 

func (rke RegistryKeyEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsFileHashEntity 

func (rke RegistryKeyEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsHostEntity 

func (rke RegistryKeyEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsHuntingBookmark 

func (rke RegistryKeyEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsIPEntity 

func (rke RegistryKeyEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsIoTDeviceEntity 

func (rke RegistryKeyEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsMalwareEntity 

func (rke RegistryKeyEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsProcessEntity 

func (rke RegistryKeyEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsRegistryKeyEntity 

func (rke RegistryKeyEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsRegistryValueEntity 

func (rke RegistryKeyEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsSecurityAlert 

func (rke RegistryKeyEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsSecurityGroupEntity 

func (rke RegistryKeyEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) AsURLEntity 

func (rke RegistryKeyEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for RegistryKeyEntity.

func (RegistryKeyEntity) MarshalJSON 

func (rke RegistryKeyEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryKeyEntity.

func (*RegistryKeyEntity) UnmarshalJSON 

func (rke *RegistryKeyEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RegistryKeyEntity struct.

type RegistryKeyEntityProperties 

type RegistryKeyEntityProperties struct {
	// Hive - READ-ONLY; the hive that holds the registry key. Possible values include: 'HKEYLOCALMACHINE', 'HKEYCLASSESROOT', 'HKEYCURRENTCONFIG', 'HKEYUSERS', 'HKEYCURRENTUSERLOCALSETTINGS', 'HKEYPERFORMANCEDATA', 'HKEYPERFORMANCENLSTEXT', 'HKEYPERFORMANCETEXT', 'HKEYA', 'HKEYCURRENTUSER'
	Hive RegistryHive `json:"hive,omitempty"`
	// Key - READ-ONLY; The registry key path.
	Key *string `json:"key,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

RegistryKeyEntityProperties registryKey entity property bag.

func (RegistryKeyEntityProperties) MarshalJSON 

func (rkep RegistryKeyEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryKeyEntityProperties.

type RegistryValueEntity 

type RegistryValueEntity struct {
	// RegistryValueEntityProperties - RegistryKey entity properties
	*RegistryValueEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

RegistryValueEntity represents a registry value entity.

func (RegistryValueEntity) AsAccountEntity 

func (rve RegistryValueEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsAzureResourceEntity 

func (rve RegistryValueEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsBasicEntity 

func (rve RegistryValueEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsCloudApplicationEntity 

func (rve RegistryValueEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsDNSEntity 

func (rve RegistryValueEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsEntity 

func (rve RegistryValueEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsFileEntity 

func (rve RegistryValueEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsFileHashEntity 

func (rve RegistryValueEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsHostEntity 

func (rve RegistryValueEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsHuntingBookmark 

func (rve RegistryValueEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsIPEntity 

func (rve RegistryValueEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsIoTDeviceEntity 

func (rve RegistryValueEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsMalwareEntity 

func (rve RegistryValueEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsProcessEntity 

func (rve RegistryValueEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsRegistryKeyEntity 

func (rve RegistryValueEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsRegistryValueEntity 

func (rve RegistryValueEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsSecurityAlert 

func (rve RegistryValueEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsSecurityGroupEntity 

func (rve RegistryValueEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) AsURLEntity 

func (rve RegistryValueEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for RegistryValueEntity.

func (RegistryValueEntity) MarshalJSON 

func (rve RegistryValueEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryValueEntity.

func (*RegistryValueEntity) UnmarshalJSON 

func (rve *RegistryValueEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RegistryValueEntity struct.

type RegistryValueEntityProperties 

type RegistryValueEntityProperties struct {
	// KeyEntityID - READ-ONLY; The registry key entity id.
	KeyEntityID *string `json:"keyEntityId,omitempty"`
	// ValueData - READ-ONLY; String formatted representation of the value data.
	ValueData *string `json:"valueData,omitempty"`
	// ValueName - READ-ONLY; The registry value name.
	ValueName *string `json:"valueName,omitempty"`
	// ValueType - READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Possible values include: 'RegistryValueKindNone', 'RegistryValueKindUnknown', 'RegistryValueKindString', 'RegistryValueKindExpandString', 'RegistryValueKindBinary', 'RegistryValueKindDWord', 'RegistryValueKindMultiString', 'RegistryValueKindQWord'
	ValueType RegistryValueKind `json:"valueType,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

RegistryValueEntityProperties registryValue entity property bag.

func (RegistryValueEntityProperties) MarshalJSON 

func (rvep RegistryValueEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RegistryValueEntityProperties.

type RegistryValueKind 

type RegistryValueKind string

RegistryValueKind enumerates the values for registry value kind. 

const (
	// RegistryValueKindBinary Binary value type
	RegistryValueKindBinary RegistryValueKind = "Binary"
	// RegistryValueKindDWord DWord value type
	RegistryValueKindDWord RegistryValueKind = "DWord"
	// RegistryValueKindExpandString ExpandString value type
	RegistryValueKindExpandString RegistryValueKind = "ExpandString"
	// RegistryValueKindMultiString MultiString value type
	RegistryValueKindMultiString RegistryValueKind = "MultiString"
	// RegistryValueKindNone None
	RegistryValueKindNone RegistryValueKind = "None"
	// RegistryValueKindQWord QWord value type
	RegistryValueKindQWord RegistryValueKind = "QWord"
	// RegistryValueKindString String value type
	RegistryValueKindString RegistryValueKind = "String"
	// RegistryValueKindUnknown Unknown value type
	RegistryValueKindUnknown RegistryValueKind = "Unknown"
)

func PossibleRegistryValueKindValues 

func PossibleRegistryValueKindValues() []RegistryValueKind

PossibleRegistryValueKindValues returns an array of possible values for the RegistryValueKind const type.

type Relation 

type Relation struct {
	autorest.Response `json:"-"`
	// RelationProperties - Relation properties
	*RelationProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Relation represents a relation between two resources

func (Relation) MarshalJSON 

func (r Relation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Relation.

func (*Relation) UnmarshalJSON 

func (r *Relation) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Relation struct.

type RelationBase 

type RelationBase struct {
	// Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks'
	Kind RelationTypes `json:"kind,omitempty"`
	// Etag - ETag for relation
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

RelationBase represents a relation

func (RelationBase) MarshalJSON 

func (rb RelationBase) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationBase.

type RelationList 

type RelationList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of relations.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of relations.
	Value *[]Relation `json:"value,omitempty"`
}

RelationList list of relations.

func (RelationList) IsEmpty 

func (rl RelationList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (RelationList) MarshalJSON 

func (rl RelationList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationList.

type RelationListIterator 

type RelationListIterator struct {
	// contains filtered or unexported fields
}

RelationListIterator provides access to a complete listing of Relation values.

func NewRelationListIterator 

func NewRelationListIterator(page RelationListPage) RelationListIterator

Creates a new instance of the RelationListIterator type.

func (*RelationListIterator) Next 

func (iter *RelationListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*RelationListIterator) NextWithContext 

func (iter *RelationListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (RelationListIterator) NotDone 

func (iter RelationListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (RelationListIterator) Response 

func (iter RelationListIterator) Response() RelationList

Response returns the raw server response from the last page request.

func (RelationListIterator) Value 

func (iter RelationListIterator) Value() Relation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type RelationListPage 

type RelationListPage struct {
	// contains filtered or unexported fields
}

RelationListPage contains a page of Relation values.

func NewRelationListPage 

func NewRelationListPage(cur RelationList, getNextPage func(context.Context, RelationList) (RelationList, error)) RelationListPage

Creates a new instance of the RelationListPage type.

func (*RelationListPage) Next 

func (page *RelationListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*RelationListPage) NextWithContext 

func (page *RelationListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (RelationListPage) NotDone 

func (page RelationListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (RelationListPage) Response 

func (page RelationListPage) Response() RelationList

Response returns the raw server response from the last page request.

func (RelationListPage) Values 

func (page RelationListPage) Values() []Relation

Values returns the slice of values for the current page or nil if there are no values.

type RelationNode 

type RelationNode struct {
	// RelationNodeID - Relation Node Id
	RelationNodeID *string `json:"relationNodeId,omitempty"`
	// RelationNodeKind - READ-ONLY; The type of relation node. Possible values include: 'RelationNodeKindCase', 'RelationNodeKindBookmark'
	RelationNodeKind RelationNodeKind `json:"relationNodeKind,omitempty"`
	// Etag - Etag for relation node
	Etag *string `json:"etag,omitempty"`
	// RelationAdditionalProperties - Additional set of properties
	RelationAdditionalProperties map[string]*string `json:"relationAdditionalProperties"`
}

RelationNode relation node

func (RelationNode) MarshalJSON 

func (rn RelationNode) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationNode.

type RelationNodeKind 

type RelationNodeKind string

RelationNodeKind enumerates the values for relation node kind. 

const (
	// RelationNodeKindBookmark Bookmark node part of the relation
	RelationNodeKindBookmark RelationNodeKind = "Bookmark"
	// RelationNodeKindCase Case node part of the relation
	RelationNodeKindCase RelationNodeKind = "Case"
)

func PossibleRelationNodeKindValues 

func PossibleRelationNodeKindValues() []RelationNodeKind

PossibleRelationNodeKindValues returns an array of possible values for the RelationNodeKind const type.

type RelationProperties 

type RelationProperties struct {
	// RelatedResourceID - The resource ID of the related resource
	RelatedResourceID *string `json:"relatedResourceId,omitempty"`
	// RelatedResourceName - READ-ONLY; The name of the related resource
	RelatedResourceName *string `json:"relatedResourceName,omitempty"`
	// RelatedResourceType - READ-ONLY; The resource type of the related resource
	RelatedResourceType *string `json:"relatedResourceType,omitempty"`
	// RelatedResourceKind - READ-ONLY; The resource kind of the related resource
	RelatedResourceKind *string `json:"relatedResourceKind,omitempty"`
}

RelationProperties relation property bag.

func (RelationProperties) MarshalJSON 

func (rp RelationProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationProperties.

type RelationTypes 

type RelationTypes string

RelationTypes enumerates the values for relation types. 

const (
	// CasesToBookmarks Relations between cases and bookmarks
	CasesToBookmarks RelationTypes = "CasesToBookmarks"
)

func PossibleRelationTypesValues 

func PossibleRelationTypesValues() []RelationTypes

PossibleRelationTypesValues returns an array of possible values for the RelationTypes const type.

type RelationsModelInput 

type RelationsModelInput struct {
	// RelationsModelInputProperties - Relation input properties
	*RelationsModelInputProperties `json:"properties,omitempty"`
	// Kind - READ-ONLY; The type of relation node. Possible values include: 'CasesToBookmarks'
	Kind RelationTypes `json:"kind,omitempty"`
	// Etag - ETag for relation
	Etag *string `json:"etag,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

RelationsModelInput relation input model

func (RelationsModelInput) MarshalJSON 

func (rmi RelationsModelInput) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for RelationsModelInput.

func (*RelationsModelInput) UnmarshalJSON 

func (rmi *RelationsModelInput) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for RelationsModelInput struct.

type RelationsModelInputProperties 

type RelationsModelInputProperties struct {
	// RelationName - Name of relation
	RelationName *string `json:"relationName,omitempty"`
	// SourceRelationNode - Relation source node
	SourceRelationNode *RelationNode `json:"sourceRelationNode,omitempty"`
	// TargetRelationNode - Relation target node
	TargetRelationNode *RelationNode `json:"targetRelationNode,omitempty"`
}

RelationsModelInputProperties relation input properties

type Resource 

type Resource struct {
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
}

Resource an azure resource object

type ResourceWithEtag 

type ResourceWithEtag struct {
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

ResourceWithEtag an azure resource object with an Etag property

func (ResourceWithEtag) MarshalJSON 

func (rwe ResourceWithEtag) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ResourceWithEtag.

type ScheduledAlertRule 

type ScheduledAlertRule struct {
	// ScheduledAlertRuleProperties - Scheduled alert rule properties
	*ScheduledAlertRuleProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindAlertRule', 'KindFusion', 'KindMicrosoftSecurityIncidentCreation', 'KindScheduled'
	Kind KindBasicAlertRule `json:"kind,omitempty"`
}

ScheduledAlertRule represents scheduled alert rule.

func (ScheduledAlertRule) AsAlertRule 

func (sar ScheduledAlertRule) AsAlertRule() (*AlertRule, bool)

AsAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsBasicAlertRule 

func (sar ScheduledAlertRule) AsBasicAlertRule() (BasicAlertRule, bool)

AsBasicAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsFusionAlertRule 

func (sar ScheduledAlertRule) AsFusionAlertRule() (*FusionAlertRule, bool)

AsFusionAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule 

func (sar ScheduledAlertRule) AsMicrosoftSecurityIncidentCreationAlertRule() (*MicrosoftSecurityIncidentCreationAlertRule, bool)

AsMicrosoftSecurityIncidentCreationAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) AsScheduledAlertRule 

func (sar ScheduledAlertRule) AsScheduledAlertRule() (*ScheduledAlertRule, bool)

AsScheduledAlertRule is the BasicAlertRule implementation for ScheduledAlertRule.

func (ScheduledAlertRule) MarshalJSON 

func (sar ScheduledAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRule.

func (*ScheduledAlertRule) UnmarshalJSON 

func (sar *ScheduledAlertRule) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ScheduledAlertRule struct.

type ScheduledAlertRuleCommonProperties 

type ScheduledAlertRuleCommonProperties struct {
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
	// EventGroupingSettings - The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
}

ScheduledAlertRuleCommonProperties schedule alert rule template property bag.

type ScheduledAlertRuleProperties 

type ScheduledAlertRuleProperties struct {
	// AlertRuleTemplateName - The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`
	// Description - The description of the alert rule.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`
	// Enabled - Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`
	// LastModifiedUtc - READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUtc *date.Time `json:"lastModifiedUtc,omitempty"`
	// SuppressionDuration - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`
	// SuppressionEnabled - Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`
	// Tactics - The tactics of the alert rule
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// IncidentConfiguration - The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
	// EventGroupingSettings - The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
}

ScheduledAlertRuleProperties scheduled alert rule base property bag.

func (ScheduledAlertRuleProperties) MarshalJSON 

func (sarp ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleProperties.

type ScheduledAlertRuleTemplate 

type ScheduledAlertRuleTemplate struct {
	// ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties
	*ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindBasicAlertRuleTemplateKindAlertRuleTemplate', 'KindBasicAlertRuleTemplateKindFusion', 'KindBasicAlertRuleTemplateKindMicrosoftSecurityIncidentCreation', 'KindBasicAlertRuleTemplateKindScheduled'
	Kind KindBasicAlertRuleTemplate `json:"kind,omitempty"`
}

ScheduledAlertRuleTemplate represents scheduled alert rule template.

func (ScheduledAlertRuleTemplate) AsAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsAlertRuleTemplate() (*AlertRuleTemplate, bool)

AsAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsBasicAlertRuleTemplate() (BasicAlertRuleTemplate, bool)

AsBasicAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsFusionAlertRuleTemplate() (*FusionAlertRuleTemplate, bool)

AsFusionAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsMicrosoftSecurityIncidentCreationAlertRuleTemplate() (*MicrosoftSecurityIncidentCreationAlertRuleTemplate, bool)

AsMicrosoftSecurityIncidentCreationAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate 

func (sart ScheduledAlertRuleTemplate) AsScheduledAlertRuleTemplate() (*ScheduledAlertRuleTemplate, bool)

AsScheduledAlertRuleTemplate is the BasicAlertRuleTemplate implementation for ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) MarshalJSON 

func (sart ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplate.

func (*ScheduledAlertRuleTemplate) UnmarshalJSON 

func (sart *ScheduledAlertRuleTemplate) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ScheduledAlertRuleTemplate struct.

type ScheduledAlertRuleTemplateProperties 

type ScheduledAlertRuleTemplateProperties struct {
	// AlertRulesCreatedByTemplateCount - the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`
	// CreatedDateUTC - READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *date.Time `json:"createdDateUTC,omitempty"`
	// Description - The description of the alert rule template.
	Description *string `json:"description,omitempty"`
	// DisplayName - The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`
	// RequiredDataConnectors - The required data sources for this template
	RequiredDataConnectors *[]AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`
	// Status - The alert rule template status. Possible values include: 'Installed', 'Available', 'NotAvailable'
	Status TemplateStatus `json:"status,omitempty"`
	// Query - The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`
	// QueryFrequency - The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`
	// QueryPeriod - The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`
	// Severity - The severity for alerts created by this alert rule. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// TriggerOperator - The operation against the threshold that triggers alert rule. Possible values include: 'GreaterThan', 'LessThan', 'Equal', 'NotEqual'
	TriggerOperator TriggerOperator `json:"triggerOperator,omitempty"`
	// TriggerThreshold - The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`
	// EventGroupingSettings - The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`
	// Tactics - The tactics of the alert rule template
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
}

ScheduledAlertRuleTemplateProperties scheduled alert rule template properties

func (ScheduledAlertRuleTemplateProperties) MarshalJSON 

func (sart ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ScheduledAlertRuleTemplateProperties.

type SecurityAlert 

type SecurityAlert struct {
	// SecurityAlertProperties - SecurityAlert entity properties
	*SecurityAlertProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

SecurityAlert represents a security alert entity.

func (SecurityAlert) AsAccountEntity 

func (sa SecurityAlert) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsAzureResourceEntity 

func (sa SecurityAlert) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsBasicEntity 

func (sa SecurityAlert) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsCloudApplicationEntity 

func (sa SecurityAlert) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsDNSEntity 

func (sa SecurityAlert) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsEntity 

func (sa SecurityAlert) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsFileEntity 

func (sa SecurityAlert) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsFileHashEntity 

func (sa SecurityAlert) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsHostEntity 

func (sa SecurityAlert) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsHuntingBookmark 

func (sa SecurityAlert) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsIPEntity 

func (sa SecurityAlert) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsIoTDeviceEntity 

func (sa SecurityAlert) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsMalwareEntity 

func (sa SecurityAlert) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsProcessEntity 

func (sa SecurityAlert) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsRegistryKeyEntity 

func (sa SecurityAlert) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsRegistryValueEntity 

func (sa SecurityAlert) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsSecurityAlert 

func (sa SecurityAlert) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsSecurityGroupEntity 

func (sa SecurityAlert) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) AsURLEntity 

func (sa SecurityAlert) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for SecurityAlert.

func (SecurityAlert) MarshalJSON 

func (sa SecurityAlert) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlert.

func (*SecurityAlert) UnmarshalJSON 

func (sa *SecurityAlert) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SecurityAlert struct.

type SecurityAlertProperties 

type SecurityAlertProperties struct {
	// AlertDisplayName - READ-ONLY; The display name of the alert.
	AlertDisplayName *string `json:"alertDisplayName,omitempty"`
	// AlertType - READ-ONLY; The type name of the alert.
	AlertType *string `json:"alertType,omitempty"`
	// CompromisedEntity - READ-ONLY; Display name of the main entity being reported on.
	CompromisedEntity *string `json:"compromisedEntity,omitempty"`
	// ConfidenceLevel - READ-ONLY; The confidence level of this alert. Possible values include: 'ConfidenceLevelUnknown', 'ConfidenceLevelLow', 'ConfidenceLevelHigh'
	ConfidenceLevel ConfidenceLevel `json:"confidenceLevel,omitempty"`
	// ConfidenceReasons - READ-ONLY; The confidence reasons
	ConfidenceReasons *[]SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty"`
	// ConfidenceScore - READ-ONLY; The confidence score of the alert.
	ConfidenceScore *float64 `json:"confidenceScore,omitempty"`
	// ConfidenceScoreStatus - READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: 'NotApplicable', 'InProcess', 'NotFinal', 'Final'
	ConfidenceScoreStatus ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty"`
	// Description - READ-ONLY; Alert description.
	Description *string `json:"description,omitempty"`
	// EndTimeUtc - READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert).
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// Intent - READ-ONLY; Holds the alert intent stage(s) mapping for this alert. Possible values include: 'KillChainIntentUnknown', 'KillChainIntentProbing', 'KillChainIntentExploitation', 'KillChainIntentPersistence', 'KillChainIntentPrivilegeEscalation', 'KillChainIntentDefenseEvasion', 'KillChainIntentCredentialAccess', 'KillChainIntentDiscovery', 'KillChainIntentLateralMovement', 'KillChainIntentExecution', 'KillChainIntentCollection', 'KillChainIntentExfiltration', 'KillChainIntentCommandAndControl', 'KillChainIntentImpact'
	Intent KillChainIntent `json:"intent,omitempty"`
	// ProviderAlertID - READ-ONLY; The identifier of the alert inside the product which generated the alert.
	ProviderAlertID *string `json:"providerAlertId,omitempty"`
	// ProcessingEndTime - READ-ONLY; The time the alert was made available for consumption.
	ProcessingEndTime *date.Time `json:"processingEndTime,omitempty"`
	// ProductComponentName - READ-ONLY; The name of a component inside the product which generated the alert.
	ProductComponentName *string `json:"productComponentName,omitempty"`
	// ProductName - READ-ONLY; The name of the product which published this alert.
	ProductName *string `json:"productName,omitempty"`
	// ProductVersion - READ-ONLY; The version of the product generating the alert.
	ProductVersion *string `json:"productVersion,omitempty"`
	// RemediationSteps - READ-ONLY; Manual action items to take to remediate the alert.
	RemediationSteps *[]string `json:"remediationSteps,omitempty"`
	// Severity - The severity of the alert. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// StartTimeUtc - READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert).
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// Status - READ-ONLY; The lifecycle status of the alert. Possible values include: 'AlertStatusUnknown', 'AlertStatusNew', 'AlertStatusResolved', 'AlertStatusDismissed', 'AlertStatusInProgress'
	Status AlertStatus `json:"status,omitempty"`
	// SystemAlertID - READ-ONLY; Holds the product identifier of the alert for the product.
	SystemAlertID *string `json:"systemAlertId,omitempty"`
	// Tactics - READ-ONLY; The tactics of the alert
	Tactics *[]AttackTactic `json:"tactics,omitempty"`
	// TimeGenerated - READ-ONLY; The time the alert was generated.
	TimeGenerated *date.Time `json:"timeGenerated,omitempty"`
	// VendorName - READ-ONLY; The name of the vendor that raise the alert.
	VendorName *string `json:"vendorName,omitempty"`
	// AlertLink - READ-ONLY; The uri link of the alert.
	AlertLink *string `json:"alertLink,omitempty"`
	// ResourceIdentifiers - READ-ONLY; The list of resource identifiers of the alert.
	ResourceIdentifiers *[]interface{} `json:"resourceIdentifiers,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

SecurityAlertProperties securityAlert entity property bag.

func (SecurityAlertProperties) MarshalJSON 

func (sap SecurityAlertProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlertProperties.

type SecurityAlertPropertiesConfidenceReasonsItem 

type SecurityAlertPropertiesConfidenceReasonsItem struct {
	// Reason - READ-ONLY; The reason's description
	Reason *string `json:"reason,omitempty"`
	// ReasonType - READ-ONLY; The type (category) of the reason
	ReasonType *string `json:"reasonType,omitempty"`
}

SecurityAlertPropertiesConfidenceReasonsItem confidence reason item

type SecurityAlertTimelineItem 

type SecurityAlertTimelineItem struct {
	// AzureResourceID - The alert azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`
	// ProductName - The alert product name.
	ProductName *string `json:"productName,omitempty"`
	// DisplayName - The alert name.
	DisplayName *string `json:"displayName,omitempty"`
	// Severity - The alert severity. Possible values include: 'High', 'Medium', 'Low', 'Informational'
	Severity AlertSeverity `json:"severity,omitempty"`
	// EndTimeUtc - The alert end time.
	EndTimeUtc *date.Time `json:"endTimeUtc,omitempty"`
	// StartTimeUtc - The alert start time.
	StartTimeUtc *date.Time `json:"startTimeUtc,omitempty"`
	// TimeGenerated - The alert generated time.
	TimeGenerated *date.Time `json:"timeGenerated,omitempty"`
	// AlertType - The name of the alert type.
	AlertType *string `json:"alertType,omitempty"`
	// Kind - Possible values include: 'KindBasicEntityTimelineItemKindEntityTimelineItem', 'KindBasicEntityTimelineItemKindActivity', 'KindBasicEntityTimelineItemKindSecurityAlert', 'KindBasicEntityTimelineItemKindBookmark'
	Kind KindBasicEntityTimelineItem `json:"kind,omitempty"`
}

SecurityAlertTimelineItem represents security alert timeline item.

func (SecurityAlertTimelineItem) AsActivityTimelineItem 

func (sati SecurityAlertTimelineItem) AsActivityTimelineItem() (*ActivityTimelineItem, bool)

AsActivityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsBasicEntityTimelineItem 

func (sati SecurityAlertTimelineItem) AsBasicEntityTimelineItem() (BasicEntityTimelineItem, bool)

AsBasicEntityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsBookmarkTimelineItem 

func (sati SecurityAlertTimelineItem) AsBookmarkTimelineItem() (*BookmarkTimelineItem, bool)

AsBookmarkTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsEntityTimelineItem 

func (sati SecurityAlertTimelineItem) AsEntityTimelineItem() (*EntityTimelineItem, bool)

AsEntityTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) AsSecurityAlertTimelineItem 

func (sati SecurityAlertTimelineItem) AsSecurityAlertTimelineItem() (*SecurityAlertTimelineItem, bool)

AsSecurityAlertTimelineItem is the BasicEntityTimelineItem implementation for SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) MarshalJSON 

func (sati SecurityAlertTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityAlertTimelineItem.

type SecurityGroupEntity 

type SecurityGroupEntity struct {
	// SecurityGroupEntityProperties - SecurityGroup entity properties
	*SecurityGroupEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

SecurityGroupEntity represents a security group entity.

func (SecurityGroupEntity) AsAccountEntity 

func (sge SecurityGroupEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsAzureResourceEntity 

func (sge SecurityGroupEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsBasicEntity 

func (sge SecurityGroupEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsCloudApplicationEntity 

func (sge SecurityGroupEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsDNSEntity 

func (sge SecurityGroupEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsEntity 

func (sge SecurityGroupEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsFileEntity 

func (sge SecurityGroupEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsFileHashEntity 

func (sge SecurityGroupEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsHostEntity 

func (sge SecurityGroupEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsHuntingBookmark 

func (sge SecurityGroupEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsIPEntity 

func (sge SecurityGroupEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsIoTDeviceEntity 

func (sge SecurityGroupEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsMalwareEntity 

func (sge SecurityGroupEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsProcessEntity 

func (sge SecurityGroupEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsRegistryKeyEntity 

func (sge SecurityGroupEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsRegistryValueEntity 

func (sge SecurityGroupEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsSecurityAlert 

func (sge SecurityGroupEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsSecurityGroupEntity 

func (sge SecurityGroupEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) AsURLEntity 

func (sge SecurityGroupEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for SecurityGroupEntity.

func (SecurityGroupEntity) MarshalJSON 

func (sge SecurityGroupEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityGroupEntity.

func (*SecurityGroupEntity) UnmarshalJSON 

func (sge *SecurityGroupEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SecurityGroupEntity struct.

type SecurityGroupEntityProperties 

type SecurityGroupEntityProperties struct {
	// DistinguishedName - READ-ONLY; The group distinguished name
	DistinguishedName *string `json:"distinguishedName,omitempty"`
	// ObjectGUID - READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *uuid.UUID `json:"objectGuid,omitempty"`
	// Sid - READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group
	Sid *string `json:"sid,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

SecurityGroupEntityProperties securityGroup entity property bag.

func (SecurityGroupEntityProperties) MarshalJSON 

func (sgep SecurityGroupEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for SecurityGroupEntityProperties.

type SettingKind 

type SettingKind string

SettingKind enumerates the values for setting kind. 

const (
	// SettingKindEntityAnalytics ...
	SettingKindEntityAnalytics SettingKind = "EntityAnalytics"
	// SettingKindEyesOn ...
	SettingKindEyesOn SettingKind = "EyesOn"
	// SettingKindUeba ...
	SettingKindUeba SettingKind = "Ueba"
)

func PossibleSettingKindValues 

func PossibleSettingKindValues() []SettingKind

PossibleSettingKindValues returns an array of possible values for the SettingKind const type.

type SettingList 

type SettingList struct {
	autorest.Response `json:"-"`
	// Value - Array of settings.
	Value *[]BasicSettings `json:"value,omitempty"`
}

SettingList list of all the settings.

func (*SettingList) UnmarshalJSON 

func (sl *SettingList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SettingList struct.

type Settings 

type Settings struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

Settings the Setting.

func (Settings) AsBasicSettings 

func (s Settings) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for Settings.

func (Settings) AsEntityAnalytics 

func (s Settings) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for Settings.

func (Settings) AsEyesOn 

func (s Settings) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for Settings.

func (Settings) AsSettings 

func (s Settings) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for Settings.

func (Settings) AsUeba 

func (s Settings) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for Settings.

func (Settings) MarshalJSON 

func (s Settings) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Settings.

type SettingsKind 

type SettingsKind struct {
	// Kind - The kind of the setting. Possible values include: 'SettingKindEyesOn', 'SettingKindEntityAnalytics', 'SettingKindUeba'
	Kind SettingKind `json:"kind,omitempty"`
}

SettingsKind describes an Azure resource with kind.

type SettingsModel 

type SettingsModel struct {
	autorest.Response `json:"-"`
	Value             BasicSettings `json:"value,omitempty"`
}

SettingsModel ...

func (*SettingsModel) UnmarshalJSON 

func (sm *SettingsModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for SettingsModel struct.

type Source 

type Source string

Source enumerates the values for source. 

const (
	// Localfile ...
	Localfile Source = "Local file"
	// Remotestorage ...
	Remotestorage Source = "Remote storage"
)

func PossibleSourceValues 

func PossibleSourceValues() []Source

PossibleSourceValues returns an array of possible values for the Source const type.

type TICheckRequirements 

type TICheckRequirements struct {
	// TICheckRequirementsProperties - Threat Intelligence Platforms data connector check required properties
	*TICheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

TICheckRequirements threat Intelligence Platforms data connector check requirements

func (TICheckRequirements) AsAADCheckRequirements 

func (tcr TICheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsAATPCheckRequirements 

func (tcr TICheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsASCCheckRequirements 

func (tcr TICheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsAwsCloudTrailCheckRequirements 

func (tcr TICheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (tcr TICheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsDataConnectorsCheckRequirements 

func (tcr TICheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsMCASCheckRequirements 

func (tcr TICheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsMDATPCheckRequirements 

func (tcr TICheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsOfficeATPCheckRequirements 

func (tcr TICheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsTICheckRequirements 

func (tcr TICheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) AsTiTaxiiCheckRequirements 

func (tcr TICheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TICheckRequirements.

func (TICheckRequirements) MarshalJSON 

func (tcr TICheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TICheckRequirements.

func (*TICheckRequirements) UnmarshalJSON 

func (tcr *TICheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TICheckRequirements struct.

type TICheckRequirementsProperties 

type TICheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TICheckRequirementsProperties threat Intelligence Platforms data connector required properties.

type TIDataConnector 

type TIDataConnector struct {
	// TIDataConnectorProperties - Threat Intelligence Platforms data connector properties.
	*TIDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

TIDataConnector data connector to pull threat intelligence data from TIP products.

func (TIDataConnector) AsAADDataConnector 

func (tdc TIDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAATPDataConnector 

func (tdc TIDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsASCDataConnector 

func (tdc TIDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsAwsCloudTrailDataConnector 

func (tdc TIDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsBasicDataConnector 

func (tdc TIDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsDataConnector 

func (tdc TIDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMCASDataConnector 

func (tdc TIDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsMDATPDataConnector 

func (tdc TIDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsOfficeATPDataConnector 

func (tdc TIDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsOfficeDataConnector 

func (tdc TIDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsTIDataConnector 

func (tdc TIDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) AsTiTaxiiDataConnector 

func (tdc TIDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for TIDataConnector.

func (TIDataConnector) MarshalJSON 

func (tdc TIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TIDataConnector.

func (*TIDataConnector) UnmarshalJSON 

func (tdc *TIDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TIDataConnector struct.

type TIDataConnectorDataTypes 

type TIDataConnectorDataTypes struct {
	// Indicators - Data type for Threat Intelligence Platforms data connector.
	Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"`
}

TIDataConnectorDataTypes the available data types for Threat Intelligence Platforms data connector.

type TIDataConnectorDataTypesIndicators 

type TIDataConnectorDataTypesIndicators struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

TIDataConnectorDataTypesIndicators data type for Threat Intelligence Platforms data connector.

type TIDataConnectorProperties 

type TIDataConnectorProperties struct {
	// DataTypes - The available data types for the connector.
	DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TIDataConnectorProperties threat Intelligence Platforms data connector properties.

type TemplateStatus 

type TemplateStatus string

TemplateStatus enumerates the values for template status. 

const (
	// Available Alert rule template is available.
	Available TemplateStatus = "Available"
	// Installed Alert rule template installed. and can not use more then once
	Installed TemplateStatus = "Installed"
	// NotAvailable Alert rule template is not available
	NotAvailable TemplateStatus = "NotAvailable"
)

func PossibleTemplateStatusValues 

func PossibleTemplateStatusValues() []TemplateStatus

PossibleTemplateStatusValues returns an array of possible values for the TemplateStatus const type.

type ThreatIntelligence 

type ThreatIntelligence struct {
	// Confidence - READ-ONLY; Confidence (must be between 0 and 1)
	Confidence *float64 `json:"confidence,omitempty"`
	// ProviderName - READ-ONLY; Name of the provider from whom this Threat Intelligence information was received
	ProviderName *string `json:"providerName,omitempty"`
	// ReportLink - READ-ONLY; Report link
	ReportLink *string `json:"reportLink,omitempty"`
	// ThreatDescription - READ-ONLY; Threat description (free text)
	ThreatDescription *string `json:"threatDescription,omitempty"`
	// ThreatName - READ-ONLY; Threat name (e.g. "Jedobot malware")
	ThreatName *string `json:"threatName,omitempty"`
	// ThreatType - READ-ONLY; Threat type (e.g. "Botnet")
	ThreatType *string `json:"threatType,omitempty"`
}

ThreatIntelligence threatIntelligence property bag.

type ThreatIntelligenceAppendTags 

type ThreatIntelligenceAppendTags struct {
	// ThreatIntelligenceTags - List of tags to be appended.
	ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"`
}

ThreatIntelligenceAppendTags array of tags to be appended to the threat intelligence indicator.

type ThreatIntelligenceFilteringCriteria 

type ThreatIntelligenceFilteringCriteria struct {
	// PageSize - Page size
	PageSize *int32 `json:"pageSize,omitempty"`
	// MinConfidence - Minimum confidence.
	MinConfidence *int32 `json:"minConfidence,omitempty"`
	// MaxConfidence - Maximum confidence.
	MaxConfidence *int32 `json:"maxConfidence,omitempty"`
	// MinValidUntil - Start time for ValidUntil filter.
	MinValidUntil *string `json:"minValidUntil,omitempty"`
	// MaxValidUntil - End time for ValidUntil filter.
	MaxValidUntil *string `json:"maxValidUntil,omitempty"`
	// IncludeDisabled - Parameter to include/exclude disabled indicators.
	IncludeDisabled *bool `json:"includeDisabled,omitempty"`
	// SortBy - Columns to sort by and sorting order
	SortBy *[]ThreatIntelligenceSortingCriteria1 `json:"sortBy,omitempty"`
	// Sources - Sources of threat intelligence indicators
	Sources *[]string `json:"sources,omitempty"`
	// PatternTypes - Pattern types
	PatternTypes *[]string `json:"patternTypes,omitempty"`
	// ThreatTypes - Threat types of threat intelligence indicators
	ThreatTypes *[]string `json:"threatTypes,omitempty"`
	// Ids - Ids of threat intelligence indicators
	Ids *[]string `json:"ids,omitempty"`
	// Keywords - Keywords for searching threat intelligence indicators
	Keywords *[]string `json:"keywords,omitempty"`
	// SkipToken - Skip token.
	SkipToken *string `json:"skipToken,omitempty"`
}

ThreatIntelligenceFilteringCriteria filtering criteria for querying threat intelligence indicators.

type ThreatIntelligenceGranularMarkingModel 

type ThreatIntelligenceGranularMarkingModel struct {
	// Language - Language granular marking model
	Language *string `json:"language,omitempty"`
	// MarkingRef - marking reference granular marking model
	MarkingRef *int32 `json:"markingRef,omitempty"`
	// Selectors - granular marking model selectors
	Selectors *[]string `json:"selectors,omitempty"`
}

ThreatIntelligenceGranularMarkingModel describes threat granular marking model entity

type ThreatIntelligenceIndicatorClient 

type ThreatIntelligenceIndicatorClient struct {
	BaseClient
}

ThreatIntelligenceIndicatorClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewThreatIntelligenceIndicatorClient 

func NewThreatIntelligenceIndicatorClient(subscriptionID string) ThreatIntelligenceIndicatorClient

NewThreatIntelligenceIndicatorClient creates an instance of the ThreatIntelligenceIndicatorClient client.

func NewThreatIntelligenceIndicatorClientWithBaseURI 

func NewThreatIntelligenceIndicatorClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorClient

NewThreatIntelligenceIndicatorClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ThreatIntelligenceIndicatorClient) AppendTags 

func (client ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags) (result autorest.Response, err error)

AppendTags append tags to a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceAppendTags - the threat intelligence append tags request body

func (ThreatIntelligenceIndicatorClient) AppendTagsPreparer 

func (client ThreatIntelligenceIndicatorClient) AppendTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags) (*http.Request, error)

AppendTagsPreparer prepares the AppendTags request.

func (ThreatIntelligenceIndicatorClient) AppendTagsResponder 

func (client ThreatIntelligenceIndicatorClient) AppendTagsResponder(resp *http.Response) (result autorest.Response, err error)

AppendTagsResponder handles the response to the AppendTags request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) AppendTagsSender 

func (client ThreatIntelligenceIndicatorClient) AppendTagsSender(req *http.Request) (*http.Response, error)

AppendTagsSender sends the AppendTags request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) Create 

func (client ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)

Create update a threat Intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceProperties - properties of threat intelligence indicators to create and update.

func (ThreatIntelligenceIndicatorClient) CreateIndicator 

func (client ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)

CreateIndicator create a new threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. threatIntelligenceProperties - properties of threat intelligence indicators to create and update.

func (ThreatIntelligenceIndicatorClient) CreateIndicatorPreparer 

func (client ThreatIntelligenceIndicatorClient) CreateIndicatorPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)

CreateIndicatorPreparer prepares the CreateIndicator request.

func (ThreatIntelligenceIndicatorClient) CreateIndicatorResponder 

func (client ThreatIntelligenceIndicatorClient) CreateIndicatorResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

CreateIndicatorResponder handles the response to the CreateIndicator request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) CreateIndicatorSender 

func (client ThreatIntelligenceIndicatorClient) CreateIndicatorSender(req *http.Request) (*http.Response, error)

CreateIndicatorSender sends the CreateIndicator request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) CreatePreparer 

func (client ThreatIntelligenceIndicatorClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)

CreatePreparer prepares the Create request.

func (ThreatIntelligenceIndicatorClient) CreateResponder 

func (client ThreatIntelligenceIndicatorClient) CreateResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

CreateResponder handles the response to the Create request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) CreateSender 

func (client ThreatIntelligenceIndicatorClient) CreateSender(req *http.Request) (*http.Response, error)

CreateSender sends the Create request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) Delete 

func (client ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result autorest.Response, err error)

Delete delete a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field.

func (ThreatIntelligenceIndicatorClient) DeletePreparer 

func (client ThreatIntelligenceIndicatorClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (ThreatIntelligenceIndicatorClient) DeleteResponder 

func (client ThreatIntelligenceIndicatorClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) DeleteSender 

func (client ThreatIntelligenceIndicatorClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) Get 

func (client ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (result ThreatIntelligenceInformationModel, err error)

Get view a threat intelligence indicator by name. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field.

func (ThreatIntelligenceIndicatorClient) GetPreparer 

func (client ThreatIntelligenceIndicatorClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string) (*http.Request, error)

GetPreparer prepares the Get request.

func (ThreatIntelligenceIndicatorClient) GetResponder 

func (client ThreatIntelligenceIndicatorClient) GetResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) GetSender 

func (client ThreatIntelligenceIndicatorClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) QueryIndicators 

func (client ThreatIntelligenceIndicatorClient) QueryIndicators(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (result ThreatIntelligenceInformationListPage, err error)

QueryIndicators query threat intelligence indicators as per filtering criteria. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. threatIntelligenceFilteringCriteria - filtering criteria for querying threat intelligence indicators.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsComplete 

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (result ThreatIntelligenceInformationListIterator, err error)

QueryIndicatorsComplete enumerates all values, automatically crossing page boundaries as required.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsPreparer 

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria) (*http.Request, error)

QueryIndicatorsPreparer prepares the QueryIndicators request.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsResponder 

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsResponder(resp *http.Response) (result ThreatIntelligenceInformationList, err error)

QueryIndicatorsResponder handles the response to the QueryIndicators request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) QueryIndicatorsSender 

func (client ThreatIntelligenceIndicatorClient) QueryIndicatorsSender(req *http.Request) (*http.Response, error)

QueryIndicatorsSender sends the QueryIndicators request. The method will close the http.Response Body if it receives an error.

func (ThreatIntelligenceIndicatorClient) ReplaceTags 

func (client ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody) (result ThreatIntelligenceInformationModel, err error)

ReplaceTags replace tags added to a threat intelligence indicator. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. name - threat intelligence indicator name field. threatIntelligenceReplaceTags - tags in the threat intelligence indicator to be replaced.

func (ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer 

func (client ThreatIntelligenceIndicatorClient) ReplaceTagsPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModelForRequestBody) (*http.Request, error)

ReplaceTagsPreparer prepares the ReplaceTags request.

func (ThreatIntelligenceIndicatorClient) ReplaceTagsResponder 

func (client ThreatIntelligenceIndicatorClient) ReplaceTagsResponder(resp *http.Response) (result ThreatIntelligenceInformationModel, err error)

ReplaceTagsResponder handles the response to the ReplaceTags request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorClient) ReplaceTagsSender 

func (client ThreatIntelligenceIndicatorClient) ReplaceTagsSender(req *http.Request) (*http.Response, error)

ReplaceTagsSender sends the ReplaceTags request. The method will close the http.Response Body if it receives an error.

type ThreatIntelligenceIndicatorMetricsClient 

type ThreatIntelligenceIndicatorMetricsClient struct {
	BaseClient
}

ThreatIntelligenceIndicatorMetricsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewThreatIntelligenceIndicatorMetricsClient 

func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string) ThreatIntelligenceIndicatorMetricsClient

NewThreatIntelligenceIndicatorMetricsClient creates an instance of the ThreatIntelligenceIndicatorMetricsClient client.

func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI 

func NewThreatIntelligenceIndicatorMetricsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorMetricsClient

NewThreatIntelligenceIndicatorMetricsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorMetricsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ThreatIntelligenceIndicatorMetricsClient) List 

func (client ThreatIntelligenceIndicatorMetricsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result ThreatIntelligenceMetricsList, err error)

List get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (ThreatIntelligenceIndicatorMetricsClient) ListPreparer 

func (client ThreatIntelligenceIndicatorMetricsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (ThreatIntelligenceIndicatorMetricsClient) ListResponder 

func (client ThreatIntelligenceIndicatorMetricsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceMetricsList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorMetricsClient) ListSender 

func (client ThreatIntelligenceIndicatorMetricsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type ThreatIntelligenceIndicatorModel 

type ThreatIntelligenceIndicatorModel struct {
	// ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties
	*ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindThreatIntelligenceInformation', 'KindIndicator'
	Kind KindBasicThreatIntelligenceInformation `json:"kind,omitempty"`
}

ThreatIntelligenceIndicatorModel threat intelligence indicator entity.

func (ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceInformation 

func (tiim ThreatIntelligenceIndicatorModel) AsBasicThreatIntelligenceInformation() (BasicThreatIntelligenceInformation, bool)

AsBasicThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel 

func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)

AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) AsThreatIntelligenceInformation 

func (tiim ThreatIntelligenceIndicatorModel) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)

AsThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) MarshalJSON 

func (tiim ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModel.

func (*ThreatIntelligenceIndicatorModel) UnmarshalJSON 

func (tiim *ThreatIntelligenceIndicatorModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModel struct.

type ThreatIntelligenceIndicatorModelForRequestBody 

type ThreatIntelligenceIndicatorModelForRequestBody struct {
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// ThreatIntelligenceIndicatorProperties - Threat Intelligence Entity properties
	*ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"`
	// Kind - The kind of the entity.
	Kind *string `json:"kind,omitempty"`
}

ThreatIntelligenceIndicatorModelForRequestBody threat intelligence indicator entity used in request body.

func (ThreatIntelligenceIndicatorModelForRequestBody) MarshalJSON 

func (tiimfrb ThreatIntelligenceIndicatorModelForRequestBody) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorModelForRequestBody.

func (*ThreatIntelligenceIndicatorModelForRequestBody) UnmarshalJSON 

func (tiimfrb *ThreatIntelligenceIndicatorModelForRequestBody) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceIndicatorModelForRequestBody struct.

type ThreatIntelligenceIndicatorProperties 

type ThreatIntelligenceIndicatorProperties struct {
	// ThreatIntelligenceTags - List of tags
	ThreatIntelligenceTags *[]string `json:"threatIntelligenceTags,omitempty"`
	// LastUpdatedTimeUtc - Last updated time in UTC
	LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"`
	// Source - Source of a threat intelligence entity
	Source *string `json:"source,omitempty"`
	// DisplayName - Display name of a threat intelligence entity
	DisplayName *string `json:"displayName,omitempty"`
	// Description - Description of a threat intelligence entity
	Description *string `json:"description,omitempty"`
	// IndicatorTypes - Indicator types of threat intelligence entities
	IndicatorTypes *[]string `json:"indicatorTypes,omitempty"`
	// Pattern - Pattern of a threat intelligence entity
	Pattern *string `json:"pattern,omitempty"`
	// PatternType - Pattern type of a threat intelligence entity
	PatternType *string `json:"patternType,omitempty"`
	// KillChainPhases - Kill chain phases
	KillChainPhases *[]ThreatIntelligenceKillChainPhase `json:"killChainPhases,omitempty"`
	// ExternalID - External ID of threat intelligence entity
	ExternalID *string `json:"externalId,omitempty"`
	// CreatedByRef - Created by reference of threat intelligence entity
	CreatedByRef *string `json:"createdByRef,omitempty"`
	// ExternalReferences - External References
	ExternalReferences *[]string `json:"externalReferences,omitempty"`
	// GranularMarkings - Granular Markings
	GranularMarkings *[]ThreatIntelligenceGranularMarkingModel `json:"granularMarkings,omitempty"`
	// Revoked - Is threat intelligence entity revoked
	Revoked *bool `json:"revoked,omitempty"`
	// Confidence - Confidence of threat intelligence entity
	Confidence *int32 `json:"confidence,omitempty"`
	// Labels - Labels  of threat intelligence entity
	Labels *[]string `json:"labels,omitempty"`
	// ThreatTypes - Threat types
	ThreatTypes *[]string `json:"threatTypes,omitempty"`
	// ValidFrom - Valid from
	ValidFrom *string `json:"validFrom,omitempty"`
	// ValidUntil - Valid until
	ValidUntil *string `json:"validUntil,omitempty"`
	// Created - Created by
	Created *string `json:"created,omitempty"`
	// Modified - Modified by
	Modified *string `json:"modified,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

ThreatIntelligenceIndicatorProperties describes threat intelligence entity properties

func (ThreatIntelligenceIndicatorProperties) MarshalJSON 

func (tiip ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceIndicatorProperties.

type ThreatIntelligenceIndicatorsClient 

type ThreatIntelligenceIndicatorsClient struct {
	BaseClient
}

ThreatIntelligenceIndicatorsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewThreatIntelligenceIndicatorsClient 

func NewThreatIntelligenceIndicatorsClient(subscriptionID string) ThreatIntelligenceIndicatorsClient

NewThreatIntelligenceIndicatorsClient creates an instance of the ThreatIntelligenceIndicatorsClient client.

func NewThreatIntelligenceIndicatorsClientWithBaseURI 

func NewThreatIntelligenceIndicatorsClientWithBaseURI(baseURI string, subscriptionID string) ThreatIntelligenceIndicatorsClient

NewThreatIntelligenceIndicatorsClientWithBaseURI creates an instance of the ThreatIntelligenceIndicatorsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (ThreatIntelligenceIndicatorsClient) List 

func (client ThreatIntelligenceIndicatorsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceInformationListPage, err error)

List get all threat intelligence indicators. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. filter - filters the results, based on a Boolean condition. Optional. top - returns only the first n results. Optional. skipToken - skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. orderby - sorts the results. Optional.

func (ThreatIntelligenceIndicatorsClient) ListComplete 

func (client ThreatIntelligenceIndicatorsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (result ThreatIntelligenceInformationListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (ThreatIntelligenceIndicatorsClient) ListPreparer 

func (client ThreatIntelligenceIndicatorsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, filter string, top *int32, skipToken string, orderby string) (*http.Request, error)

ListPreparer prepares the List request.

func (ThreatIntelligenceIndicatorsClient) ListResponder 

func (client ThreatIntelligenceIndicatorsClient) ListResponder(resp *http.Response) (result ThreatIntelligenceInformationList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (ThreatIntelligenceIndicatorsClient) ListSender 

func (client ThreatIntelligenceIndicatorsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

type ThreatIntelligenceInformation 

type ThreatIntelligenceInformation struct {
	autorest.Response `json:"-"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindThreatIntelligenceInformation', 'KindIndicator'
	Kind KindBasicThreatIntelligenceInformation `json:"kind,omitempty"`
}

ThreatIntelligenceInformation threat intelligence information object.

func (ThreatIntelligenceInformation) AsBasicThreatIntelligenceInformation 

func (tii ThreatIntelligenceInformation) AsBasicThreatIntelligenceInformation() (BasicThreatIntelligenceInformation, bool)

AsBasicThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) AsThreatIntelligenceIndicatorModel 

func (tii ThreatIntelligenceInformation) AsThreatIntelligenceIndicatorModel() (*ThreatIntelligenceIndicatorModel, bool)

AsThreatIntelligenceIndicatorModel is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) AsThreatIntelligenceInformation 

func (tii ThreatIntelligenceInformation) AsThreatIntelligenceInformation() (*ThreatIntelligenceInformation, bool)

AsThreatIntelligenceInformation is the BasicThreatIntelligenceInformation implementation for ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) MarshalJSON 

func (tii ThreatIntelligenceInformation) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceInformation.

type ThreatIntelligenceInformationList 

type ThreatIntelligenceInformationList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of information objects.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of threat intelligence information objects.
	Value *[]BasicThreatIntelligenceInformation `json:"value,omitempty"`
}

ThreatIntelligenceInformationList list of all the threat intelligence information objects.

func (ThreatIntelligenceInformationList) IsEmpty 

func (tiil ThreatIntelligenceInformationList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (ThreatIntelligenceInformationList) MarshalJSON 

func (tiil ThreatIntelligenceInformationList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for ThreatIntelligenceInformationList.

func (*ThreatIntelligenceInformationList) UnmarshalJSON 

func (tiil *ThreatIntelligenceInformationList) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceInformationList struct.

type ThreatIntelligenceInformationListIterator 

type ThreatIntelligenceInformationListIterator struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceInformationListIterator provides access to a complete listing of ThreatIntelligenceInformation values.

func NewThreatIntelligenceInformationListIterator 

func NewThreatIntelligenceInformationListIterator(page ThreatIntelligenceInformationListPage) ThreatIntelligenceInformationListIterator

Creates a new instance of the ThreatIntelligenceInformationListIterator type.

func (*ThreatIntelligenceInformationListIterator) Next 

func (iter *ThreatIntelligenceInformationListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ThreatIntelligenceInformationListIterator) NextWithContext 

func (iter *ThreatIntelligenceInformationListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (ThreatIntelligenceInformationListIterator) NotDone 

func (iter ThreatIntelligenceInformationListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (ThreatIntelligenceInformationListIterator) Response 

func (iter ThreatIntelligenceInformationListIterator) Response() ThreatIntelligenceInformationList

Response returns the raw server response from the last page request.

func (ThreatIntelligenceInformationListIterator) Value 

func (iter ThreatIntelligenceInformationListIterator) Value() BasicThreatIntelligenceInformation

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type ThreatIntelligenceInformationListPage 

type ThreatIntelligenceInformationListPage struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceInformationListPage contains a page of BasicThreatIntelligenceInformation values.

func NewThreatIntelligenceInformationListPage 

func NewThreatIntelligenceInformationListPage(cur ThreatIntelligenceInformationList, getNextPage func(context.Context, ThreatIntelligenceInformationList) (ThreatIntelligenceInformationList, error)) ThreatIntelligenceInformationListPage

Creates a new instance of the ThreatIntelligenceInformationListPage type.

func (*ThreatIntelligenceInformationListPage) Next 

func (page *ThreatIntelligenceInformationListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*ThreatIntelligenceInformationListPage) NextWithContext 

func (page *ThreatIntelligenceInformationListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (ThreatIntelligenceInformationListPage) NotDone 

func (page ThreatIntelligenceInformationListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (ThreatIntelligenceInformationListPage) Response 

func (page ThreatIntelligenceInformationListPage) Response() ThreatIntelligenceInformationList

Response returns the raw server response from the last page request.

func (ThreatIntelligenceInformationListPage) Values 

func (page ThreatIntelligenceInformationListPage) Values() []BasicThreatIntelligenceInformation

Values returns the slice of values for the current page or nil if there are no values.

type ThreatIntelligenceInformationModel 

type ThreatIntelligenceInformationModel struct {
	autorest.Response `json:"-"`
	Value             BasicThreatIntelligenceInformation `json:"value,omitempty"`
}

ThreatIntelligenceInformationModel ...

func (*ThreatIntelligenceInformationModel) UnmarshalJSON 

func (tiim *ThreatIntelligenceInformationModel) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for ThreatIntelligenceInformationModel struct.

type ThreatIntelligenceKillChainPhase 

type ThreatIntelligenceKillChainPhase struct {
	// KillChainName - Kill chainName name
	KillChainName *string `json:"killChainName,omitempty"`
	// PhaseName - Phase name
	PhaseName *int32 `json:"phaseName,omitempty"`
}

ThreatIntelligenceKillChainPhase describes threat kill chain phase entity

type ThreatIntelligenceMetric 

type ThreatIntelligenceMetric struct {
	// LastUpdatedTimeUtc - Last updated indicator metric
	LastUpdatedTimeUtc *string `json:"lastUpdatedTimeUtc,omitempty"`
	// ThreatTypeMetrics - Threat type metrics
	ThreatTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"threatTypeMetrics,omitempty"`
	// PatternTypeMetrics - Pattern type metrics
	PatternTypeMetrics *[]ThreatIntelligenceMetricEntity `json:"patternTypeMetrics,omitempty"`
	// SourceMetrics - Source metrics
	SourceMetrics *[]ThreatIntelligenceMetricEntity `json:"sourceMetrics,omitempty"`
}

ThreatIntelligenceMetric describes threat intelligence metric

type ThreatIntelligenceMetricEntity 

type ThreatIntelligenceMetricEntity struct {
	// MetricName - Metric name
	MetricName *string `json:"metricName,omitempty"`
	// MetricValue - Metric value
	MetricValue *int32 `json:"metricValue,omitempty"`
}

ThreatIntelligenceMetricEntity describes threat intelligence metric entity

type ThreatIntelligenceMetrics 

type ThreatIntelligenceMetrics struct {
	// Properties - Threat intelligence metrics.
	Properties *ThreatIntelligenceMetric `json:"properties,omitempty"`
}

ThreatIntelligenceMetrics threat intelligence metrics.

type ThreatIntelligenceMetricsList 

type ThreatIntelligenceMetricsList struct {
	autorest.Response `json:"-"`
	// Value - Array of threat intelligence metric fields (type/threat type/source).
	Value *[]ThreatIntelligenceMetrics `json:"value,omitempty"`
}

ThreatIntelligenceMetricsList list of all the threat intelligence metric fields (type/threat type/source).

type ThreatIntelligenceResourceKind 

type ThreatIntelligenceResourceKind string

ThreatIntelligenceResourceKind enumerates the values for threat intelligence resource kind. 

const (
	// Indicator Entity represents threat intelligence indicator in the system.
	Indicator ThreatIntelligenceResourceKind = "indicator"
)

func PossibleThreatIntelligenceResourceKindValues 

func PossibleThreatIntelligenceResourceKindValues() []ThreatIntelligenceResourceKind

PossibleThreatIntelligenceResourceKindValues returns an array of possible values for the ThreatIntelligenceResourceKind const type.

type ThreatIntelligenceResourceKind1 

type ThreatIntelligenceResourceKind1 struct {
	// Kind - The kind of the entity.
	Kind *string `json:"kind,omitempty"`
}

ThreatIntelligenceResourceKind1 describes an entity with kind.

type ThreatIntelligenceSortingCriteria 

type ThreatIntelligenceSortingCriteria string

ThreatIntelligenceSortingCriteria enumerates the values for threat intelligence sorting criteria. 

const (
	// Ascending ...
	Ascending ThreatIntelligenceSortingCriteria = "ascending"
	// Descending ...
	Descending ThreatIntelligenceSortingCriteria = "descending"
	// Unsorted ...
	Unsorted ThreatIntelligenceSortingCriteria = "unsorted"
)

func PossibleThreatIntelligenceSortingCriteriaValues 

func PossibleThreatIntelligenceSortingCriteriaValues() []ThreatIntelligenceSortingCriteria

PossibleThreatIntelligenceSortingCriteriaValues returns an array of possible values for the ThreatIntelligenceSortingCriteria const type.

type ThreatIntelligenceSortingCriteria1 

type ThreatIntelligenceSortingCriteria1 struct {
	// ItemKey - Column name
	ItemKey *string `json:"itemKey,omitempty"`
	// SortOrder - Sorting order (ascending/descending/unsorted). Possible values include: 'Unsorted', 'Ascending', 'Descending'
	SortOrder ThreatIntelligenceSortingCriteria `json:"sortOrder,omitempty"`
}

ThreatIntelligenceSortingCriteria1 list of available columns for sorting

type TiTaxiiCheckRequirements 

type TiTaxiiCheckRequirements struct {
	// TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII check required properties.
	*TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"`
	// Kind - Possible values include: 'KindBasicDataConnectorsCheckRequirementsKindDataConnectorsCheckRequirements', 'KindBasicDataConnectorsCheckRequirementsKindAzureActiveDirectory', 'KindBasicDataConnectorsCheckRequirementsKindAzureAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindAzureSecurityCenter', 'KindBasicDataConnectorsCheckRequirementsKindAmazonWebServicesCloudTrail', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftCloudAppSecurity', 'KindBasicDataConnectorsCheckRequirementsKindMicrosoftDefenderAdvancedThreatProtection', 'KindBasicDataConnectorsCheckRequirementsKindOfficeATP', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligence', 'KindBasicDataConnectorsCheckRequirementsKindThreatIntelligenceTaxii'
	Kind KindBasicDataConnectorsCheckRequirements `json:"kind,omitempty"`
}

TiTaxiiCheckRequirements threat Intelligence TAXII data connector check requirements

func (TiTaxiiCheckRequirements) AsAADCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsAADCheckRequirements() (*AADCheckRequirements, bool)

AsAADCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsAATPCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsAATPCheckRequirements() (*AATPCheckRequirements, bool)

AsAATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsASCCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsASCCheckRequirements() (*ASCCheckRequirements, bool)

AsASCCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsAwsCloudTrailCheckRequirements() (*AwsCloudTrailCheckRequirements, bool)

AsAwsCloudTrailCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsBasicDataConnectorsCheckRequirements() (BasicDataConnectorsCheckRequirements, bool)

AsBasicDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsDataConnectorsCheckRequirements() (*DataConnectorsCheckRequirements, bool)

AsDataConnectorsCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsMCASCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsMCASCheckRequirements() (*MCASCheckRequirements, bool)

AsMCASCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsMDATPCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsMDATPCheckRequirements() (*MDATPCheckRequirements, bool)

AsMDATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsOfficeATPCheckRequirements() (*OfficeATPCheckRequirements, bool)

AsOfficeATPCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsTICheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsTICheckRequirements() (*TICheckRequirements, bool)

AsTICheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements 

func (ttcr TiTaxiiCheckRequirements) AsTiTaxiiCheckRequirements() (*TiTaxiiCheckRequirements, bool)

AsTiTaxiiCheckRequirements is the BasicDataConnectorsCheckRequirements implementation for TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) MarshalJSON 

func (ttcr TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TiTaxiiCheckRequirements.

func (*TiTaxiiCheckRequirements) UnmarshalJSON 

func (ttcr *TiTaxiiCheckRequirements) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TiTaxiiCheckRequirements struct.

type TiTaxiiCheckRequirementsProperties 

type TiTaxiiCheckRequirementsProperties struct {
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TiTaxiiCheckRequirementsProperties threat Intelligence TAXII data connector required properties.

type TiTaxiiDataConnector 

type TiTaxiiDataConnector struct {
	// TiTaxiiDataConnectorProperties - Threat intelligence TAXII data connector properties.
	*TiTaxiiDataConnectorProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindDataConnector', 'KindAzureActiveDirectory', 'KindAzureAdvancedThreatProtection', 'KindAzureSecurityCenter', 'KindAmazonWebServicesCloudTrail', 'KindMicrosoftCloudAppSecurity', 'KindMicrosoftDefenderAdvancedThreatProtection', 'KindOfficeATP', 'KindOffice365', 'KindThreatIntelligence', 'KindThreatIntelligenceTaxii'
	Kind KindBasicDataConnector `json:"kind,omitempty"`
}

TiTaxiiDataConnector data connector to pull Threat intelligence data from TAXII 2.0/2.1 server

func (TiTaxiiDataConnector) AsAADDataConnector 

func (ttdc TiTaxiiDataConnector) AsAADDataConnector() (*AADDataConnector, bool)

AsAADDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsAATPDataConnector 

func (ttdc TiTaxiiDataConnector) AsAATPDataConnector() (*AATPDataConnector, bool)

AsAATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsASCDataConnector 

func (ttdc TiTaxiiDataConnector) AsASCDataConnector() (*ASCDataConnector, bool)

AsASCDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsAwsCloudTrailDataConnector 

func (ttdc TiTaxiiDataConnector) AsAwsCloudTrailDataConnector() (*AwsCloudTrailDataConnector, bool)

AsAwsCloudTrailDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsBasicDataConnector 

func (ttdc TiTaxiiDataConnector) AsBasicDataConnector() (BasicDataConnector, bool)

AsBasicDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsDataConnector 

func (ttdc TiTaxiiDataConnector) AsDataConnector() (*DataConnector, bool)

AsDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsMCASDataConnector 

func (ttdc TiTaxiiDataConnector) AsMCASDataConnector() (*MCASDataConnector, bool)

AsMCASDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsMDATPDataConnector 

func (ttdc TiTaxiiDataConnector) AsMDATPDataConnector() (*MDATPDataConnector, bool)

AsMDATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsOfficeATPDataConnector 

func (ttdc TiTaxiiDataConnector) AsOfficeATPDataConnector() (*OfficeATPDataConnector, bool)

AsOfficeATPDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsOfficeDataConnector 

func (ttdc TiTaxiiDataConnector) AsOfficeDataConnector() (*OfficeDataConnector, bool)

AsOfficeDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsTIDataConnector 

func (ttdc TiTaxiiDataConnector) AsTIDataConnector() (*TIDataConnector, bool)

AsTIDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) AsTiTaxiiDataConnector 

func (ttdc TiTaxiiDataConnector) AsTiTaxiiDataConnector() (*TiTaxiiDataConnector, bool)

AsTiTaxiiDataConnector is the BasicDataConnector implementation for TiTaxiiDataConnector.

func (TiTaxiiDataConnector) MarshalJSON 

func (ttdc TiTaxiiDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for TiTaxiiDataConnector.

func (*TiTaxiiDataConnector) UnmarshalJSON 

func (ttdc *TiTaxiiDataConnector) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for TiTaxiiDataConnector struct.

type TiTaxiiDataConnectorDataTypes 

type TiTaxiiDataConnectorDataTypes struct {
	// TaxiiClient - Data type for TAXII connector.
	TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"`
}

TiTaxiiDataConnectorDataTypes the available data types for Threat Intelligence TAXII data connector.

type TiTaxiiDataConnectorDataTypesTaxiiClient 

type TiTaxiiDataConnectorDataTypesTaxiiClient struct {
	// State - Describe whether this data type connection is enabled or not. Possible values include: 'Enabled', 'Disabled'
	State DataTypeState `json:"state,omitempty"`
}

TiTaxiiDataConnectorDataTypesTaxiiClient data type for TAXII connector.

type TiTaxiiDataConnectorProperties 

type TiTaxiiDataConnectorProperties struct {
	// WorkspaceID - The workspace id.
	WorkspaceID *string `json:"workspaceId,omitempty"`
	// FriendlyName - The friendly name for the TAXII server.
	FriendlyName *string `json:"friendlyName,omitempty"`
	// TaxiiServer - The API root for the TAXII server.
	TaxiiServer *string `json:"taxiiServer,omitempty"`
	// CollectionID - The collection id of the TAXII server.
	CollectionID *string `json:"collectionId,omitempty"`
	// UserName - The userName for the TAXII server.
	UserName *string `json:"userName,omitempty"`
	// Password - The password for the TAXII server.
	Password *string `json:"password,omitempty"`
	// DataTypes - The available data types for Threat Intelligence TAXII data connector.
	DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"`
	// TenantID - The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TiTaxiiDataConnectorProperties threat Intelligence TAXII data connector properties.

type TimelineAggregation 

type TimelineAggregation struct {
	// Count - the total items found for a kind
	Count *int32 `json:"count,omitempty"`
	// Kind - the query kind. Possible values include: 'EntityTimelineKindActivity', 'EntityTimelineKindBookmark', 'EntityTimelineKindSecurityAlert'
	Kind EntityTimelineKind `json:"kind,omitempty"`
}

TimelineAggregation timeline aggregation information per kind

type TimelineError 

type TimelineError struct {
	// Kind - the query kind. Possible values include: 'EntityTimelineKindActivity', 'EntityTimelineKindBookmark', 'EntityTimelineKindSecurityAlert'
	Kind EntityTimelineKind `json:"kind,omitempty"`
	// QueryID - the query id
	QueryID *string `json:"queryId,omitempty"`
	// ErrorMessage - the error message
	ErrorMessage *string `json:"errorMessage,omitempty"`
}

TimelineError timeline Query Errors.

type TimelineResultsMetadata 

type TimelineResultsMetadata struct {
	// TotalCount - the total items found for the timeline request
	TotalCount *int32 `json:"totalCount,omitempty"`
	// Aggregations - timeline aggregation per kind
	Aggregations *[]TimelineAggregation `json:"aggregations,omitempty"`
	// Errors - information about the failure queries
	Errors *[]TimelineError `json:"errors,omitempty"`
}

TimelineResultsMetadata expansion result metadata.

type TriggerOperator 

type TriggerOperator string

TriggerOperator enumerates the values for trigger operator. 

const (
	// Equal ...
	Equal TriggerOperator = "Equal"
	// GreaterThan ...
	GreaterThan TriggerOperator = "GreaterThan"
	// LessThan ...
	LessThan TriggerOperator = "LessThan"
	// NotEqual ...
	NotEqual TriggerOperator = "NotEqual"
)

func PossibleTriggerOperatorValues 

func PossibleTriggerOperatorValues() []TriggerOperator

PossibleTriggerOperatorValues returns an array of possible values for the TriggerOperator const type.

type URLEntity 

type URLEntity struct {
	// URLEntityProperties - Url entity properties
	*URLEntityProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Kind - Possible values include: 'KindEntity', 'KindAccount', 'KindAzureResource', 'KindCloudApplication', 'KindDNSResolution', 'KindFile', 'KindFileHash', 'KindHost', 'KindBookmark', 'KindSecurityAlert', 'KindIP', 'KindMalware', 'KindProcess', 'KindRegistryKey', 'KindRegistryValue', 'KindSecurityGroup', 'KindURL', 'KindIoTDevice'
	Kind KindBasicEntity `json:"kind,omitempty"`
}

URLEntity represents a url entity.

func (URLEntity) AsAccountEntity 

func (ue URLEntity) AsAccountEntity() (*AccountEntity, bool)

AsAccountEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsAzureResourceEntity 

func (ue URLEntity) AsAzureResourceEntity() (*AzureResourceEntity, bool)

AsAzureResourceEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsBasicEntity 

func (ue URLEntity) AsBasicEntity() (BasicEntity, bool)

AsBasicEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsCloudApplicationEntity 

func (ue URLEntity) AsCloudApplicationEntity() (*CloudApplicationEntity, bool)

AsCloudApplicationEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsDNSEntity 

func (ue URLEntity) AsDNSEntity() (*DNSEntity, bool)

AsDNSEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsEntity 

func (ue URLEntity) AsEntity() (*Entity, bool)

AsEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsFileEntity 

func (ue URLEntity) AsFileEntity() (*FileEntity, bool)

AsFileEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsFileHashEntity 

func (ue URLEntity) AsFileHashEntity() (*FileHashEntity, bool)

AsFileHashEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsHostEntity 

func (ue URLEntity) AsHostEntity() (*HostEntity, bool)

AsHostEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsHuntingBookmark 

func (ue URLEntity) AsHuntingBookmark() (*HuntingBookmark, bool)

AsHuntingBookmark is the BasicEntity implementation for URLEntity.

func (URLEntity) AsIPEntity 

func (ue URLEntity) AsIPEntity() (*IPEntity, bool)

AsIPEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsIoTDeviceEntity 

func (ue URLEntity) AsIoTDeviceEntity() (*IoTDeviceEntity, bool)

AsIoTDeviceEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsMalwareEntity 

func (ue URLEntity) AsMalwareEntity() (*MalwareEntity, bool)

AsMalwareEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsProcessEntity 

func (ue URLEntity) AsProcessEntity() (*ProcessEntity, bool)

AsProcessEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsRegistryKeyEntity 

func (ue URLEntity) AsRegistryKeyEntity() (*RegistryKeyEntity, bool)

AsRegistryKeyEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsRegistryValueEntity 

func (ue URLEntity) AsRegistryValueEntity() (*RegistryValueEntity, bool)

AsRegistryValueEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsSecurityAlert 

func (ue URLEntity) AsSecurityAlert() (*SecurityAlert, bool)

AsSecurityAlert is the BasicEntity implementation for URLEntity.

func (URLEntity) AsSecurityGroupEntity 

func (ue URLEntity) AsSecurityGroupEntity() (*SecurityGroupEntity, bool)

AsSecurityGroupEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) AsURLEntity 

func (ue URLEntity) AsURLEntity() (*URLEntity, bool)

AsURLEntity is the BasicEntity implementation for URLEntity.

func (URLEntity) MarshalJSON 

func (ue URLEntity) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for URLEntity.

func (*URLEntity) UnmarshalJSON 

func (ue *URLEntity) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for URLEntity struct.

type URLEntityProperties 

type URLEntityProperties struct {
	// URL - READ-ONLY; A full URL the entity points to
	URL *string `json:"url,omitempty"`
	// AdditionalData - READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]interface{} `json:"additionalData"`
	// FriendlyName - READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty"`
}

URLEntityProperties url entity property bag.

func (URLEntityProperties) MarshalJSON 

func (uep URLEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for URLEntityProperties.

type Ueba 

type Ueba struct {
	// UebaProperties - Ueba properties
	*UebaProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
	// Kind - Possible values include: 'KindSettings', 'KindEyesOn', 'KindEntityAnalytics', 'KindUeba'
	Kind KindBasicSettings `json:"kind,omitempty"`
}

Ueba settings with single toggle.

func (Ueba) AsBasicSettings 

func (u Ueba) AsBasicSettings() (BasicSettings, bool)

AsBasicSettings is the BasicSettings implementation for Ueba.

func (Ueba) AsEntityAnalytics 

func (u Ueba) AsEntityAnalytics() (*EntityAnalytics, bool)

AsEntityAnalytics is the BasicSettings implementation for Ueba.

func (Ueba) AsEyesOn 

func (u Ueba) AsEyesOn() (*EyesOn, bool)

AsEyesOn is the BasicSettings implementation for Ueba.

func (Ueba) AsSettings 

func (u Ueba) AsSettings() (*Settings, bool)

AsSettings is the BasicSettings implementation for Ueba.

func (Ueba) AsUeba 

func (u Ueba) AsUeba() (*Ueba, bool)

AsUeba is the BasicSettings implementation for Ueba.

func (Ueba) MarshalJSON 

func (u Ueba) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Ueba.

func (*Ueba) UnmarshalJSON 

func (u *Ueba) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Ueba struct.

type UebaDataSources 

type UebaDataSources string

UebaDataSources enumerates the values for ueba data sources. 

const (
	// AuditLogs ...
	AuditLogs UebaDataSources = "AuditLogs"
	// AzureActivity ...
	AzureActivity UebaDataSources = "AzureActivity"
	// SecurityEvent ...
	SecurityEvent UebaDataSources = "SecurityEvent"
	// SigninLogs ...
	SigninLogs UebaDataSources = "SigninLogs"
)

func PossibleUebaDataSourcesValues 

func PossibleUebaDataSourcesValues() []UebaDataSources

PossibleUebaDataSourcesValues returns an array of possible values for the UebaDataSources const type.

type UebaProperties 

type UebaProperties struct {
	// DataSources - The relevant data sources that enriched by ueba
	DataSources *[]UebaDataSources `json:"dataSources,omitempty"`
}

UebaProperties ueba property bag.

type UserInfo 

type UserInfo struct {
	// Email - READ-ONLY; The email of the user.
	Email *string `json:"email,omitempty"`
	// Name - READ-ONLY; The name of the user.
	Name *string `json:"name,omitempty"`
	// ObjectID - The object id of the user.
	ObjectID *uuid.UUID `json:"objectId,omitempty"`
}

UserInfo user information that made some action

func (UserInfo) MarshalJSON 

func (UI UserInfo) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for UserInfo.

type Watchlist 

type Watchlist struct {
	autorest.Response `json:"-"`
	// WatchlistProperties - Watchlist properties
	*WatchlistProperties `json:"properties,omitempty"`
	// ID - READ-ONLY; Azure resource Id
	ID *string `json:"id,omitempty"`
	// Name - READ-ONLY; Azure resource name
	Name *string `json:"name,omitempty"`
	// Type - READ-ONLY; Azure resource type
	Type *string `json:"type,omitempty"`
	// Etag - Etag of the azure resource
	Etag *string `json:"etag,omitempty"`
}

Watchlist represents a Watchlist in Azure Security Insights.

func (Watchlist) MarshalJSON 

func (w Watchlist) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for Watchlist.

func (*Watchlist) UnmarshalJSON 

func (w *Watchlist) UnmarshalJSON(body []byte) error

UnmarshalJSON is the custom unmarshaler for Watchlist struct.

type WatchlistList 

type WatchlistList struct {
	autorest.Response `json:"-"`
	// NextLink - READ-ONLY; URL to fetch the next set of watchlists.
	NextLink *string `json:"nextLink,omitempty"`
	// Value - Array of watchlist.
	Value *[]Watchlist `json:"value,omitempty"`
}

WatchlistList list all the watchlists.

func (WatchlistList) IsEmpty 

func (wl WatchlistList) IsEmpty() bool

IsEmpty returns true if the ListResult contains no values.

func (WatchlistList) MarshalJSON 

func (wl WatchlistList) MarshalJSON() ([]byte, error)

MarshalJSON is the custom marshaler for WatchlistList.

type WatchlistListIterator 

type WatchlistListIterator struct {
	// contains filtered or unexported fields
}

WatchlistListIterator provides access to a complete listing of Watchlist values.

func NewWatchlistListIterator 

func NewWatchlistListIterator(page WatchlistListPage) WatchlistListIterator

Creates a new instance of the WatchlistListIterator type.

func (*WatchlistListIterator) Next 

func (iter *WatchlistListIterator) Next() error

Next advances to the next value. If there was an error making the request the iterator does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*WatchlistListIterator) NextWithContext 

func (iter *WatchlistListIterator) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next value. If there was an error making the request the iterator does not advance and the error is returned.

func (WatchlistListIterator) NotDone 

func (iter WatchlistListIterator) NotDone() bool

NotDone returns true if the enumeration should be started or is not yet complete.

func (WatchlistListIterator) Response 

func (iter WatchlistListIterator) Response() WatchlistList

Response returns the raw server response from the last page request.

func (WatchlistListIterator) Value 

func (iter WatchlistListIterator) Value() Watchlist

Value returns the current value or a zero-initialized value if the iterator has advanced beyond the end of the collection.

type WatchlistListPage 

type WatchlistListPage struct {
	// contains filtered or unexported fields
}

WatchlistListPage contains a page of Watchlist values.

func NewWatchlistListPage 

func NewWatchlistListPage(cur WatchlistList, getNextPage func(context.Context, WatchlistList) (WatchlistList, error)) WatchlistListPage

Creates a new instance of the WatchlistListPage type.

func (*WatchlistListPage) Next 

func (page *WatchlistListPage) Next() error

Next advances to the next page of values. If there was an error making the request the page does not advance and the error is returned. Deprecated: Use NextWithContext() instead.

func (*WatchlistListPage) NextWithContext 

func (page *WatchlistListPage) NextWithContext(ctx context.Context) (err error)

NextWithContext advances to the next page of values. If there was an error making the request the page does not advance and the error is returned.

func (WatchlistListPage) NotDone 

func (page WatchlistListPage) NotDone() bool

NotDone returns true if the page enumeration should be started or is not yet complete.

func (WatchlistListPage) Response 

func (page WatchlistListPage) Response() WatchlistList

Response returns the raw server response from the last page request.

func (WatchlistListPage) Values 

func (page WatchlistListPage) Values() []Watchlist

Values returns the slice of values for the current page or nil if there are no values.

type WatchlistProperties 

type WatchlistProperties struct {
	// WatchlistID - The id (a Guid) of the watchlist
	WatchlistID *string `json:"watchlistId,omitempty"`
	// DisplayName - The display name of the watchlist
	DisplayName *string `json:"displayName,omitempty"`
	// Provider - The provider of the watchlist
	Provider *string `json:"provider,omitempty"`
	// Source - The source of the watchlist. Possible values include: 'Localfile', 'Remotestorage'
	Source Source `json:"source,omitempty"`
	// Created - The time the watchlist was created
	Created *date.Time `json:"created,omitempty"`
	// Updated - The last time the watchlist was updated
	Updated *date.Time `json:"updated,omitempty"`
	// CreatedBy - Describes a user that created the watchlist
	CreatedBy *UserInfo `json:"createdBy,omitempty"`
	// UpdatedBy - Describes a user that updated the watchlist
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
	// Description - A description of the watchlist
	Description *string `json:"description,omitempty"`
	// WatchlistType - The type of the watchlist
	WatchlistType *string `json:"watchlistType,omitempty"`
	// WatchlistAlias - The alias of the watchlist
	WatchlistAlias *string `json:"watchlistAlias,omitempty"`
	// IsDeleted - A flag that indicates if the watchlist is deleted or not
	IsDeleted *bool `json:"isDeleted,omitempty"`
	// Labels - List of labels relevant to this watchlist
	Labels *[]string `json:"labels,omitempty"`
	// DefaultDuration - The default duration of a watchlist (in ISO 8601 duration format)
	DefaultDuration *string `json:"defaultDuration,omitempty"`
	// TenantID - The tenantId where the watchlist belongs to
	TenantID *string `json:"tenantId,omitempty"`
	// NumberOfLinesToSkip - The number of lines in a csv/tsv content to skip before the header
	NumberOfLinesToSkip *int32 `json:"numberOfLinesToSkip,omitempty"`
	// RawContent - The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the file that will parsed by the endpoint
	RawContent *string `json:"rawContent,omitempty"`
	// ContentType - The content type of the raw content. Example : text/csv or text/tsv
	ContentType *string `json:"contentType,omitempty"`
}

WatchlistProperties describes watchlist properties

type WatchlistsClient 

type WatchlistsClient struct {
	BaseClient
}

WatchlistsClient is the API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider

func NewWatchlistsClient 

func NewWatchlistsClient(subscriptionID string) WatchlistsClient

NewWatchlistsClient creates an instance of the WatchlistsClient client.

func NewWatchlistsClientWithBaseURI 

func NewWatchlistsClientWithBaseURI(baseURI string, subscriptionID string) WatchlistsClient

NewWatchlistsClientWithBaseURI creates an instance of the WatchlistsClient client using a custom endpoint. Use this when interacting with an Azure cloud that uses a non-standard base URI (sovereign clouds, Azure stack).

func (WatchlistsClient) Create 

func (client WatchlistsClient) Create(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (result Watchlist, err error)

Create creates a watchlist and its watchlist items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint twice : the first call will create am empty Watchlist, and the second one will create its Items. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias watchlist - the watchlist

func (WatchlistsClient) CreatePreparer 

func (client WatchlistsClient) CreatePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string, watchlist Watchlist) (*http.Request, error)

CreatePreparer prepares the Create request.

func (WatchlistsClient) CreateResponder 

func (client WatchlistsClient) CreateResponder(resp *http.Response) (result Watchlist, err error)

CreateResponder handles the response to the Create request. The method always closes the http.Response Body.

func (WatchlistsClient) CreateSender 

func (client WatchlistsClient) CreateSender(req *http.Request) (*http.Response, error)

CreateSender sends the Create request. The method will close the http.Response Body if it receives an error.

func (WatchlistsClient) Delete 

func (client WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result autorest.Response, err error)

Delete delete a watchlist. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias

func (WatchlistsClient) DeletePreparer 

func (client WatchlistsClient) DeletePreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error)

DeletePreparer prepares the Delete request.

func (WatchlistsClient) DeleteResponder 

func (client WatchlistsClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error)

DeleteResponder handles the response to the Delete request. The method always closes the http.Response Body.

func (WatchlistsClient) DeleteSender 

func (client WatchlistsClient) DeleteSender(req *http.Request) (*http.Response, error)

DeleteSender sends the Delete request. The method will close the http.Response Body if it receives an error.

func (WatchlistsClient) Get 

func (client WatchlistsClient) Get(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (result Watchlist, err error)

Get gets a watchlist, without its watchlist items. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace. watchlistAlias - watchlist Alias

func (WatchlistsClient) GetPreparer 

func (client WatchlistsClient) GetPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string, watchlistAlias string) (*http.Request, error)

GetPreparer prepares the Get request.

func (WatchlistsClient) GetResponder 

func (client WatchlistsClient) GetResponder(resp *http.Response) (result Watchlist, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (WatchlistsClient) GetSender 

func (client WatchlistsClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (WatchlistsClient) List 

func (client WatchlistsClient) List(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListPage, err error)

List gets all watchlists, without watchlist items. Parameters: resourceGroupName - the name of the resource group within the user's subscription. The name is case insensitive. operationalInsightsResourceProvider - the namespace of workspaces resource provider- Microsoft.OperationalInsights. workspaceName - the name of the workspace.

func (WatchlistsClient) ListComplete 

func (client WatchlistsClient) ListComplete(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (result WatchlistListIterator, err error)

ListComplete enumerates all values, automatically crossing page boundaries as required.

func (WatchlistsClient) ListPreparer 

func (client WatchlistsClient) ListPreparer(ctx context.Context, resourceGroupName string, operationalInsightsResourceProvider string, workspaceName string) (*http.Request, error)

ListPreparer prepares the List request.

func (WatchlistsClient) ListResponder 

func (client WatchlistsClient) ListResponder(resp *http.Response) (result WatchlistList, err error)

ListResponder handles the response to the List request. The method always closes the http.Response Body.

func (WatchlistsClient) ListSender 

func (client WatchlistsClient) ListSender(req *http.Request) (*http.Response, error)

ListSender sends the List request. The method will close the http.Response Body if it receives an error.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.