armsecurityinsights

package module
v2.0.0-beta.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 31, 2023 License: MIT Imports: 15 Imported by: 63

README

Azure Security Insight Module for Go

PkgGoDev

The armsecurityinsights module provides operations for working with Azure Security Insight.

Source code

Getting started

Prerequisites

  • an Azure subscription
  • Go 1.18 or above (You could download and install the latest version of Go from here. It will replace the existing Go on your machine. If you want to install multiple Go versions on the same machine, you could refer this doc.)

Install the package

This project uses Go modules for versioning and dependency management.

Install the Azure Security Insight module:

go get github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2

Authorization

When creating a client, you will need to provide a credential for authenticating with Azure Security Insight. The azidentity module provides facilities for various ways of authenticating with Azure including client/secret, certificate, managed identity, and more.

cred, err := azidentity.NewDefaultAzureCredential(nil)

For more information on authentication, please see the documentation for azidentity at pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity.

Client Factory

Azure Security Insight module consists of one or more clients. We provide a client factory which could be used to create any client in this module.

clientFactory, err := armsecurityinsights.NewClientFactory(<subscription ID>, cred, nil)

You can use ClientOptions in package github.com/Azure/azure-sdk-for-go/sdk/azcore/arm to set endpoint to connect with public and sovereign clouds as well as Azure Stack. For more information, please see the documentation for azcore at pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azcore.

options := arm.ClientOptions {
    ClientOptions: azcore.ClientOptions {
        Cloud: cloud.AzureChina,
    },
}
clientFactory, err := armsecurityinsights.NewClientFactory(<subscription ID>, cred, &options)

Clients

A client groups a set of related APIs, providing access to its functionality. Create one or more clients to access the APIs you require using client factory.

client := clientFactory.NewEntityQueriesClient()

Provide Feedback

If you encounter bugs or have suggestions, please open an issue and assign the Security Insight label.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AADCheckRequirements 

type AADCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// AAD (Azure Active Directory) requirements check properties.
	Properties *AADCheckRequirementsProperties `json:"properties,omitempty"`
}

AADCheckRequirements - Represents AAD (Azure Active Directory) requirements check request.

func (*AADCheckRequirements) GetDataConnectorsCheckRequirements 

func (a *AADCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AADCheckRequirements.

func (AADCheckRequirements) MarshalJSON 

func (a AADCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AADCheckRequirements.

func (*AADCheckRequirements) UnmarshalJSON 

func (a *AADCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AADCheckRequirements.

type AADCheckRequirementsProperties 

type AADCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

AADCheckRequirementsProperties - AAD (Azure Active Directory) requirements check properties.

func (AADCheckRequirementsProperties) MarshalJSON 

func (a AADCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AADCheckRequirementsProperties.

func (*AADCheckRequirementsProperties) UnmarshalJSON 

func (a *AADCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AADCheckRequirementsProperties.

type AADDataConnector 

type AADDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// AAD (Azure Active Directory) data connector properties.
	Properties *AADDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AADDataConnector - Represents AAD (Azure Active Directory) data connector.

func (*AADDataConnector) GetDataConnector 

func (a *AADDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AADDataConnector.

func (AADDataConnector) MarshalJSON 

func (a AADDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AADDataConnector.

func (*AADDataConnector) UnmarshalJSON 

func (a *AADDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AADDataConnector.

type AADDataConnectorProperties 

type AADDataConnectorProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AADDataConnectorProperties - AAD (Azure Active Directory) data connector properties.

func (AADDataConnectorProperties) MarshalJSON 

func (a AADDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AADDataConnectorProperties.

func (*AADDataConnectorProperties) UnmarshalJSON 

func (a *AADDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AADDataConnectorProperties.

type AATPCheckRequirements 

type AATPCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// AATP (Azure Advanced Threat Protection) requirements check properties.
	Properties *AATPCheckRequirementsProperties `json:"properties,omitempty"`
}

AATPCheckRequirements - Represents AATP (Azure Advanced Threat Protection) requirements check request.

func (*AATPCheckRequirements) GetDataConnectorsCheckRequirements 

func (a *AATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AATPCheckRequirements.

func (AATPCheckRequirements) MarshalJSON 

func (a AATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AATPCheckRequirements.

func (*AATPCheckRequirements) UnmarshalJSON 

func (a *AATPCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AATPCheckRequirements.

type AATPCheckRequirementsProperties 

type AATPCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

AATPCheckRequirementsProperties - AATP (Azure Advanced Threat Protection) requirements check properties.

func (AATPCheckRequirementsProperties) MarshalJSON 

func (a AATPCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AATPCheckRequirementsProperties.

func (*AATPCheckRequirementsProperties) UnmarshalJSON 

func (a *AATPCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AATPCheckRequirementsProperties.

type AATPDataConnector 

type AATPDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// AATP (Azure Advanced Threat Protection) data connector properties.
	Properties *AATPDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AATPDataConnector - Represents AATP (Azure Advanced Threat Protection) data connector.

func (*AATPDataConnector) GetDataConnector 

func (a *AATPDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AATPDataConnector.

func (AATPDataConnector) MarshalJSON 

func (a AATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AATPDataConnector.

func (*AATPDataConnector) UnmarshalJSON 

func (a *AATPDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AATPDataConnector.

type AATPDataConnectorProperties 

type AATPDataConnectorProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

AATPDataConnectorProperties - AATP (Azure Advanced Threat Protection) data connector properties.

func (AATPDataConnectorProperties) MarshalJSON 

func (a AATPDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AATPDataConnectorProperties.

func (*AATPDataConnectorProperties) UnmarshalJSON 

func (a *AATPDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AATPDataConnectorProperties.

type APIPollingParameters 

type APIPollingParameters struct {
	// Config to describe the instructions blade
	ConnectorUIConfig *CodelessUIConnectorConfigProperties `json:"connectorUiConfig,omitempty"`

	// Config to describe the polling instructions
	PollingConfig *CodelessConnectorPollingConfigProperties `json:"pollingConfig,omitempty"`
}

APIPollingParameters - Represents Codeless API Polling data connector

func (APIPollingParameters) MarshalJSON 

func (a APIPollingParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type APIPollingParameters.

func (*APIPollingParameters) UnmarshalJSON 

func (a *APIPollingParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type APIPollingParameters.

type ASCCheckRequirements 

type ASCCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// ASC (Azure Security Center) requirements check properties.
	Properties *ASCCheckRequirementsProperties `json:"properties,omitempty"`
}

ASCCheckRequirements - Represents ASC (Azure Security Center) requirements check request.

func (*ASCCheckRequirements) GetDataConnectorsCheckRequirements 

func (a *ASCCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type ASCCheckRequirements.

func (ASCCheckRequirements) MarshalJSON 

func (a ASCCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ASCCheckRequirements.

func (*ASCCheckRequirements) UnmarshalJSON 

func (a *ASCCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ASCCheckRequirements.

type ASCCheckRequirementsProperties 

type ASCCheckRequirementsProperties struct {
	// The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
}

ASCCheckRequirementsProperties - ASC (Azure Security Center) requirements check properties.

func (ASCCheckRequirementsProperties) MarshalJSON 

func (a ASCCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ASCCheckRequirementsProperties.

func (*ASCCheckRequirementsProperties) UnmarshalJSON 

func (a *ASCCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ASCCheckRequirementsProperties.

type ASCDataConnector 

type ASCDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// ASC (Azure Security Center) data connector properties.
	Properties *ASCDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ASCDataConnector - Represents ASC (Azure Security Center) data connector.

func (*ASCDataConnector) GetDataConnector 

func (a *ASCDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type ASCDataConnector.

func (ASCDataConnector) MarshalJSON 

func (a ASCDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ASCDataConnector.

func (*ASCDataConnector) UnmarshalJSON 

func (a *ASCDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ASCDataConnector.

type ASCDataConnectorProperties 

type ASCDataConnectorProperties struct {
	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`

	// The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
}

ASCDataConnectorProperties - ASC (Azure Security Center) data connector properties.

func (ASCDataConnectorProperties) MarshalJSON 

func (a ASCDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ASCDataConnectorProperties.

func (*ASCDataConnectorProperties) UnmarshalJSON 

func (a *ASCDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ASCDataConnectorProperties.

type AccountEntity 

type AccountEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Account entity properties
	Properties *AccountEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AccountEntity - Represents an account entity.

func (*AccountEntity) GetEntity 

func (a *AccountEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type AccountEntity.

func (AccountEntity) MarshalJSON 

func (a AccountEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AccountEntity.

func (*AccountEntity) UnmarshalJSON 

func (a *AccountEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AccountEntity.

type AccountEntityProperties 

type AccountEntityProperties struct {
	// READ-ONLY; The Azure Active Directory tenant id.
	AADTenantID *string `json:"aadTenantId,omitempty" azure:"ro"`

	// READ-ONLY; The Azure Active Directory user id.
	AADUserID *string `json:"aadUserId,omitempty" azure:"ro"`

	// READ-ONLY; The name of the account. This field should hold only the name without any domain added to it, i.e. administrator.
	AccountName *string `json:"accountName,omitempty" azure:"ro"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The fully qualified domain DNS name.
	DNSDomain *string `json:"dnsDomain,omitempty" azure:"ro"`

	// READ-ONLY; The display name of the account.
	DisplayName *string `json:"displayName,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The Host entity id that contains the account in case it is a local account (not domain joined)
	HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"`

	// READ-ONLY; Determines whether this is a domain account.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty" azure:"ro"`

	// READ-ONLY; The NetBIOS domain name as it appears in the alert format domain/username. Examples: NT AUTHORITY.
	NtDomain *string `json:"ntDomain,omitempty" azure:"ro"`

	// READ-ONLY; The objectGUID attribute is a single-value attribute that is the unique identifier for the object, assigned
	// by active directory.
	ObjectGUID *string `json:"objectGuid,omitempty" azure:"ro"`

	// READ-ONLY; The Azure Active Directory Passport User ID.
	Puid *string `json:"puid,omitempty" azure:"ro"`

	// READ-ONLY; The account security identifier, e.g. S-1-5-18.
	Sid *string `json:"sid,omitempty" azure:"ro"`

	// READ-ONLY; The user principal name suffix for the account, in some cases it is also the domain name. Examples: contoso.com.
	UpnSuffix *string `json:"upnSuffix,omitempty" azure:"ro"`
}

AccountEntityProperties - Account entity property bag.

func (AccountEntityProperties) MarshalJSON 

func (a AccountEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AccountEntityProperties.

func (*AccountEntityProperties) UnmarshalJSON 

func (a *AccountEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AccountEntityProperties.

type ActionRequest 

type ActionRequest struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Action properties for put request
	Properties *ActionRequestProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ActionRequest - Action for alert rule.

func (ActionRequest) MarshalJSON 

func (a ActionRequest) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionRequest.

func (*ActionRequest) UnmarshalJSON 

func (a *ActionRequest) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActionRequest.

type ActionRequestProperties 

type ActionRequestProperties struct {
	// REQUIRED; Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`

	// REQUIRED; Logic App Callback URL for this specific workflow.
	TriggerURI *string `json:"triggerUri,omitempty"`
}

ActionRequestProperties - Action property bag.

func (ActionRequestProperties) MarshalJSON 

func (a ActionRequestProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionRequestProperties.

func (*ActionRequestProperties) UnmarshalJSON 

func (a *ActionRequestProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActionRequestProperties.

type ActionResponse 

type ActionResponse struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Action properties for get request
	Properties *ActionResponseProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ActionResponse - Action for alert rule.

func (ActionResponse) MarshalJSON 

func (a ActionResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionResponse.

func (*ActionResponse) UnmarshalJSON 

func (a *ActionResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActionResponse.

type ActionResponseProperties 

type ActionResponseProperties struct {
	// REQUIRED; Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`

	// The name of the logic app's workflow.
	WorkflowID *string `json:"workflowId,omitempty"`
}

ActionResponseProperties - Action property bag.

func (ActionResponseProperties) MarshalJSON 

func (a ActionResponseProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionResponseProperties.

func (*ActionResponseProperties) UnmarshalJSON 

func (a *ActionResponseProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActionResponseProperties.

type ActionType 

type ActionType string

ActionType - The type of the automation rule action. 

const (
	// ActionTypeModifyProperties - Modify an object's properties
	ActionTypeModifyProperties ActionType = "ModifyProperties"
	// ActionTypeRunPlaybook - Run a playbook on an object
	ActionTypeRunPlaybook ActionType = "RunPlaybook"
)

func PossibleActionTypeValues 

func PossibleActionTypeValues() []ActionType

PossibleActionTypeValues returns the possible values for the ActionType const type.

type ActionsClient 

type ActionsClient struct {
	// contains filtered or unexported fields
}

ActionsClient contains the methods for the Actions group. Don't use this type directly, use NewActionsClient() instead.

func NewActionsClient 

func NewActionsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ActionsClient, error)

NewActionsClient creates a new instance of ActionsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ActionsClient) CreateOrUpdate 

func (client *ActionsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, action ActionRequest, options *ActionsClientCreateOrUpdateOptions) (ActionsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the action of alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • actionID - Action ID
  • action - The action
  • options - ActionsClientCreateOrUpdateOptions contains the optional parameters for the ActionsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/actions/CreateActionOfAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewActionsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "912bec42-cb66-4c03-ac63-1761b6898c3e", armsecurityinsights.ActionRequest{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Properties: &armsecurityinsights.ActionRequestProperties{
		LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"),
		TriggerURI:         to.Ptr("https://prod-31.northcentralus.logic.azure.com:443/workflows/cd3765391efd48549fd7681ded1d48d7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=signature"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ActionResponse = armsecurityinsights.ActionResponse{
// 	Name: to.Ptr("912bec42-cb66-4c03-ac63-1761b6898c3e"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/alertRules/actions"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.ActionResponseProperties{
// 		LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"),
// 		WorkflowID: to.Ptr("cd3765391efd48549fd7681ded1d48d7"),
// 	},
// }

Output:

func (*ActionsClient) Delete 

func (client *ActionsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, options *ActionsClientDeleteOptions) (ActionsClientDeleteResponse, error)

Delete - Delete the action of alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • actionID - Action ID
  • options - ActionsClientDeleteOptions contains the optional parameters for the ActionsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/actions/DeleteActionOfAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewActionsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "912bec42-cb66-4c03-ac63-1761b6898c3e", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*ActionsClient) Get 

func (client *ActionsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, actionID string, options *ActionsClientGetOptions) (ActionsClientGetResponse, error)

Get - Gets the action of alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • actionID - Action ID
  • options - ActionsClientGetOptions contains the optional parameters for the ActionsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/actions/GetActionOfAlertRuleById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewActionsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "912bec42-cb66-4c03-ac63-1761b6898c3e", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ActionResponse = armsecurityinsights.ActionResponse{
// 	Name: to.Ptr("912bec42-cb66-4c03-ac63-1761b6898c3e"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/alertRules/actions"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.ActionResponseProperties{
// 		LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"),
// 		WorkflowID: to.Ptr("cd3765391efd48549fd7681ded1d48d7"),
// 	},
// }

Output:

func (*ActionsClient) NewListByAlertRulePager 

func (client *ActionsClient) NewListByAlertRulePager(resourceGroupName string, workspaceName string, ruleID string, options *ActionsClientListByAlertRuleOptions) *runtime.Pager[ActionsClientListByAlertRuleResponse]

NewListByAlertRulePager - Gets all actions of alert rule.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • options - ActionsClientListByAlertRuleOptions contains the optional parameters for the ActionsClient.NewListByAlertRulePager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/actions/GetAllActionsByAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewActionsClient().NewListByAlertRulePager("myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.ActionsList = armsecurityinsights.ActionsList{
	// 	Value: []*armsecurityinsights.ActionResponse{
	// 		{
	// 			Name: to.Ptr("912bec42-cb66-4c03-ac63-1761b6898c3e"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/alertRules/actions"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5/actions/912bec42-cb66-4c03-ac63-1761b6898c3e"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Properties: &armsecurityinsights.ActionResponseProperties{
	// 				LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/MyAlerts"),
	// 				WorkflowID: to.Ptr("cd3765391efd48549fd7681ded1d48d7"),
	// 			},
	// 	}},
	// }
}

Output:

type ActionsClientCreateOrUpdateOptions 

type ActionsClientCreateOrUpdateOptions struct {
}

ActionsClientCreateOrUpdateOptions contains the optional parameters for the ActionsClient.CreateOrUpdate method.

type ActionsClientCreateOrUpdateResponse 

type ActionsClientCreateOrUpdateResponse struct {
	ActionResponse
}

ActionsClientCreateOrUpdateResponse contains the response from method ActionsClient.CreateOrUpdate.

type ActionsClientDeleteOptions 

type ActionsClientDeleteOptions struct {
}

ActionsClientDeleteOptions contains the optional parameters for the ActionsClient.Delete method.

type ActionsClientDeleteResponse 

type ActionsClientDeleteResponse struct {
}

ActionsClientDeleteResponse contains the response from method ActionsClient.Delete.

type ActionsClientGetOptions 

type ActionsClientGetOptions struct {
}

ActionsClientGetOptions contains the optional parameters for the ActionsClient.Get method.

type ActionsClientGetResponse 

type ActionsClientGetResponse struct {
	ActionResponse
}

ActionsClientGetResponse contains the response from method ActionsClient.Get.

type ActionsClientListByAlertRuleOptions 

type ActionsClientListByAlertRuleOptions struct {
}

ActionsClientListByAlertRuleOptions contains the optional parameters for the ActionsClient.NewListByAlertRulePager method.

type ActionsClientListByAlertRuleResponse 

type ActionsClientListByAlertRuleResponse struct {
	ActionsList
}

ActionsClientListByAlertRuleResponse contains the response from method ActionsClient.NewListByAlertRulePager.

type ActionsList 

type ActionsList struct {
	// REQUIRED; Array of actions.
	Value []*ActionResponse `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of actions.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

ActionsList - List all the actions.

func (ActionsList) MarshalJSON 

func (a ActionsList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActionsList.

func (*ActionsList) UnmarshalJSON 

func (a *ActionsList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActionsList.

type ActivityCustomEntityQuery 

type ActivityCustomEntityQuery struct {
	// REQUIRED; the entity query kind
	Kind *CustomEntityQueryKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Activity entity query properties
	Properties *ActivityEntityQueriesProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ActivityCustomEntityQuery - Represents Activity entity query.

func (*ActivityCustomEntityQuery) GetCustomEntityQuery 

func (a *ActivityCustomEntityQuery) GetCustomEntityQuery() *CustomEntityQuery

GetCustomEntityQuery implements the CustomEntityQueryClassification interface for type ActivityCustomEntityQuery.

func (ActivityCustomEntityQuery) MarshalJSON 

func (a ActivityCustomEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityCustomEntityQuery.

func (*ActivityCustomEntityQuery) UnmarshalJSON 

func (a *ActivityCustomEntityQuery) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityCustomEntityQuery.

type ActivityEntityQueriesProperties 

type ActivityEntityQueriesProperties struct {
	// The entity query content to display in timeline
	Content *string `json:"content,omitempty"`

	// The entity query description
	Description *string `json:"description,omitempty"`

	// Determines whether this activity is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// The query applied only to entities matching to all filters
	EntitiesFilter map[string][]*string `json:"entitiesFilter,omitempty"`

	// The type of the query's source entity
	InputEntityType *EntityType `json:"inputEntityType,omitempty"`

	// The Activity query definitions
	QueryDefinitions *ActivityEntityQueriesPropertiesQueryDefinitions `json:"queryDefinitions,omitempty"`

	// List of the fields of the source entity that are required to run the query
	RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"`

	// The template id this activity was created from
	TemplateName *string `json:"templateName,omitempty"`

	// The entity query title
	Title *string `json:"title,omitempty"`

	// READ-ONLY; The time the activity was created
	CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; The last time the activity was updated
	LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"`
}

ActivityEntityQueriesProperties - Describes activity entity query properties

func (ActivityEntityQueriesProperties) MarshalJSON 

func (a ActivityEntityQueriesProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueriesProperties.

func (*ActivityEntityQueriesProperties) UnmarshalJSON 

func (a *ActivityEntityQueriesProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueriesProperties.

type ActivityEntityQueriesPropertiesQueryDefinitions 

type ActivityEntityQueriesPropertiesQueryDefinitions struct {
	// The Activity query to run on a given entity
	Query *string `json:"query,omitempty"`
}

ActivityEntityQueriesPropertiesQueryDefinitions - The Activity query definitions

func (ActivityEntityQueriesPropertiesQueryDefinitions) MarshalJSON 

func (a ActivityEntityQueriesPropertiesQueryDefinitions) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueriesPropertiesQueryDefinitions.

func (*ActivityEntityQueriesPropertiesQueryDefinitions) UnmarshalJSON 

func (a *ActivityEntityQueriesPropertiesQueryDefinitions) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueriesPropertiesQueryDefinitions.

type ActivityEntityQuery 

type ActivityEntityQuery struct {
	// REQUIRED; the entity query kind
	Kind *EntityQueryKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Activity entity query properties
	Properties *ActivityEntityQueriesProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ActivityEntityQuery - Represents Activity entity query.

func (*ActivityEntityQuery) GetEntityQuery 

func (a *ActivityEntityQuery) GetEntityQuery() *EntityQuery

GetEntityQuery implements the EntityQueryClassification interface for type ActivityEntityQuery.

func (ActivityEntityQuery) MarshalJSON 

func (a ActivityEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityEntityQuery.

func (*ActivityEntityQuery) UnmarshalJSON 

func (a *ActivityEntityQuery) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQuery.

type ActivityEntityQueryTemplate 

type ActivityEntityQueryTemplate struct {
	// REQUIRED; the entity query template kind
	Kind *EntityQueryTemplateKind `json:"kind,omitempty"`

	// Activity entity query properties
	Properties *ActivityEntityQueryTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ActivityEntityQueryTemplate - Represents Activity entity query.

func (*ActivityEntityQueryTemplate) GetEntityQueryTemplate 

func (a *ActivityEntityQueryTemplate) GetEntityQueryTemplate() *EntityQueryTemplate

GetEntityQueryTemplate implements the EntityQueryTemplateClassification interface for type ActivityEntityQueryTemplate.

func (ActivityEntityQueryTemplate) MarshalJSON 

func (a ActivityEntityQueryTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplate.

func (*ActivityEntityQueryTemplate) UnmarshalJSON 

func (a *ActivityEntityQueryTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueryTemplate.

type ActivityEntityQueryTemplateProperties 

type ActivityEntityQueryTemplateProperties struct {
	// The entity query content to display in timeline
	Content *string `json:"content,omitempty"`

	// List of required data types for the given entity query template
	DataTypes []*DataTypeDefinitions `json:"dataTypes,omitempty"`

	// The entity query description
	Description *string `json:"description,omitempty"`

	// The query applied only to entities matching to all filters
	EntitiesFilter map[string][]*string `json:"entitiesFilter,omitempty"`

	// The type of the query's source entity
	InputEntityType *EntityType `json:"inputEntityType,omitempty"`

	// The Activity query definitions
	QueryDefinitions *ActivityEntityQueryTemplatePropertiesQueryDefinitions `json:"queryDefinitions,omitempty"`

	// List of the fields of the source entity that are required to run the query
	RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"`

	// The entity query title
	Title *string `json:"title,omitempty"`
}

ActivityEntityQueryTemplateProperties - Describes activity entity query properties

func (ActivityEntityQueryTemplateProperties) MarshalJSON 

func (a ActivityEntityQueryTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplateProperties.

func (*ActivityEntityQueryTemplateProperties) UnmarshalJSON 

func (a *ActivityEntityQueryTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueryTemplateProperties.

type ActivityEntityQueryTemplatePropertiesQueryDefinitions 

type ActivityEntityQueryTemplatePropertiesQueryDefinitions struct {
	// The Activity query to run on a given entity
	Query *string `json:"query,omitempty"`

	// The dimensions we want to summarize the timeline results on, this is comma separated list
	SummarizeBy *string `json:"summarizeBy,omitempty"`
}

ActivityEntityQueryTemplatePropertiesQueryDefinitions - The Activity query definitions

func (ActivityEntityQueryTemplatePropertiesQueryDefinitions) MarshalJSON 

func (a ActivityEntityQueryTemplatePropertiesQueryDefinitions) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityEntityQueryTemplatePropertiesQueryDefinitions.

func (*ActivityEntityQueryTemplatePropertiesQueryDefinitions) UnmarshalJSON 

func (a *ActivityEntityQueryTemplatePropertiesQueryDefinitions) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityEntityQueryTemplatePropertiesQueryDefinitions.

type ActivityTimelineItem 

type ActivityTimelineItem struct {
	// REQUIRED; The grouping bucket end time.
	BucketEndTimeUTC *time.Time `json:"bucketEndTimeUTC,omitempty"`

	// REQUIRED; The grouping bucket start time.
	BucketStartTimeUTC *time.Time `json:"bucketStartTimeUTC,omitempty"`

	// REQUIRED; The activity timeline content.
	Content *string `json:"content,omitempty"`

	// REQUIRED; The time of the first activity in the grouping bucket.
	FirstActivityTimeUTC *time.Time `json:"firstActivityTimeUTC,omitempty"`

	// REQUIRED; The entity query kind type.
	Kind *EntityTimelineKind `json:"kind,omitempty"`

	// REQUIRED; The time of the last activity in the grouping bucket.
	LastActivityTimeUTC *time.Time `json:"lastActivityTimeUTC,omitempty"`

	// REQUIRED; The activity query id.
	QueryID *string `json:"queryId,omitempty"`

	// REQUIRED; The activity timeline title.
	Title *string `json:"title,omitempty"`
}

ActivityTimelineItem - Represents Activity timeline item.

func (*ActivityTimelineItem) GetEntityTimelineItem 

func (a *ActivityTimelineItem) GetEntityTimelineItem() *EntityTimelineItem

GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type ActivityTimelineItem.

func (ActivityTimelineItem) MarshalJSON 

func (a ActivityTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ActivityTimelineItem.

func (*ActivityTimelineItem) UnmarshalJSON 

func (a *ActivityTimelineItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ActivityTimelineItem.

type AlertDetail 

type AlertDetail string

AlertDetail - Alert detail 

const (
	// AlertDetailDisplayName - Alert display name
	AlertDetailDisplayName AlertDetail = "DisplayName"
	// AlertDetailSeverity - Alert severity
	AlertDetailSeverity AlertDetail = "Severity"
)

func PossibleAlertDetailValues 

func PossibleAlertDetailValues() []AlertDetail

PossibleAlertDetailValues returns the possible values for the AlertDetail const type.

type AlertDetailsOverride 

type AlertDetailsOverride struct {
	// the format containing columns name(s) to override the alert description
	AlertDescriptionFormat *string `json:"alertDescriptionFormat,omitempty"`

	// the format containing columns name(s) to override the alert name
	AlertDisplayNameFormat *string `json:"alertDisplayNameFormat,omitempty"`

	// the column name to take the alert severity from
	AlertSeverityColumnName *string `json:"alertSeverityColumnName,omitempty"`

	// the column name to take the alert tactics from
	AlertTacticsColumnName *string `json:"alertTacticsColumnName,omitempty"`
}

AlertDetailsOverride - Settings for how to dynamically override alert static details

func (AlertDetailsOverride) MarshalJSON 

func (a AlertDetailsOverride) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertDetailsOverride.

func (*AlertDetailsOverride) UnmarshalJSON 

func (a *AlertDetailsOverride) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertDetailsOverride.

type AlertRule 

type AlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AlertRule - Alert rule.

func (*AlertRule) GetAlertRule 

func (a *AlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type AlertRule.

func (AlertRule) MarshalJSON 

func (a AlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRule.

func (*AlertRule) UnmarshalJSON 

func (a *AlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRule.

type AlertRuleClassification 

type AlertRuleClassification interface {
	// GetAlertRule returns the AlertRule content of the underlying type.
	GetAlertRule() *AlertRule
}

AlertRuleClassification provides polymorphic access to related types. Call the interface's GetAlertRule() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AlertRule, *FusionAlertRule, *MLBehaviorAnalyticsAlertRule, *MicrosoftSecurityIncidentCreationAlertRule, *NrtAlertRule, - *ScheduledAlertRule, *ThreatIntelligenceAlertRule

type AlertRuleKind 

type AlertRuleKind string

AlertRuleKind - The kind of the alert rule 

const (
	AlertRuleKindFusion                            AlertRuleKind = "Fusion"
	AlertRuleKindMLBehaviorAnalytics               AlertRuleKind = "MLBehaviorAnalytics"
	AlertRuleKindMicrosoftSecurityIncidentCreation AlertRuleKind = "MicrosoftSecurityIncidentCreation"
	AlertRuleKindNRT                               AlertRuleKind = "NRT"
	AlertRuleKindScheduled                         AlertRuleKind = "Scheduled"
	AlertRuleKindThreatIntelligence                AlertRuleKind = "ThreatIntelligence"
)

func PossibleAlertRuleKindValues 

func PossibleAlertRuleKindValues() []AlertRuleKind

PossibleAlertRuleKindValues returns the possible values for the AlertRuleKind const type.

type AlertRuleTemplate 

type AlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AlertRuleTemplate - Alert rule template.

func (*AlertRuleTemplate) GetAlertRuleTemplate 

func (a *AlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type AlertRuleTemplate.

func (AlertRuleTemplate) MarshalJSON 

func (a AlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplate.

func (*AlertRuleTemplate) UnmarshalJSON 

func (a *AlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplate.

type AlertRuleTemplateClassification 

type AlertRuleTemplateClassification interface {
	// GetAlertRuleTemplate returns the AlertRuleTemplate content of the underlying type.
	GetAlertRuleTemplate() *AlertRuleTemplate
}

AlertRuleTemplateClassification provides polymorphic access to related types. Call the interface's GetAlertRuleTemplate() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AlertRuleTemplate, *FusionAlertRuleTemplate, *MLBehaviorAnalyticsAlertRuleTemplate, *MicrosoftSecurityIncidentCreationAlertRuleTemplate, - *NrtAlertRuleTemplate, *ScheduledAlertRuleTemplate, *ThreatIntelligenceAlertRuleTemplate

type AlertRuleTemplateDataSource 

type AlertRuleTemplateDataSource struct {
	// The connector id that provides the following data types
	ConnectorID *string `json:"connectorId,omitempty"`

	// The data types used by the alert rule template
	DataTypes []*string `json:"dataTypes,omitempty"`
}

AlertRuleTemplateDataSource - alert rule template data sources

func (AlertRuleTemplateDataSource) MarshalJSON 

func (a AlertRuleTemplateDataSource) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplateDataSource.

func (*AlertRuleTemplateDataSource) UnmarshalJSON 

func (a *AlertRuleTemplateDataSource) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplateDataSource.

type AlertRuleTemplatesClient 

type AlertRuleTemplatesClient struct {
	// contains filtered or unexported fields
}

AlertRuleTemplatesClient contains the methods for the AlertRuleTemplates group. Don't use this type directly, use NewAlertRuleTemplatesClient() instead.

func NewAlertRuleTemplatesClient 

func NewAlertRuleTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*AlertRuleTemplatesClient, error)

NewAlertRuleTemplatesClient creates a new instance of AlertRuleTemplatesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*AlertRuleTemplatesClient) Get 

func (client *AlertRuleTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, alertRuleTemplateID string, options *AlertRuleTemplatesClientGetOptions) (AlertRuleTemplatesClientGetResponse, error)

Get - Gets the alert rule template. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • alertRuleTemplateID - Alert rule template ID
  • options - AlertRuleTemplatesClientGetOptions contains the optional parameters for the AlertRuleTemplatesClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplateById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRuleTemplatesClient().Get(ctx, "myRg", "myWorkspace", "65360bb0-8986-4ade-a89d-af3cf44d28aa", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRuleTemplatesClientGetResponse{
// 	                            AlertRuleTemplateClassification: &armsecurityinsights.ScheduledAlertRuleTemplate{
// 		Name: to.Ptr("65360bb0-8986-4ade-a89d-af3cf44d28aa"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa"),
// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
// 		Properties: &armsecurityinsights.ScheduledAlertRuleTemplateProperties{
// 			Description: to.Ptr("This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/"),
// 			AlertRulesCreatedByTemplateCount: to.Ptr[int32](0),
// 			CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-27T00:00:00Z"); return t}()),
// 			DisplayName: to.Ptr("Changes to Amazon VPC settings"),
// 			EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
// 				AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
// 			},
// 			LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-27T00:00:00Z"); return t}()),
// 			Query: to.Ptr("let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n    or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress"),
// 			QueryFrequency: to.Ptr("P1D"),
// 			QueryPeriod: to.Ptr("P1D"),
// 			RequiredDataConnectors: []*armsecurityinsights.AlertRuleTemplateDataSource{
// 				{
// 					ConnectorID: to.Ptr("AWS"),
// 					DataTypes: []*string{
// 						to.Ptr("AWSCloudTrail")},
// 				}},
// 				Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 				Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable),
// 				Tactics: []*armsecurityinsights.AttackTactic{
// 					to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation),
// 					to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
// 					Techniques: []*string{
// 						to.Ptr("T1037"),
// 						to.Ptr("T1021")},
// 						TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
// 						TriggerThreshold: to.Ptr[int32](0),
// 						Version: to.Ptr("1.0.2"),
// 					},
// 				},
// 				                        }

Output:

func (*AlertRuleTemplatesClient) NewListPager 

func (client *AlertRuleTemplatesClient) NewListPager(resourceGroupName string, workspaceName string, options *AlertRuleTemplatesClientListOptions) *runtime.Pager[AlertRuleTemplatesClientListResponse]

NewListPager - Gets all alert rule templates.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - AlertRuleTemplatesClientListOptions contains the optional parameters for the AlertRuleTemplatesClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRuleTemplates/GetAlertRuleTemplates.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewAlertRuleTemplatesClient().NewListPager("myRg", "myWorkspace", nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.AlertRuleTemplatesList = armsecurityinsights.AlertRuleTemplatesList{
	// 	Value: []armsecurityinsights.AlertRuleTemplateClassification{
	// 		&armsecurityinsights.ScheduledAlertRuleTemplate{
	// 			Name: to.Ptr("65360bb0-8986-4ade-a89d-af3cf44d28aa"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/65360bb0-8986-4ade-a89d-af3cf44d28aa"),
	// 			Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
	// 			Properties: &armsecurityinsights.ScheduledAlertRuleTemplateProperties{
	// 				Description: to.Ptr("This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/"),
	// 				AlertRulesCreatedByTemplateCount: to.Ptr[int32](0),
	// 				CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-02-27T00:00:00Z"); return t}()),
	// 				DisplayName: to.Ptr("Changes to Amazon VPC settings"),
	// 				LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-27T00:00:00Z"); return t}()),
	// 				Query: to.Ptr("let timeframe = 1d;\nAWSCloudTrail\n| where TimeGenerated >= ago(timeframe)\n| where EventName == \"CreateNetworkAclEntry\"\n    or EventName == \"CreateRoute\"\n| project TimeGenerated, EventName, EventTypeName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion, EventSource, AdditionalEventData, ResponseElements\n| extend AccountCustomEntity = UserIdentityUserName, IPCustomEntity = SourceIpAddress"),
	// 				QueryFrequency: to.Ptr("P1D"),
	// 				QueryPeriod: to.Ptr("P1D"),
	// 				RequiredDataConnectors: []*armsecurityinsights.AlertRuleTemplateDataSource{
	// 					{
	// 						ConnectorID: to.Ptr("AWS"),
	// 						DataTypes: []*string{
	// 							to.Ptr("AWSCloudTrail")},
	// 					}},
	// 					Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 					Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable),
	// 					Tactics: []*armsecurityinsights.AttackTactic{
	// 						to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation),
	// 						to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
	// 						Techniques: []*string{
	// 							to.Ptr("T1037"),
	// 							to.Ptr("T1021")},
	// 							TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
	// 							TriggerThreshold: to.Ptr[int32](0),
	// 							Version: to.Ptr("1.0.1"),
	// 						},
	// 					},
	// 					&armsecurityinsights.FusionAlertRuleTemplate{
	// 						Name: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
	// 						Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"),
	// 						ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/f71aba3d-28fb-450b-b192-4e76a83015c8"),
	// 						Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
	// 						Properties: &armsecurityinsights.FusionAlertRuleTemplateProperties{
	// 							Description: to.Ptr("Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security    \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion."),
	// 							AlertRulesCreatedByTemplateCount: to.Ptr[int32](0),
	// 							CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-25T00:00:00Z"); return t}()),
	// 							DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"),
	// 							LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-06-09T00:00:00Z"); return t}()),
	// 							Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 							SourceSettings: []*armsecurityinsights.FusionTemplateSourceSetting{
	// 								{
	// 									SourceName: to.Ptr("Anomalies"),
	// 								},
	// 								{
	// 									SourceName: to.Ptr("Alert providers"),
	// 									SourceSubTypes: []*armsecurityinsights.FusionTemplateSourceSubType{
	// 										{
	// 											SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{
	// 												IsSupported: to.Ptr(true),
	// 												SeverityFilters: []*armsecurityinsights.AlertSeverity{
	// 													to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 													to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 													to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 													to.Ptr(armsecurityinsights.AlertSeverityHigh)},
	// 												},
	// 												SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"),
	// 											},
	// 											{
	// 												SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{
	// 													IsSupported: to.Ptr(true),
	// 													SeverityFilters: []*armsecurityinsights.AlertSeverity{
	// 														to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 														to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 														to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 														to.Ptr(armsecurityinsights.AlertSeverityHigh)},
	// 													},
	// 													SourceSubTypeName: to.Ptr("Azure Defender"),
	// 												},
	// 												{
	// 													SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{
	// 														IsSupported: to.Ptr(true),
	// 														SeverityFilters: []*armsecurityinsights.AlertSeverity{
	// 															to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 															to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 															to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 															to.Ptr(armsecurityinsights.AlertSeverityHigh)},
	// 														},
	// 														SourceSubTypeName: to.Ptr("Azure Defender for IoT"),
	// 													},
	// 													{
	// 														SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{
	// 															IsSupported: to.Ptr(true),
	// 															SeverityFilters: []*armsecurityinsights.AlertSeverity{
	// 																to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 																to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 																to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 																to.Ptr(armsecurityinsights.AlertSeverityHigh)},
	// 															},
	// 															SourceSubTypeName: to.Ptr("Microsoft 365 Defender"),
	// 														},
	// 														{
	// 															SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{
	// 																IsSupported: to.Ptr(true),
	// 																SeverityFilters: []*armsecurityinsights.AlertSeverity{
	// 																	to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 																	to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 																	to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 																	to.Ptr(armsecurityinsights.AlertSeverityHigh)},
	// 																},
	// 																SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"),
	// 															},
	// 															{
	// 																SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{
	// 																	IsSupported: to.Ptr(true),
	// 																	SeverityFilters: []*armsecurityinsights.AlertSeverity{
	// 																		to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 																		to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 																		to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 																		to.Ptr(armsecurityinsights.AlertSeverityHigh)},
	// 																	},
	// 																	SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"),
	// 																},
	// 																{
	// 																	SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{
	// 																		IsSupported: to.Ptr(true),
	// 																		SeverityFilters: []*armsecurityinsights.AlertSeverity{
	// 																			to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 																			to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 																			to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 																			to.Ptr(armsecurityinsights.AlertSeverityHigh)},
	// 																		},
	// 																		SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"),
	// 																	},
	// 																	{
	// 																		SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{
	// 																			IsSupported: to.Ptr(true),
	// 																			SeverityFilters: []*armsecurityinsights.AlertSeverity{
	// 																				to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 																				to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 																				to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 																				to.Ptr(armsecurityinsights.AlertSeverityHigh)},
	// 																			},
	// 																			SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"),
	// 																		},
	// 																		{
	// 																			SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{
	// 																				IsSupported: to.Ptr(true),
	// 																				SeverityFilters: []*armsecurityinsights.AlertSeverity{
	// 																					to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 																					to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 																					to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 																					to.Ptr(armsecurityinsights.AlertSeverityHigh)},
	// 																				},
	// 																				SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"),
	// 																		}},
	// 																	},
	// 																	{
	// 																		SourceName: to.Ptr("Raw logs from other sources"),
	// 																		SourceSubTypes: []*armsecurityinsights.FusionTemplateSourceSubType{
	// 																			{
	// 																				SeverityFilter: &armsecurityinsights.FusionTemplateSubTypeSeverityFilter{
	// 																					IsSupported: to.Ptr(false),
	// 																				},
	// 																				SourceSubTypeName: to.Ptr("Palo Alto Networks"),
	// 																		}},
	// 																}},
	// 																Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable),
	// 																Tactics: []*armsecurityinsights.AttackTactic{
	// 																	to.Ptr(armsecurityinsights.AttackTacticCollection),
	// 																	to.Ptr(armsecurityinsights.AttackTacticCommandAndControl),
	// 																	to.Ptr(armsecurityinsights.AttackTacticCredentialAccess),
	// 																	to.Ptr(armsecurityinsights.AttackTacticDefenseEvasion),
	// 																	to.Ptr(armsecurityinsights.AttackTacticDiscovery),
	// 																	to.Ptr(armsecurityinsights.AttackTacticExecution),
	// 																	to.Ptr(armsecurityinsights.AttackTacticExfiltration),
	// 																	to.Ptr(armsecurityinsights.AttackTacticImpact),
	// 																	to.Ptr(armsecurityinsights.AttackTacticInitialAccess),
	// 																	to.Ptr(armsecurityinsights.AttackTacticLateralMovement),
	// 																	to.Ptr(armsecurityinsights.AttackTacticPersistence),
	// 																	to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation)},
	// 																},
	// 															},
	// 															&armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleTemplate{
	// 																Name: to.Ptr("b3cfc7c0-092c-481c-a55b-34a3979758cb"),
	// 																Type: to.Ptr("Microsoft.SecurityInsights/AlertRuleTemplates"),
	// 																ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/AlertRuleTemplates/b3cfc7c0-092c-481c-a55b-34a3979758cb"),
	// 																Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation),
	// 																Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties{
	// 																	Description: to.Ptr("Create incidents based on all alerts generated in Microsoft Cloud App Security"),
	// 																	AlertRulesCreatedByTemplateCount: to.Ptr[int32](0),
	// 																	CreatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-16T00:00:00Z"); return t}()),
	// 																	DisplayName: to.Ptr("Create incidents based on Microsoft Cloud App Security alerts"),
	// 																	LastUpdatedDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-02-27T00:00:00Z"); return t}()),
	// 																	Status: to.Ptr(armsecurityinsights.TemplateStatusAvailable),
	// 																	ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity),
	// 																},
	// 														}},
	// 													}
}

Output:

type AlertRuleTemplatesClientGetOptions 

type AlertRuleTemplatesClientGetOptions struct {
}

AlertRuleTemplatesClientGetOptions contains the optional parameters for the AlertRuleTemplatesClient.Get method.

type AlertRuleTemplatesClientGetResponse 

type AlertRuleTemplatesClientGetResponse struct {
	AlertRuleTemplateClassification
}

AlertRuleTemplatesClientGetResponse contains the response from method AlertRuleTemplatesClient.Get.

func (*AlertRuleTemplatesClientGetResponse) UnmarshalJSON 

func (a *AlertRuleTemplatesClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesClientGetResponse.

type AlertRuleTemplatesClientListOptions 

type AlertRuleTemplatesClientListOptions struct {
}

AlertRuleTemplatesClientListOptions contains the optional parameters for the AlertRuleTemplatesClient.NewListPager method.

type AlertRuleTemplatesClientListResponse 

type AlertRuleTemplatesClientListResponse struct {
	AlertRuleTemplatesList
}

AlertRuleTemplatesClientListResponse contains the response from method AlertRuleTemplatesClient.NewListPager.

type AlertRuleTemplatesList 

type AlertRuleTemplatesList struct {
	// REQUIRED; Array of alert rule templates.
	Value []AlertRuleTemplateClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of alert rule templates.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

AlertRuleTemplatesList - List all the alert rule templates.

func (AlertRuleTemplatesList) MarshalJSON 

func (a AlertRuleTemplatesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRuleTemplatesList.

func (*AlertRuleTemplatesList) UnmarshalJSON 

func (a *AlertRuleTemplatesList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRuleTemplatesList.

type AlertRulesClient 

type AlertRulesClient struct {
	// contains filtered or unexported fields
}

AlertRulesClient contains the methods for the AlertRules group. Don't use this type directly, use NewAlertRulesClient() instead.

func NewAlertRulesClient 

func NewAlertRulesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*AlertRulesClient, error)

NewAlertRulesClient creates a new instance of AlertRulesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*AlertRulesClient) CreateOrUpdate 

func (client *AlertRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, alertRule AlertRuleClassification, options *AlertRulesClientCreateOrUpdateOptions) (AlertRulesClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • alertRule - The alert rule
  • options - AlertRulesClientCreateOrUpdateOptions contains the optional parameters for the AlertRulesClient.CreateOrUpdate method.
Example (CreatesOrUpdatesAFusionAlertRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateFusionAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "myFirstFusionRule", &armsecurityinsights.FusionAlertRule{
	Etag: to.Ptr("3d00c3ca-0000-0100-0000-5d42d5010000"),
	Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
	Properties: &armsecurityinsights.FusionAlertRuleProperties{
		AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
		Enabled:               to.Ptr(true),
		SourceSettings: []*armsecurityinsights.FusionSourceSettings{
			{
				Enabled:    to.Ptr(true),
				SourceName: to.Ptr("Anomalies"),
			},
			{
				Enabled:    to.Ptr(true),
				SourceName: to.Ptr("Alert providers"),
				SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Azure Defender"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Azure Defender for IoT"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Microsoft 365 Defender"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"),
					}},
			},
			{
				Enabled:    to.Ptr(true),
				SourceName: to.Ptr("Raw logs from other sources"),
				SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
					{
						Enabled:           to.Ptr(true),
						SeverityFilters:   &armsecurityinsights.FusionSubTypeSeverityFilter{},
						SourceSubTypeName: to.Ptr("Palo Alto Networks"),
					}},
			}},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{
// 	                            AlertRuleClassification: &armsecurityinsights.FusionAlertRule{
// 		Name: to.Ptr("myFirstFusionRule"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"),
// 		Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""),
// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
// 		Properties: &armsecurityinsights.FusionAlertRuleProperties{
// 			Description: to.Ptr("Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion."),
// 			AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
// 			DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"),
// 			Enabled: to.Ptr(true),
// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T13:13:11.5340061Z"); return t}()),
// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 			SourceSettings: []*armsecurityinsights.FusionSourceSettings{
// 				{
// 					Enabled: to.Ptr(true),
// 					SourceName: to.Ptr("Anomalies"),
// 				},
// 				{
// 					Enabled: to.Ptr(true),
// 					SourceName: to.Ptr("Alert providers"),
// 					SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Azure Defender"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Azure Defender for IoT"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Microsoft 365 Defender"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"),
// 					}},
// 				},
// 				{
// 					Enabled: to.Ptr(true),
// 					SourceName: to.Ptr("Raw logs from other sources"),
// 					SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								IsSupported: to.Ptr(false),
// 							},
// 							SourceSubTypeName: to.Ptr("Palo Alto Networks"),
// 					}},
// 			}},
// 			Tactics: []*armsecurityinsights.AttackTactic{
// 				to.Ptr(armsecurityinsights.AttackTacticCollection),
// 				to.Ptr(armsecurityinsights.AttackTacticCommandAndControl),
// 				to.Ptr(armsecurityinsights.AttackTacticCredentialAccess),
// 				to.Ptr(armsecurityinsights.AttackTacticDefenseEvasion),
// 				to.Ptr(armsecurityinsights.AttackTacticDiscovery),
// 				to.Ptr(armsecurityinsights.AttackTacticExecution),
// 				to.Ptr(armsecurityinsights.AttackTacticExfiltration),
// 				to.Ptr(armsecurityinsights.AttackTacticImpact),
// 				to.Ptr(armsecurityinsights.AttackTacticInitialAccess),
// 				to.Ptr(armsecurityinsights.AttackTacticLateralMovement),
// 				to.Ptr(armsecurityinsights.AttackTacticPersistence),
// 				to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation)},
// 			},
// 		},
// 		                        }

Output:
Example (CreatesOrUpdatesAFusionAlertRuleWithScenarioExclusionPattern)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateFusionAlertRuleWithFusionScenarioExclusion.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "myFirstFusionRule", &armsecurityinsights.FusionAlertRule{
	Etag: to.Ptr("3d00c3ca-0000-0100-0000-5d42d5010000"),
	Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
	Properties: &armsecurityinsights.FusionAlertRuleProperties{
		AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
		Enabled:               to.Ptr(true),
		SourceSettings: []*armsecurityinsights.FusionSourceSettings{
			{
				Enabled:    to.Ptr(true),
				SourceName: to.Ptr("Anomalies"),
			},
			{
				Enabled:    to.Ptr(true),
				SourceName: to.Ptr("Alert providers"),
				SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Azure Defender"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Azure Defender for IoT"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Microsoft 365 Defender"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"),
					},
					{
						Enabled: to.Ptr(true),
						SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
							Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
								},
								{
									Enabled:  to.Ptr(true),
									Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
								}},
						},
						SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"),
					}},
			},
			{
				Enabled:    to.Ptr(true),
				SourceName: to.Ptr("Raw logs from other sources"),
				SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
					{
						Enabled:           to.Ptr(true),
						SeverityFilters:   &armsecurityinsights.FusionSubTypeSeverityFilter{},
						SourceSubTypeName: to.Ptr("Palo Alto Networks"),
					}},
			}},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{
// 	                            AlertRuleClassification: &armsecurityinsights.FusionAlertRule{
// 		Name: to.Ptr("myFirstFusionRule"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"),
// 		Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""),
// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
// 		Properties: &armsecurityinsights.FusionAlertRuleProperties{
// 			Description: to.Ptr("Using Fusion technology based on machine learning, Azure Sentinel automatically detects multistage attacks by identifying combinations of anomalous behaviors and suspicious activities observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nThere are a total of 122 Fusion incident types detected by Azure Sentinel.\n\nTo detect these multistage attacks, the following data connectors must be configured:\n- Azure Active Directory Identity Protection.\n- Microsoft Cloud App Security.\n- Microsoft Defender for Endpoint.\n- Azure Defender.\n- Palo Alto Networks.\n- Scheduled Analytics Rules supported by Fusion\n\nFor a full list and description of each scenario that is supported for these multistage attacks, go to https://aka.ms/SentinelFusion."),
// 			AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
// 			DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"),
// 			Enabled: to.Ptr(true),
// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T13:13:11.5340061Z"); return t}()),
// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 			SourceSettings: []*armsecurityinsights.FusionSourceSettings{
// 				{
// 					Enabled: to.Ptr(true),
// 					SourceName: to.Ptr("Anomalies"),
// 				},
// 				{
// 					Enabled: to.Ptr(true),
// 					SourceName: to.Ptr("Alert providers"),
// 					SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Azure Defender"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Azure Defender for IoT"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Microsoft 365 Defender"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"),
// 					}},
// 				},
// 				{
// 					Enabled: to.Ptr(true),
// 					SourceName: to.Ptr("Raw logs from other sources"),
// 					SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								IsSupported: to.Ptr(false),
// 							},
// 							SourceSubTypeName: to.Ptr("Palo Alto Networks"),
// 					}},
// 			}},
// 			Tactics: []*armsecurityinsights.AttackTactic{
// 				to.Ptr(armsecurityinsights.AttackTacticCollection),
// 				to.Ptr(armsecurityinsights.AttackTacticCommandAndControl),
// 				to.Ptr(armsecurityinsights.AttackTacticCredentialAccess),
// 				to.Ptr(armsecurityinsights.AttackTacticDefenseEvasion),
// 				to.Ptr(armsecurityinsights.AttackTacticDiscovery),
// 				to.Ptr(armsecurityinsights.AttackTacticExecution),
// 				to.Ptr(armsecurityinsights.AttackTacticExfiltration),
// 				to.Ptr(armsecurityinsights.AttackTacticImpact),
// 				to.Ptr(armsecurityinsights.AttackTacticInitialAccess),
// 				to.Ptr(armsecurityinsights.AttackTacticLateralMovement),
// 				to.Ptr(armsecurityinsights.AttackTacticPersistence),
// 				to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation)},
// 			},
// 		},
// 		                        }

Output:
Example (CreatesOrUpdatesAMicrosoftSecurityIncidentCreationRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateMicrosoftSecurityIncidentCreationAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "microsoftSecurityIncidentCreationRuleExample", &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{
	Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""),
	Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation),
	Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{
		ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity),
		DisplayName:   to.Ptr("testing displayname"),
		Enabled:       to.Ptr(true),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{
// 	                            AlertRuleClassification: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{
// 		Name: to.Ptr("microsoftSecurityIncidentCreationRuleExample"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample"),
// 		Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""),
// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation),
// 		Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{
// 			ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity),
// 			DisplayName: to.Ptr("testing displayname"),
// 			Enabled: to.Ptr(true),
// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T12:05:35.7296311Z"); return t}()),
// 		},
// 	},
// 	                        }

Output:
Example (CreatesOrUpdatesANrtAlertRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateNrtAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.NrtAlertRule{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Kind: to.Ptr(armsecurityinsights.AlertRuleKindNRT),
	Properties: &armsecurityinsights.NrtAlertRuleProperties{
		Description: to.Ptr(""),
		DisplayName: to.Ptr("Rule2"),
		Enabled:     to.Ptr(true),
		EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
			AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
		},
		IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
			CreateIncident: to.Ptr(true),
			GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
				Enabled: to.Ptr(true),
				GroupByEntities: []*armsecurityinsights.EntityMappingType{
					to.Ptr(armsecurityinsights.EntityMappingTypeHost),
					to.Ptr(armsecurityinsights.EntityMappingTypeAccount)},
				LookbackDuration:     to.Ptr("PT5H"),
				MatchingMethod:       to.Ptr(armsecurityinsights.MatchingMethodSelected),
				ReopenClosedIncident: to.Ptr(false),
			},
		},
		Query:               to.Ptr("ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden"),
		Severity:            to.Ptr(armsecurityinsights.AlertSeverityHigh),
		SuppressionDuration: to.Ptr("PT1H"),
		SuppressionEnabled:  to.Ptr(false),
		Tactics: []*armsecurityinsights.AttackTactic{
			to.Ptr(armsecurityinsights.AttackTacticPersistence),
			to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
		Techniques: []*string{
			to.Ptr("T1037"),
			to.Ptr("T1021")},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{
// 	                            AlertRuleClassification: &armsecurityinsights.NrtAlertRule{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindNRT),
// 		Properties: &armsecurityinsights.NrtAlertRuleProperties{
// 			Description: to.Ptr(""),
// 			DisplayName: to.Ptr("Rule2"),
// 			Enabled: to.Ptr(true),
// 			EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
// 				AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
// 			},
// 			IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
// 				CreateIncident: to.Ptr(true),
// 				GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
// 					Enabled: to.Ptr(true),
// 					GroupByEntities: []*armsecurityinsights.EntityMappingType{
// 						to.Ptr(armsecurityinsights.EntityMappingTypeHost),
// 						to.Ptr(armsecurityinsights.EntityMappingTypeAccount)},
// 						LookbackDuration: to.Ptr("PT5H"),
// 						MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected),
// 						ReopenClosedIncident: to.Ptr(false),
// 					},
// 				},
// 				LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 				Query: to.Ptr("ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden"),
// 				Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 				SuppressionDuration: to.Ptr("PT1H"),
// 				SuppressionEnabled: to.Ptr(false),
// 				Tactics: []*armsecurityinsights.AttackTactic{
// 					to.Ptr(armsecurityinsights.AttackTacticPersistence),
// 					to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
// 					Techniques: []*string{
// 						to.Ptr("T1037"),
// 						to.Ptr("T1021")},
// 					},
// 				},
// 				                        }

Output:
Example (CreatesOrUpdatesAScheduledAlertRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateScheduledAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.ScheduledAlertRule{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
	Properties: &armsecurityinsights.ScheduledAlertRuleProperties{
		AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{
			AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"),
			AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"),
		},
		CustomDetails: map[string]*string{
			"OperatingSystemName": to.Ptr("OSName"),
			"OperatingSystemType": to.Ptr("OSType"),
		},
		EntityMappings: []*armsecurityinsights.EntityMapping{
			{
				EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost),
				FieldMappings: []*armsecurityinsights.FieldMapping{
					{
						ColumnName: to.Ptr("Computer"),
						Identifier: to.Ptr("FullName"),
					}},
			},
			{
				EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP),
				FieldMappings: []*armsecurityinsights.FieldMapping{
					{
						ColumnName: to.Ptr("ComputerIP"),
						Identifier: to.Ptr("Address"),
					}},
			}},
		EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
			AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
		},
		Query:            to.Ptr("Heartbeat"),
		QueryFrequency:   to.Ptr("PT1H"),
		QueryPeriod:      to.Ptr("P2DT1H30M"),
		Severity:         to.Ptr(armsecurityinsights.AlertSeverityHigh),
		TriggerOperator:  to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
		TriggerThreshold: to.Ptr[int32](0),
		Description:      to.Ptr("An example for a scheduled rule"),
		DisplayName:      to.Ptr("My scheduled rule"),
		Enabled:          to.Ptr(true),
		IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
			CreateIncident: to.Ptr(true),
			GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
				Enabled: to.Ptr(true),
				GroupByAlertDetails: []*armsecurityinsights.AlertDetail{
					to.Ptr(armsecurityinsights.AlertDetailDisplayName)},
				GroupByCustomDetails: []*string{
					to.Ptr("OperatingSystemType"),
					to.Ptr("OperatingSystemName")},
				GroupByEntities: []*armsecurityinsights.EntityMappingType{
					to.Ptr(armsecurityinsights.EntityMappingTypeHost)},
				LookbackDuration:     to.Ptr("PT5H"),
				MatchingMethod:       to.Ptr(armsecurityinsights.MatchingMethodSelected),
				ReopenClosedIncident: to.Ptr(false),
			},
		},
		SuppressionDuration: to.Ptr("PT1H"),
		SuppressionEnabled:  to.Ptr(false),
		Tactics: []*armsecurityinsights.AttackTactic{
			to.Ptr(armsecurityinsights.AttackTacticPersistence),
			to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
		Techniques: []*string{
			to.Ptr("T1037"),
			to.Ptr("T1021")},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRulesClientCreateOrUpdateResponse{
// 	                            AlertRuleClassification: &armsecurityinsights.ScheduledAlertRule{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"01005144-0000-0d00-0000-6058632c0000\""),
// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
// 		Properties: &armsecurityinsights.ScheduledAlertRuleProperties{
// 			AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{
// 				AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"),
// 				AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"),
// 			},
// 			CustomDetails: map[string]*string{
// 				"OperatingSystemName": to.Ptr("OSName"),
// 				"OperatingSystemType": to.Ptr("OSType"),
// 			},
// 			EntityMappings: []*armsecurityinsights.EntityMapping{
// 				{
// 					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost),
// 					FieldMappings: []*armsecurityinsights.FieldMapping{
// 						{
// 							ColumnName: to.Ptr("Computer"),
// 							Identifier: to.Ptr("FullName"),
// 					}},
// 				},
// 				{
// 					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP),
// 					FieldMappings: []*armsecurityinsights.FieldMapping{
// 						{
// 							ColumnName: to.Ptr("ComputerIP"),
// 							Identifier: to.Ptr("Address"),
// 					}},
// 			}},
// 			EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
// 				AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
// 			},
// 			Query: to.Ptr("Heartbeat"),
// 			QueryFrequency: to.Ptr("PT1H"),
// 			QueryPeriod: to.Ptr("P2DT1H30M"),
// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 			TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
// 			TriggerThreshold: to.Ptr[int32](0),
// 			Description: to.Ptr("An example for a scheduled rule"),
// 			DisplayName: to.Ptr("My scheduled rule"),
// 			Enabled: to.Ptr(true),
// 			IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
// 				CreateIncident: to.Ptr(true),
// 				GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
// 					Enabled: to.Ptr(true),
// 					GroupByAlertDetails: []*armsecurityinsights.AlertDetail{
// 						to.Ptr(armsecurityinsights.AlertDetailDisplayName)},
// 						GroupByCustomDetails: []*string{
// 							to.Ptr("OperatingSystemType"),
// 							to.Ptr("OperatingSystemName")},
// 							GroupByEntities: []*armsecurityinsights.EntityMappingType{
// 								to.Ptr(armsecurityinsights.EntityMappingTypeHost)},
// 								LookbackDuration: to.Ptr("PT5H"),
// 								MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected),
// 								ReopenClosedIncident: to.Ptr(false),
// 							},
// 						},
// 						LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-01T13:17:30Z"); return t}()),
// 						SuppressionDuration: to.Ptr("PT1H"),
// 						SuppressionEnabled: to.Ptr(false),
// 						Tactics: []*armsecurityinsights.AttackTactic{
// 							to.Ptr(armsecurityinsights.AttackTacticPersistence),
// 							to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
// 							Techniques: []*string{
// 								to.Ptr("T1037"),
// 								to.Ptr("T1021")},
// 							},
// 						},
// 						                        }

Output:

func (*AlertRulesClient) Delete 

func (client *AlertRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, options *AlertRulesClientDeleteOptions) (AlertRulesClientDeleteResponse, error)

Delete - Delete the alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • options - AlertRulesClientDeleteOptions contains the optional parameters for the AlertRulesClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/DeleteAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewAlertRulesClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*AlertRulesClient) Get 

func (client *AlertRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, ruleID string, options *AlertRulesClientGetOptions) (AlertRulesClientGetResponse, error)

Get - Gets the alert rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • ruleID - Alert rule ID
  • options - AlertRulesClientGetOptions contains the optional parameters for the AlertRulesClient.Get method.
Example (GetAFusionAlertRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetFusionAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "myFirstFusionRule", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRulesClientGetResponse{
// 	                            AlertRuleClassification: &armsecurityinsights.FusionAlertRule{
// 		Name: to.Ptr("myFirstFusionRule"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"),
// 		Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""),
// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
// 		Properties: &armsecurityinsights.FusionAlertRuleProperties{
// 			Description: to.Ptr("Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security    \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion."),
// 			AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
// 			DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"),
// 			Enabled: to.Ptr(true),
// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-20T13:13:11.5340061Z"); return t}()),
// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 			SourceSettings: []*armsecurityinsights.FusionSourceSettings{
// 				{
// 					Enabled: to.Ptr(true),
// 					SourceName: to.Ptr("Anomalies"),
// 				},
// 				{
// 					Enabled: to.Ptr(true),
// 					SourceName: to.Ptr("Alert providers"),
// 					SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeDisplayName: to.Ptr("Azure Active Directory Identity Protection"),
// 							SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Cloud"),
// 							SourceSubTypeName: to.Ptr("Azure Defender"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for IoT"),
// 							SourceSubTypeName: to.Ptr("Azure Defender for IoT"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeDisplayName: to.Ptr("Microsoft 365 Defender"),
// 							SourceSubTypeName: to.Ptr("Microsoft 365 Defender"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeDisplayName: to.Ptr("Microsoft Cloud App Security"),
// 							SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Endpoint"),
// 							SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Identity"),
// 							SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Office 365"),
// 							SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"),
// 						},
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 									},
// 									{
// 										Enabled: to.Ptr(true),
// 										Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
// 								}},
// 								IsSupported: to.Ptr(true),
// 							},
// 							SourceSubTypeDisplayName: to.Ptr("Azure Sentinel scheduled analytics rules"),
// 							SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"),
// 					}},
// 				},
// 				{
// 					Enabled: to.Ptr(true),
// 					SourceName: to.Ptr("Raw logs from other sources"),
// 					SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
// 						{
// 							Enabled: to.Ptr(true),
// 							SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
// 								IsSupported: to.Ptr(false),
// 							},
// 							SourceSubTypeDisplayName: to.Ptr("Palo Alto Networks"),
// 							SourceSubTypeName: to.Ptr("Palo Alto Networks"),
// 					}},
// 			}},
// 			Tactics: []*armsecurityinsights.AttackTactic{
// 				to.Ptr(armsecurityinsights.AttackTacticCollection),
// 				to.Ptr(armsecurityinsights.AttackTacticCommandAndControl),
// 				to.Ptr(armsecurityinsights.AttackTacticCredentialAccess),
// 				to.Ptr(armsecurityinsights.AttackTacticDefenseEvasion),
// 				to.Ptr(armsecurityinsights.AttackTacticDiscovery),
// 				to.Ptr(armsecurityinsights.AttackTacticExecution),
// 				to.Ptr(armsecurityinsights.AttackTacticExfiltration),
// 				to.Ptr(armsecurityinsights.AttackTacticImpact),
// 				to.Ptr(armsecurityinsights.AttackTacticInitialAccess),
// 				to.Ptr(armsecurityinsights.AttackTacticLateralMovement),
// 				to.Ptr(armsecurityinsights.AttackTacticPersistence),
// 				to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation)},
// 			},
// 		},
// 		                        }

Output:
Example (GetAMicrosoftSecurityIncidentCreationRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetMicrosoftSecurityIncidentCreationAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "microsoftSecurityIncidentCreationRuleExample", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRulesClientGetResponse{
// 	                            AlertRuleClassification: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{
// 		Name: to.Ptr("microsoftSecurityIncidentCreationRuleExample"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample"),
// 		Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""),
// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation),
// 		Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{
// 			ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity),
// 			DisplayName: to.Ptr("testing displayname"),
// 			Enabled: to.Ptr(true),
// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T12:05:35.7296311Z"); return t}()),
// 		},
// 	},
// 	                        }

Output:
Example (GetAScheduledAlertRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetScheduledAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRulesClientGetResponse{
// 	                            AlertRuleClassification: &armsecurityinsights.ScheduledAlertRule{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
// 		Properties: &armsecurityinsights.ScheduledAlertRuleProperties{
// 			AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{
// 				AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"),
// 				AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"),
// 			},
// 			CustomDetails: map[string]*string{
// 				"OperatingSystemName": to.Ptr("OSName"),
// 				"OperatingSystemType": to.Ptr("OSType"),
// 			},
// 			EntityMappings: []*armsecurityinsights.EntityMapping{
// 				{
// 					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost),
// 					FieldMappings: []*armsecurityinsights.FieldMapping{
// 						{
// 							ColumnName: to.Ptr("Computer"),
// 							Identifier: to.Ptr("FullName"),
// 					}},
// 				},
// 				{
// 					EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP),
// 					FieldMappings: []*armsecurityinsights.FieldMapping{
// 						{
// 							ColumnName: to.Ptr("ComputerIP"),
// 							Identifier: to.Ptr("Address"),
// 					}},
// 			}},
// 			EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
// 				AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
// 			},
// 			Query: to.Ptr("Heartbeat"),
// 			QueryFrequency: to.Ptr("PT1H"),
// 			QueryPeriod: to.Ptr("P2DT1H30M"),
// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 			TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
// 			TriggerThreshold: to.Ptr[int32](0),
// 			Description: to.Ptr("An example for a scheduled rule"),
// 			DisplayName: to.Ptr("My scheduled rule"),
// 			Enabled: to.Ptr(true),
// 			IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
// 				CreateIncident: to.Ptr(true),
// 				GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
// 					Enabled: to.Ptr(true),
// 					GroupByAlertDetails: []*armsecurityinsights.AlertDetail{
// 						to.Ptr(armsecurityinsights.AlertDetailDisplayName)},
// 						GroupByCustomDetails: []*string{
// 							to.Ptr("OperatingSystemType"),
// 							to.Ptr("OperatingSystemName")},
// 							GroupByEntities: []*armsecurityinsights.EntityMappingType{
// 								to.Ptr(armsecurityinsights.EntityMappingTypeHost)},
// 								LookbackDuration: to.Ptr("PT5H"),
// 								MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected),
// 								ReopenClosedIncident: to.Ptr(false),
// 							},
// 						},
// 						LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-01T13:17:30Z"); return t}()),
// 						SuppressionDuration: to.Ptr("PT1H"),
// 						SuppressionEnabled: to.Ptr(false),
// 						Tactics: []*armsecurityinsights.AttackTactic{
// 							to.Ptr(armsecurityinsights.AttackTacticPersistence),
// 							to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
// 							Techniques: []*string{
// 								to.Ptr("T1037"),
// 								to.Ptr("T1021")},
// 							},
// 						},
// 						                        }

Output:
Example (GetAnNrtAlertRule)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetNrtAlertRule.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAlertRulesClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.AlertRulesClientGetResponse{
// 	                            AlertRuleClassification: &armsecurityinsights.NrtAlertRule{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.AlertRuleKindNRT),
// 		Properties: &armsecurityinsights.NrtAlertRuleProperties{
// 			Description: to.Ptr(""),
// 			DisplayName: to.Ptr("Rule2"),
// 			Enabled: to.Ptr(true),
// 			EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
// 				AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
// 			},
// 			IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
// 				CreateIncident: to.Ptr(true),
// 				GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
// 					Enabled: to.Ptr(true),
// 					GroupByEntities: []*armsecurityinsights.EntityMappingType{
// 						to.Ptr(armsecurityinsights.EntityMappingTypeHost),
// 						to.Ptr(armsecurityinsights.EntityMappingTypeAccount)},
// 						LookbackDuration: to.Ptr("PT5H"),
// 						MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected),
// 						ReopenClosedIncident: to.Ptr(false),
// 					},
// 				},
// 				LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 				Query: to.Ptr("ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden"),
// 				Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
// 				SuppressionDuration: to.Ptr("PT1H"),
// 				SuppressionEnabled: to.Ptr(false),
// 				Tactics: []*armsecurityinsights.AttackTactic{
// 					to.Ptr(armsecurityinsights.AttackTacticPersistence),
// 					to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
// 					Techniques: []*string{
// 						to.Ptr("T1037"),
// 						to.Ptr("T1021")},
// 					},
// 				},
// 				                        }

Output:

func (*AlertRulesClient) NewListPager 

func (client *AlertRulesClient) NewListPager(resourceGroupName string, workspaceName string, options *AlertRulesClientListOptions) *runtime.Pager[AlertRulesClientListResponse]

NewListPager - Gets all alert rules.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - AlertRulesClientListOptions contains the optional parameters for the AlertRulesClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetAllAlertRules.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewAlertRulesClient().NewListPager("myRg", "myWorkspace", nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.AlertRulesList = armsecurityinsights.AlertRulesList{
	// 	Value: []armsecurityinsights.AlertRuleClassification{
	// 		&armsecurityinsights.ScheduledAlertRule{
	// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.AlertRuleKindScheduled),
	// 			Properties: &armsecurityinsights.ScheduledAlertRuleProperties{
	// 				AlertDetailsOverride: &armsecurityinsights.AlertDetailsOverride{
	// 					AlertDescriptionFormat: to.Ptr("Suspicious activity was made by {{ComputerIP}}"),
	// 					AlertDisplayNameFormat: to.Ptr("Alert from {{Computer}}"),
	// 				},
	// 				CustomDetails: map[string]*string{
	// 					"OperatingSystemName": to.Ptr("OSName"),
	// 					"OperatingSystemType": to.Ptr("OSType"),
	// 				},
	// 				EntityMappings: []*armsecurityinsights.EntityMapping{
	// 					{
	// 						EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeHost),
	// 						FieldMappings: []*armsecurityinsights.FieldMapping{
	// 							{
	// 								ColumnName: to.Ptr("Computer"),
	// 								Identifier: to.Ptr("FullName"),
	// 						}},
	// 					},
	// 					{
	// 						EntityType: to.Ptr(armsecurityinsights.EntityMappingTypeIP),
	// 						FieldMappings: []*armsecurityinsights.FieldMapping{
	// 							{
	// 								ColumnName: to.Ptr("ComputerIP"),
	// 								Identifier: to.Ptr("Address"),
	// 						}},
	// 				}},
	// 				EventGroupingSettings: &armsecurityinsights.EventGroupingSettings{
	// 					AggregationKind: to.Ptr(armsecurityinsights.EventGroupingAggregationKindAlertPerResult),
	// 				},
	// 				Query: to.Ptr("Heartbeat"),
	// 				QueryFrequency: to.Ptr("PT1H"),
	// 				QueryPeriod: to.Ptr("P2DT1H30M"),
	// 				Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 				TriggerOperator: to.Ptr(armsecurityinsights.TriggerOperatorGreaterThan),
	// 				TriggerThreshold: to.Ptr[int32](0),
	// 				Description: to.Ptr("An example for a scheduled rule"),
	// 				DisplayName: to.Ptr("My scheduled rule"),
	// 				Enabled: to.Ptr(true),
	// 				IncidentConfiguration: &armsecurityinsights.IncidentConfiguration{
	// 					CreateIncident: to.Ptr(true),
	// 					GroupingConfiguration: &armsecurityinsights.GroupingConfiguration{
	// 						Enabled: to.Ptr(true),
	// 						GroupByAlertDetails: []*armsecurityinsights.AlertDetail{
	// 							to.Ptr(armsecurityinsights.AlertDetailDisplayName)},
	// 							GroupByCustomDetails: []*string{
	// 								to.Ptr("OperatingSystemType"),
	// 								to.Ptr("OperatingSystemName")},
	// 								GroupByEntities: []*armsecurityinsights.EntityMappingType{
	// 									to.Ptr(armsecurityinsights.EntityMappingTypeHost)},
	// 									LookbackDuration: to.Ptr("PT5H"),
	// 									MatchingMethod: to.Ptr(armsecurityinsights.MatchingMethodSelected),
	// 									ReopenClosedIncident: to.Ptr(false),
	// 								},
	// 							},
	// 							LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-01T13:17:30Z"); return t}()),
	// 							SuppressionDuration: to.Ptr("PT1H"),
	// 							SuppressionEnabled: to.Ptr(false),
	// 							Tactics: []*armsecurityinsights.AttackTactic{
	// 								to.Ptr(armsecurityinsights.AttackTacticPersistence),
	// 								to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
	// 								Techniques: []*string{
	// 									to.Ptr("T1037"),
	// 									to.Ptr("T1021")},
	// 								},
	// 							},
	// 							&armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRule{
	// 								Name: to.Ptr("microsoftSecurityIncidentCreationRuleExample"),
	// 								Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
	// 								ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/microsoftSecurityIncidentCreationRuleExample"),
	// 								Etag: to.Ptr("\"260097e0-0000-0d00-0000-5d6fa88f0000\""),
	// 								Kind: to.Ptr(armsecurityinsights.AlertRuleKindMicrosoftSecurityIncidentCreation),
	// 								Properties: &armsecurityinsights.MicrosoftSecurityIncidentCreationAlertRuleProperties{
	// 									ProductFilter: to.Ptr(armsecurityinsights.MicrosoftSecurityProductNameMicrosoftCloudAppSecurity),
	// 									DisplayName: to.Ptr("testing displayname"),
	// 									Enabled: to.Ptr(true),
	// 									LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-09-04T12:05:35.7296311Z"); return t}()),
	// 								},
	// 							},
	// 							&armsecurityinsights.FusionAlertRule{
	// 								Name: to.Ptr("myFirstFusionRule"),
	// 								Type: to.Ptr("Microsoft.SecurityInsights/alertRules"),
	// 								ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/myFirstFusionRule"),
	// 								Etag: to.Ptr("\"25005c11-0000-0d00-0000-5d6cc0e20000\""),
	// 								Kind: to.Ptr(armsecurityinsights.AlertRuleKindFusion),
	// 								Properties: &armsecurityinsights.FusionAlertRuleProperties{
	// 									Description: to.Ptr("Microsoft Sentinel uses Fusion, a correlation engine based on scalable machine learning algorithms, to automatically detect multistage attacks by identifying combinations of anomalous behaviors and suspicious activities that are observed at various stages of the kill chain. On the basis of these discoveries, Azure Sentinel generates incidents that would otherwise be very difficult to catch. By design, these incidents are low-volume, high-fidelity, and high-severity, which is why this detection is turned ON by default.\n\nSince Fusion correlates multiple signals from various products to detect advanced multistage attacks, successful Fusion detections are presented as Fusion incidents on the Microsoft Sentinel Incidents page. This rule covers the following detections:\n- Fusion for emerging threats\n- Fusion for ransomware\n- Scenario-based Fusion detections (122 scenarios)\n\nTo enable these detections, we recommend you configure the following data connectors for best results:\n- Out-of-the-box anomaly detections\n- Azure Active Directory Identity Protection\n- Azure Defender\n- Azure Defender for IoT\n- Microsoft 365 Defender\n- Microsoft Cloud App Security    \n- Microsoft Defender for Endpoint\n- Microsoft Defender for Identity\n- Microsoft Defender for Office 365\n- Palo Alto Networks\n- Scheduled analytics rules, both built-in and those created by your security analysts. Analytics rules must contain kill-chain (tactics) and entity mapping information in order to be used by Fusion.\n\nFor the full description of each detection that is supported by Fusion, go to https://aka.ms/SentinelFusion."),
	// 									AlertRuleTemplateName: to.Ptr("f71aba3d-28fb-450b-b192-4e76a83015c8"),
	// 									DisplayName: to.Ptr("Advanced Multi-Stage Attack Detection"),
	// 									Enabled: to.Ptr(true),
	// 									LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-22T07:12:34.9065092Z"); return t}()),
	// 									Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 									SourceSettings: []*armsecurityinsights.FusionSourceSettings{
	// 										{
	// 											Enabled: to.Ptr(true),
	// 											SourceName: to.Ptr("Anomalies"),
	// 										},
	// 										{
	// 											Enabled: to.Ptr(true),
	// 											SourceName: to.Ptr("Alert providers"),
	// 											SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
	// 												{
	// 													Enabled: to.Ptr(true),
	// 													SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
	// 														Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 														}},
	// 														IsSupported: to.Ptr(true),
	// 													},
	// 													SourceSubTypeDisplayName: to.Ptr("Azure Active Directory Identity Protection"),
	// 													SourceSubTypeName: to.Ptr("Azure Active Directory Identity Protection"),
	// 												},
	// 												{
	// 													Enabled: to.Ptr(true),
	// 													SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
	// 														Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 														}},
	// 														IsSupported: to.Ptr(true),
	// 													},
	// 													SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Cloud"),
	// 													SourceSubTypeName: to.Ptr("Azure Defender"),
	// 												},
	// 												{
	// 													Enabled: to.Ptr(true),
	// 													SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
	// 														Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 														}},
	// 														IsSupported: to.Ptr(true),
	// 													},
	// 													SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for IoT"),
	// 													SourceSubTypeName: to.Ptr("Azure Defender for IoT"),
	// 												},
	// 												{
	// 													Enabled: to.Ptr(true),
	// 													SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
	// 														Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 														}},
	// 														IsSupported: to.Ptr(true),
	// 													},
	// 													SourceSubTypeDisplayName: to.Ptr("Microsoft 365 Defender"),
	// 													SourceSubTypeName: to.Ptr("Microsoft 365 Defender"),
	// 												},
	// 												{
	// 													Enabled: to.Ptr(true),
	// 													SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
	// 														Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 														}},
	// 														IsSupported: to.Ptr(true),
	// 													},
	// 													SourceSubTypeDisplayName: to.Ptr("Microsoft Cloud App Security"),
	// 													SourceSubTypeName: to.Ptr("Microsoft Cloud App Security"),
	// 												},
	// 												{
	// 													Enabled: to.Ptr(true),
	// 													SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
	// 														Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 														}},
	// 														IsSupported: to.Ptr(true),
	// 													},
	// 													SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Endpoint"),
	// 													SourceSubTypeName: to.Ptr("Microsoft Defender for Endpoint"),
	// 												},
	// 												{
	// 													Enabled: to.Ptr(true),
	// 													SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
	// 														Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 														}},
	// 														IsSupported: to.Ptr(true),
	// 													},
	// 													SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Identity"),
	// 													SourceSubTypeName: to.Ptr("Microsoft Defender for Identity"),
	// 												},
	// 												{
	// 													Enabled: to.Ptr(true),
	// 													SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
	// 														Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 														}},
	// 														IsSupported: to.Ptr(true),
	// 													},
	// 													SourceSubTypeDisplayName: to.Ptr("Microsoft Defender for Office 365"),
	// 													SourceSubTypeName: to.Ptr("Microsoft Defender for Office 365"),
	// 												},
	// 												{
	// 													Enabled: to.Ptr(true),
	// 													SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
	// 														Filters: []*armsecurityinsights.FusionSubTypeSeverityFiltersItem{
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityHigh),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
	// 															},
	// 															{
	// 																Enabled: to.Ptr(true),
	// 																Severity: to.Ptr(armsecurityinsights.AlertSeverityInformational),
	// 														}},
	// 														IsSupported: to.Ptr(true),
	// 													},
	// 													SourceSubTypeDisplayName: to.Ptr("Azure Sentinel scheduled analytics rules"),
	// 													SourceSubTypeName: to.Ptr("Azure Sentinel scheduled analytics rules"),
	// 											}},
	// 										},
	// 										{
	// 											Enabled: to.Ptr(true),
	// 											SourceName: to.Ptr("Raw logs from other sources"),
	// 											SourceSubTypes: []*armsecurityinsights.FusionSourceSubTypeSetting{
	// 												{
	// 													Enabled: to.Ptr(true),
	// 													SeverityFilters: &armsecurityinsights.FusionSubTypeSeverityFilter{
	// 														IsSupported: to.Ptr(false),
	// 													},
	// 													SourceSubTypeDisplayName: to.Ptr("Palo Alto Networks"),
	// 													SourceSubTypeName: to.Ptr("Palo Alto Networks"),
	// 											}},
	// 									}},
	// 									Tactics: []*armsecurityinsights.AttackTactic{
	// 										to.Ptr(armsecurityinsights.AttackTacticCollection),
	// 										to.Ptr(armsecurityinsights.AttackTacticCommandAndControl),
	// 										to.Ptr(armsecurityinsights.AttackTacticCredentialAccess),
	// 										to.Ptr(armsecurityinsights.AttackTacticDefenseEvasion),
	// 										to.Ptr(armsecurityinsights.AttackTacticDiscovery),
	// 										to.Ptr(armsecurityinsights.AttackTacticExecution),
	// 										to.Ptr(armsecurityinsights.AttackTacticExfiltration),
	// 										to.Ptr(armsecurityinsights.AttackTacticImpact),
	// 										to.Ptr(armsecurityinsights.AttackTacticInitialAccess),
	// 										to.Ptr(armsecurityinsights.AttackTacticLateralMovement),
	// 										to.Ptr(armsecurityinsights.AttackTacticPersistence),
	// 										to.Ptr(armsecurityinsights.AttackTacticPrivilegeEscalation)},
	// 									},
	// 							}},
	// 						}
}

Output:

type AlertRulesClientCreateOrUpdateOptions 

type AlertRulesClientCreateOrUpdateOptions struct {
}

AlertRulesClientCreateOrUpdateOptions contains the optional parameters for the AlertRulesClient.CreateOrUpdate method.

type AlertRulesClientCreateOrUpdateResponse 

type AlertRulesClientCreateOrUpdateResponse struct {
	AlertRuleClassification
}

AlertRulesClientCreateOrUpdateResponse contains the response from method AlertRulesClient.CreateOrUpdate.

func (*AlertRulesClientCreateOrUpdateResponse) UnmarshalJSON 

func (a *AlertRulesClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesClientCreateOrUpdateResponse.

type AlertRulesClientDeleteOptions 

type AlertRulesClientDeleteOptions struct {
}

AlertRulesClientDeleteOptions contains the optional parameters for the AlertRulesClient.Delete method.

type AlertRulesClientDeleteResponse 

type AlertRulesClientDeleteResponse struct {
}

AlertRulesClientDeleteResponse contains the response from method AlertRulesClient.Delete.

type AlertRulesClientGetOptions 

type AlertRulesClientGetOptions struct {
}

AlertRulesClientGetOptions contains the optional parameters for the AlertRulesClient.Get method.

type AlertRulesClientGetResponse 

type AlertRulesClientGetResponse struct {
	AlertRuleClassification
}

AlertRulesClientGetResponse contains the response from method AlertRulesClient.Get.

func (*AlertRulesClientGetResponse) UnmarshalJSON 

func (a *AlertRulesClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesClientGetResponse.

type AlertRulesClientListOptions 

type AlertRulesClientListOptions struct {
}

AlertRulesClientListOptions contains the optional parameters for the AlertRulesClient.NewListPager method.

type AlertRulesClientListResponse 

type AlertRulesClientListResponse struct {
	AlertRulesList
}

AlertRulesClientListResponse contains the response from method AlertRulesClient.NewListPager.

type AlertRulesList 

type AlertRulesList struct {
	// REQUIRED; Array of alert rules.
	Value []AlertRuleClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of alert rules.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

AlertRulesList - List all the alert rules.

func (AlertRulesList) MarshalJSON 

func (a AlertRulesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertRulesList.

func (*AlertRulesList) UnmarshalJSON 

func (a *AlertRulesList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertRulesList.

type AlertSeverity 

type AlertSeverity string

AlertSeverity - The severity of the alert 

const (
	// AlertSeverityHigh - High severity
	AlertSeverityHigh AlertSeverity = "High"
	// AlertSeverityInformational - Informational severity
	AlertSeverityInformational AlertSeverity = "Informational"
	// AlertSeverityLow - Low severity
	AlertSeverityLow AlertSeverity = "Low"
	// AlertSeverityMedium - Medium severity
	AlertSeverityMedium AlertSeverity = "Medium"
)

func PossibleAlertSeverityValues 

func PossibleAlertSeverityValues() []AlertSeverity

PossibleAlertSeverityValues returns the possible values for the AlertSeverity const type.

type AlertStatus 

type AlertStatus string

AlertStatus - The lifecycle status of the alert. 

const (
	// AlertStatusDismissed - Alert dismissed as false positive
	AlertStatusDismissed AlertStatus = "Dismissed"
	// AlertStatusInProgress - Alert is being handled
	AlertStatusInProgress AlertStatus = "InProgress"
	// AlertStatusNew - New alert
	AlertStatusNew AlertStatus = "New"
	// AlertStatusResolved - Alert closed after handling
	AlertStatusResolved AlertStatus = "Resolved"
	// AlertStatusUnknown - Unknown value
	AlertStatusUnknown AlertStatus = "Unknown"
)

func PossibleAlertStatusValues 

func PossibleAlertStatusValues() []AlertStatus

PossibleAlertStatusValues returns the possible values for the AlertStatus const type.

type AlertsDataTypeOfDataConnector 

type AlertsDataTypeOfDataConnector struct {
	// REQUIRED; Alerts data type connection.
	Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"`
}

AlertsDataTypeOfDataConnector - Alerts data type for data connectors.

func (AlertsDataTypeOfDataConnector) MarshalJSON 

func (a AlertsDataTypeOfDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AlertsDataTypeOfDataConnector.

func (*AlertsDataTypeOfDataConnector) UnmarshalJSON 

func (a *AlertsDataTypeOfDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AlertsDataTypeOfDataConnector.

type Anomalies 

type Anomalies struct {
	// REQUIRED; The kind of the setting
	Kind *SettingKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Anomalies properties
	Properties *AnomaliesSettingsProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Anomalies - Settings with single toggle.

func (*Anomalies) GetSettings 

func (a *Anomalies) GetSettings() *Settings

GetSettings implements the SettingsClassification interface for type Anomalies.

func (Anomalies) MarshalJSON 

func (a Anomalies) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Anomalies.

func (*Anomalies) UnmarshalJSON 

func (a *Anomalies) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Anomalies.

type AnomaliesSettingsProperties 

type AnomaliesSettingsProperties struct {
	// READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty" azure:"ro"`
}

AnomaliesSettingsProperties - Anomalies property bag.

func (AnomaliesSettingsProperties) MarshalJSON 

func (a AnomaliesSettingsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AnomaliesSettingsProperties.

func (*AnomaliesSettingsProperties) UnmarshalJSON 

func (a *AnomaliesSettingsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AnomaliesSettingsProperties.

type AnomalySecurityMLAnalyticsSettings 

type AnomalySecurityMLAnalyticsSettings struct {
	// REQUIRED; The kind of security ML Analytics Settings
	Kind *SecurityMLAnalyticsSettingsKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Anomaly Security ML Analytics Settings properties
	Properties *AnomalySecurityMLAnalyticsSettingsProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AnomalySecurityMLAnalyticsSettings - Represents Anomaly Security ML Analytics Settings

func (*AnomalySecurityMLAnalyticsSettings) GetSecurityMLAnalyticsSetting 

func (a *AnomalySecurityMLAnalyticsSettings) GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting

GetSecurityMLAnalyticsSetting implements the SecurityMLAnalyticsSettingClassification interface for type AnomalySecurityMLAnalyticsSettings.

func (AnomalySecurityMLAnalyticsSettings) MarshalJSON 

func (a AnomalySecurityMLAnalyticsSettings) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AnomalySecurityMLAnalyticsSettings.

func (*AnomalySecurityMLAnalyticsSettings) UnmarshalJSON 

func (a *AnomalySecurityMLAnalyticsSettings) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AnomalySecurityMLAnalyticsSettings.

type AnomalySecurityMLAnalyticsSettingsProperties 

type AnomalySecurityMLAnalyticsSettingsProperties struct {
	// REQUIRED; The anomaly version of the AnomalySecurityMLAnalyticsSettings.
	AnomalyVersion *string `json:"anomalyVersion,omitempty"`

	// REQUIRED; The display name for settings created by this SecurityMLAnalyticsSettings.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; Determines whether this settings is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; The frequency that this SecurityMLAnalyticsSettings will be run.
	Frequency *string `json:"frequency,omitempty"`

	// REQUIRED; Determines whether this anomaly security ml analytics settings is a default settings
	IsDefaultSettings *bool `json:"isDefaultSettings,omitempty"`

	// REQUIRED; The anomaly SecurityMLAnalyticsSettings status
	SettingsStatus *SettingsStatus `json:"settingsStatus,omitempty"`

	// The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated
	// or not.
	AnomalySettingsVersion *int32 `json:"anomalySettingsVersion,omitempty"`

	// The customizable observations of the AnomalySecurityMLAnalyticsSettings.
	CustomizableObservations any `json:"customizableObservations,omitempty"`

	// The description of the SecurityMLAnalyticsSettings.
	Description *string `json:"description,omitempty"`

	// The required data sources for this SecurityMLAnalyticsSettings
	RequiredDataConnectors []*SecurityMLAnalyticsSettingsDataSource `json:"requiredDataConnectors,omitempty"`

	// The anomaly settings definition Id
	SettingsDefinitionID *string `json:"settingsDefinitionId,omitempty"`

	// The tactics of the SecurityMLAnalyticsSettings
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The techniques of the SecurityMLAnalyticsSettings
	Techniques []*string `json:"techniques,omitempty"`

	// READ-ONLY; The last time that this SecurityMLAnalyticsSettings has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`
}

AnomalySecurityMLAnalyticsSettingsProperties - AnomalySecurityMLAnalytics settings base property bag.

func (AnomalySecurityMLAnalyticsSettingsProperties) MarshalJSON 

func (a AnomalySecurityMLAnalyticsSettingsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AnomalySecurityMLAnalyticsSettingsProperties.

func (*AnomalySecurityMLAnalyticsSettingsProperties) UnmarshalJSON 

func (a *AnomalySecurityMLAnalyticsSettingsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AnomalySecurityMLAnalyticsSettingsProperties.

type AnomalyTimelineItem 

type AnomalyTimelineItem struct {
	// REQUIRED; The anomaly azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`

	// REQUIRED; The anomaly name.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The anomaly end time.
	EndTimeUTC *time.Time `json:"endTimeUtc,omitempty"`

	// REQUIRED; The entity query kind type.
	Kind *EntityTimelineKind `json:"kind,omitempty"`

	// REQUIRED; The anomaly start time.
	StartTimeUTC *time.Time `json:"startTimeUtc,omitempty"`

	// REQUIRED; The anomaly generated time.
	TimeGenerated *time.Time `json:"timeGenerated,omitempty"`

	// The anomaly description.
	Description *string `json:"description,omitempty"`

	// The intent of the anomaly.
	Intent *string `json:"intent,omitempty"`

	// The anomaly product name.
	ProductName *string `json:"productName,omitempty"`

	// The reasons that cause the anomaly.
	Reasons []*string `json:"reasons,omitempty"`

	// The techniques of the anomaly.
	Techniques []*string `json:"techniques,omitempty"`

	// The name of the anomaly vendor.
	Vendor *string `json:"vendor,omitempty"`
}

AnomalyTimelineItem - Represents anomaly timeline item.

func (*AnomalyTimelineItem) GetEntityTimelineItem 

func (a *AnomalyTimelineItem) GetEntityTimelineItem() *EntityTimelineItem

GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type AnomalyTimelineItem.

func (AnomalyTimelineItem) MarshalJSON 

func (a AnomalyTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AnomalyTimelineItem.

func (*AnomalyTimelineItem) UnmarshalJSON 

func (a *AnomalyTimelineItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AnomalyTimelineItem.

type AntispamMailDirection 

type AntispamMailDirection string

AntispamMailDirection - The directionality of this mail message 

const (
	// AntispamMailDirectionInbound - Inbound
	AntispamMailDirectionInbound AntispamMailDirection = "Inbound"
	// AntispamMailDirectionIntraorg - Intraorg
	AntispamMailDirectionIntraorg AntispamMailDirection = "Intraorg"
	// AntispamMailDirectionOutbound - Outbound
	AntispamMailDirectionOutbound AntispamMailDirection = "Outbound"
	// AntispamMailDirectionUnknown - Unknown
	AntispamMailDirectionUnknown AntispamMailDirection = "Unknown"
)

func PossibleAntispamMailDirectionValues 

func PossibleAntispamMailDirectionValues() []AntispamMailDirection

PossibleAntispamMailDirectionValues returns the possible values for the AntispamMailDirection const type.

type AttackTactic 

type AttackTactic string

AttackTactic - The severity for alerts created by this alert rule. 

const (
	AttackTacticCollection              AttackTactic = "Collection"
	AttackTacticCommandAndControl       AttackTactic = "CommandAndControl"
	AttackTacticCredentialAccess        AttackTactic = "CredentialAccess"
	AttackTacticDefenseEvasion          AttackTactic = "DefenseEvasion"
	AttackTacticDiscovery               AttackTactic = "Discovery"
	AttackTacticExecution               AttackTactic = "Execution"
	AttackTacticExfiltration            AttackTactic = "Exfiltration"
	AttackTacticImpact                  AttackTactic = "Impact"
	AttackTacticImpairProcessControl    AttackTactic = "ImpairProcessControl"
	AttackTacticInhibitResponseFunction AttackTactic = "InhibitResponseFunction"
	AttackTacticInitialAccess           AttackTactic = "InitialAccess"
	AttackTacticLateralMovement         AttackTactic = "LateralMovement"
	AttackTacticPersistence             AttackTactic = "Persistence"
	AttackTacticPreAttack               AttackTactic = "PreAttack"
	AttackTacticPrivilegeEscalation     AttackTactic = "PrivilegeEscalation"
	AttackTacticReconnaissance          AttackTactic = "Reconnaissance"
	AttackTacticResourceDevelopment     AttackTactic = "ResourceDevelopment"
)

func PossibleAttackTacticValues 

func PossibleAttackTacticValues() []AttackTactic

PossibleAttackTacticValues returns the possible values for the AttackTactic const type.

type AutomationRule 

type AutomationRule struct {
	// REQUIRED; Automation rule properties
	Properties *AutomationRuleProperties `json:"properties,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

func (AutomationRule) MarshalJSON 

func (a AutomationRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRule.

func (*AutomationRule) UnmarshalJSON 

func (a *AutomationRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRule.

type AutomationRuleAction 

type AutomationRuleAction struct {
	// REQUIRED; The type of the automation rule action.
	ActionType *ActionType `json:"actionType,omitempty"`

	// REQUIRED
	Order *int32 `json:"order,omitempty"`
}

AutomationRuleAction - Describes an automation rule action.

func (*AutomationRuleAction) GetAutomationRuleAction 

func (a *AutomationRuleAction) GetAutomationRuleAction() *AutomationRuleAction

GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleAction.

func (AutomationRuleAction) MarshalJSON 

func (a AutomationRuleAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleAction.

func (*AutomationRuleAction) UnmarshalJSON 

func (a *AutomationRuleAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleAction.

type AutomationRuleActionClassification 

type AutomationRuleActionClassification interface {
	// GetAutomationRuleAction returns the AutomationRuleAction content of the underlying type.
	GetAutomationRuleAction() *AutomationRuleAction
}

AutomationRuleActionClassification provides polymorphic access to related types. Call the interface's GetAutomationRuleAction() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AutomationRuleAction, *AutomationRuleModifyPropertiesAction, *AutomationRuleRunPlaybookAction

type AutomationRuleBooleanCondition 

type AutomationRuleBooleanCondition struct {
	InnerConditions []AutomationRuleConditionClassification          `json:"innerConditions,omitempty"`
	Operator        *AutomationRuleBooleanConditionSupportedOperator `json:"operator,omitempty"`
}

func (AutomationRuleBooleanCondition) MarshalJSON 

func (a AutomationRuleBooleanCondition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleBooleanCondition.

func (*AutomationRuleBooleanCondition) UnmarshalJSON 

func (a *AutomationRuleBooleanCondition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleBooleanCondition.

type AutomationRuleBooleanConditionSupportedOperator 

type AutomationRuleBooleanConditionSupportedOperator string
const (
	// AutomationRuleBooleanConditionSupportedOperatorAnd - Evaluates as true if all the item conditions are evaluated as true
	AutomationRuleBooleanConditionSupportedOperatorAnd AutomationRuleBooleanConditionSupportedOperator = "And"
	// AutomationRuleBooleanConditionSupportedOperatorOr - Evaluates as true if at least one of the item conditions are evaluated
	// as true
	AutomationRuleBooleanConditionSupportedOperatorOr AutomationRuleBooleanConditionSupportedOperator = "Or"
)

func PossibleAutomationRuleBooleanConditionSupportedOperatorValues 

func PossibleAutomationRuleBooleanConditionSupportedOperatorValues() []AutomationRuleBooleanConditionSupportedOperator

PossibleAutomationRuleBooleanConditionSupportedOperatorValues returns the possible values for the AutomationRuleBooleanConditionSupportedOperator const type.

type AutomationRuleCondition 

type AutomationRuleCondition struct {
	// REQUIRED
	ConditionType *ConditionType `json:"conditionType,omitempty"`
}

AutomationRuleCondition - Describes an automation rule condition.

func (*AutomationRuleCondition) GetAutomationRuleCondition 

func (a *AutomationRuleCondition) GetAutomationRuleCondition() *AutomationRuleCondition

GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type AutomationRuleCondition.

func (AutomationRuleCondition) MarshalJSON 

func (a AutomationRuleCondition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleCondition.

func (*AutomationRuleCondition) UnmarshalJSON 

func (a *AutomationRuleCondition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleCondition.

type AutomationRuleConditionClassification 

type AutomationRuleConditionClassification interface {
	// GetAutomationRuleCondition returns the AutomationRuleCondition content of the underlying type.
	GetAutomationRuleCondition() *AutomationRuleCondition
}

AutomationRuleConditionClassification provides polymorphic access to related types. Call the interface's GetAutomationRuleCondition() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AutomationRuleCondition, *BooleanConditionProperties, *PropertyArrayChangedConditionProperties, *PropertyArrayConditionProperties, - *PropertyChangedConditionProperties, *PropertyConditionProperties

type AutomationRuleModifyPropertiesAction 

type AutomationRuleModifyPropertiesAction struct {
	// REQUIRED; The type of the automation rule action.
	ActionType *ActionType `json:"actionType,omitempty"`

	// REQUIRED
	Order               *int32                    `json:"order,omitempty"`
	ActionConfiguration *IncidentPropertiesAction `json:"actionConfiguration,omitempty"`
}

AutomationRuleModifyPropertiesAction - Describes an automation rule action to modify an object's properties

func (*AutomationRuleModifyPropertiesAction) GetAutomationRuleAction 

func (a *AutomationRuleModifyPropertiesAction) GetAutomationRuleAction() *AutomationRuleAction

GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleModifyPropertiesAction.

func (AutomationRuleModifyPropertiesAction) MarshalJSON 

func (a AutomationRuleModifyPropertiesAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleModifyPropertiesAction.

func (*AutomationRuleModifyPropertiesAction) UnmarshalJSON 

func (a *AutomationRuleModifyPropertiesAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleModifyPropertiesAction.

type AutomationRuleProperties 

type AutomationRuleProperties struct {
	// REQUIRED; The actions to execute when the automation rule is triggered.
	Actions []AutomationRuleActionClassification `json:"actions,omitempty"`

	// REQUIRED; The display name of the automation rule.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The order of execution of the automation rule.
	Order *int32 `json:"order,omitempty"`

	// REQUIRED; Describes automation rule triggering logic.
	TriggeringLogic *AutomationRuleTriggeringLogic `json:"triggeringLogic,omitempty"`

	// READ-ONLY; Information on the client (user or application) that made some action
	CreatedBy *ClientInfo `json:"createdBy,omitempty" azure:"ro"`

	// READ-ONLY; The time the automation rule was created.
	CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; Information on the client (user or application) that made some action
	LastModifiedBy *ClientInfo `json:"lastModifiedBy,omitempty" azure:"ro"`

	// READ-ONLY; The last time the automation rule was updated.
	LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"`
}

AutomationRuleProperties - Automation rule properties

func (AutomationRuleProperties) MarshalJSON 

func (a AutomationRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleProperties.

func (*AutomationRuleProperties) UnmarshalJSON 

func (a *AutomationRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleProperties.

type AutomationRulePropertyArrayChangedConditionSupportedArrayType 

type AutomationRulePropertyArrayChangedConditionSupportedArrayType string
const (
	// AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts - Evaluate the condition on the alerts
	AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Alerts"
	// AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments - Evaluate the condition on the comments
	AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Comments"
	// AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels - Evaluate the condition on the labels
	AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Labels"
	// AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics - Evaluate the condition on the tactics
	AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics AutomationRulePropertyArrayChangedConditionSupportedArrayType = "Tactics"
)

func PossibleAutomationRulePropertyArrayChangedConditionSupportedArrayTypeValues 

func PossibleAutomationRulePropertyArrayChangedConditionSupportedArrayTypeValues() []AutomationRulePropertyArrayChangedConditionSupportedArrayType

PossibleAutomationRulePropertyArrayChangedConditionSupportedArrayTypeValues returns the possible values for the AutomationRulePropertyArrayChangedConditionSupportedArrayType const type.

type AutomationRulePropertyArrayChangedConditionSupportedChangeType 

type AutomationRulePropertyArrayChangedConditionSupportedChangeType string
const (
	// AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded - Evaluate the condition on items added to the array
	AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded AutomationRulePropertyArrayChangedConditionSupportedChangeType = "Added"
)

func PossibleAutomationRulePropertyArrayChangedConditionSupportedChangeTypeValues 

func PossibleAutomationRulePropertyArrayChangedConditionSupportedChangeTypeValues() []AutomationRulePropertyArrayChangedConditionSupportedChangeType

PossibleAutomationRulePropertyArrayChangedConditionSupportedChangeTypeValues returns the possible values for the AutomationRulePropertyArrayChangedConditionSupportedChangeType const type.

type AutomationRulePropertyArrayChangedValuesCondition 

type AutomationRulePropertyArrayChangedValuesCondition struct {
	ArrayType  *AutomationRulePropertyArrayChangedConditionSupportedArrayType  `json:"arrayType,omitempty"`
	ChangeType *AutomationRulePropertyArrayChangedConditionSupportedChangeType `json:"changeType,omitempty"`
}

func (AutomationRulePropertyArrayChangedValuesCondition) MarshalJSON 

func (a AutomationRulePropertyArrayChangedValuesCondition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyArrayChangedValuesCondition.

func (*AutomationRulePropertyArrayChangedValuesCondition) UnmarshalJSON 

func (a *AutomationRulePropertyArrayChangedValuesCondition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyArrayChangedValuesCondition.

type AutomationRulePropertyArrayConditionSupportedArrayConditionType 

type AutomationRulePropertyArrayConditionSupportedArrayConditionType string
const (
	// AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem - Evaluate the condition as true if any item fulfills
	// it
	AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem AutomationRulePropertyArrayConditionSupportedArrayConditionType = "AnyItem"
)

func PossibleAutomationRulePropertyArrayConditionSupportedArrayConditionTypeValues 

func PossibleAutomationRulePropertyArrayConditionSupportedArrayConditionTypeValues() []AutomationRulePropertyArrayConditionSupportedArrayConditionType

PossibleAutomationRulePropertyArrayConditionSupportedArrayConditionTypeValues returns the possible values for the AutomationRulePropertyArrayConditionSupportedArrayConditionType const type.

type AutomationRulePropertyArrayConditionSupportedArrayType 

type AutomationRulePropertyArrayConditionSupportedArrayType string
const (
	// AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetailValues - Evaluate the condition on a custom detail's
	// values
	AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetailValues AutomationRulePropertyArrayConditionSupportedArrayType = "CustomDetailValues"
	// AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetails - Evaluate the condition on the custom detail keys
	AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetails AutomationRulePropertyArrayConditionSupportedArrayType = "CustomDetails"
)

func PossibleAutomationRulePropertyArrayConditionSupportedArrayTypeValues 

func PossibleAutomationRulePropertyArrayConditionSupportedArrayTypeValues() []AutomationRulePropertyArrayConditionSupportedArrayType

PossibleAutomationRulePropertyArrayConditionSupportedArrayTypeValues returns the possible values for the AutomationRulePropertyArrayConditionSupportedArrayType const type.

type AutomationRulePropertyArrayValuesCondition 

type AutomationRulePropertyArrayValuesCondition struct {
	ArrayConditionType *AutomationRulePropertyArrayConditionSupportedArrayConditionType `json:"arrayConditionType,omitempty"`
	ArrayType          *AutomationRulePropertyArrayConditionSupportedArrayType          `json:"arrayType,omitempty"`
	ItemConditions     []AutomationRuleConditionClassification                          `json:"itemConditions,omitempty"`
}

func (AutomationRulePropertyArrayValuesCondition) MarshalJSON 

func (a AutomationRulePropertyArrayValuesCondition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyArrayValuesCondition.

func (*AutomationRulePropertyArrayValuesCondition) UnmarshalJSON 

func (a *AutomationRulePropertyArrayValuesCondition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyArrayValuesCondition.

type AutomationRulePropertyChangedConditionSupportedChangedType 

type AutomationRulePropertyChangedConditionSupportedChangedType string
const (
	// AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom - Evaluate the condition on the previous value of
	// the property
	AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom AutomationRulePropertyChangedConditionSupportedChangedType = "ChangedFrom"
	// AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo - Evaluate the condition on the updated value of the
	// property
	AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo AutomationRulePropertyChangedConditionSupportedChangedType = "ChangedTo"
)

func PossibleAutomationRulePropertyChangedConditionSupportedChangedTypeValues 

func PossibleAutomationRulePropertyChangedConditionSupportedChangedTypeValues() []AutomationRulePropertyChangedConditionSupportedChangedType

PossibleAutomationRulePropertyChangedConditionSupportedChangedTypeValues returns the possible values for the AutomationRulePropertyChangedConditionSupportedChangedType const type.

type AutomationRulePropertyChangedConditionSupportedPropertyType 

type AutomationRulePropertyChangedConditionSupportedPropertyType string
const (
	// AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner - Evaluate the condition on the incident owner
	AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner AutomationRulePropertyChangedConditionSupportedPropertyType = "IncidentOwner"
	// AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity - Evaluate the condition on the incident severity
	AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity AutomationRulePropertyChangedConditionSupportedPropertyType = "IncidentSeverity"
	// AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus - Evaluate the condition on the incident status
	AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus AutomationRulePropertyChangedConditionSupportedPropertyType = "IncidentStatus"
)

func PossibleAutomationRulePropertyChangedConditionSupportedPropertyTypeValues 

func PossibleAutomationRulePropertyChangedConditionSupportedPropertyTypeValues() []AutomationRulePropertyChangedConditionSupportedPropertyType

PossibleAutomationRulePropertyChangedConditionSupportedPropertyTypeValues returns the possible values for the AutomationRulePropertyChangedConditionSupportedPropertyType const type.

type AutomationRulePropertyConditionSupportedOperator 

type AutomationRulePropertyConditionSupportedOperator string
const (
	// AutomationRulePropertyConditionSupportedOperatorContains - Evaluates if the property contains at least one of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorContains AutomationRulePropertyConditionSupportedOperator = "Contains"
	// AutomationRulePropertyConditionSupportedOperatorEndsWith - Evaluates if the property ends with any of the condition values
	AutomationRulePropertyConditionSupportedOperatorEndsWith AutomationRulePropertyConditionSupportedOperator = "EndsWith"
	// AutomationRulePropertyConditionSupportedOperatorEquals - Evaluates if the property equals at least one of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorEquals AutomationRulePropertyConditionSupportedOperator = "Equals"
	// AutomationRulePropertyConditionSupportedOperatorNotContains - Evaluates if the property does not contain any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorNotContains AutomationRulePropertyConditionSupportedOperator = "NotContains"
	// AutomationRulePropertyConditionSupportedOperatorNotEndsWith - Evaluates if the property does not end with any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorNotEndsWith AutomationRulePropertyConditionSupportedOperator = "NotEndsWith"
	// AutomationRulePropertyConditionSupportedOperatorNotEquals - Evaluates if the property does not equal any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorNotEquals AutomationRulePropertyConditionSupportedOperator = "NotEquals"
	// AutomationRulePropertyConditionSupportedOperatorNotStartsWith - Evaluates if the property does not start with any of the
	// condition values
	AutomationRulePropertyConditionSupportedOperatorNotStartsWith AutomationRulePropertyConditionSupportedOperator = "NotStartsWith"
	// AutomationRulePropertyConditionSupportedOperatorStartsWith - Evaluates if the property starts with any of the condition
	// values
	AutomationRulePropertyConditionSupportedOperatorStartsWith AutomationRulePropertyConditionSupportedOperator = "StartsWith"
)

func PossibleAutomationRulePropertyConditionSupportedOperatorValues 

func PossibleAutomationRulePropertyConditionSupportedOperatorValues() []AutomationRulePropertyConditionSupportedOperator

PossibleAutomationRulePropertyConditionSupportedOperatorValues returns the possible values for the AutomationRulePropertyConditionSupportedOperator const type.

type AutomationRulePropertyConditionSupportedProperty 

type AutomationRulePropertyConditionSupportedProperty string

AutomationRulePropertyConditionSupportedProperty - The property to evaluate in an automation rule property condition. 

const (
	// AutomationRulePropertyConditionSupportedPropertyAccountAADTenantID - The account Azure Active Directory tenant id
	AutomationRulePropertyConditionSupportedPropertyAccountAADTenantID AutomationRulePropertyConditionSupportedProperty = "AccountAadTenantId"
	// AutomationRulePropertyConditionSupportedPropertyAccountAADUserID - The account Azure Active Directory user id
	AutomationRulePropertyConditionSupportedPropertyAccountAADUserID AutomationRulePropertyConditionSupportedProperty = "AccountAadUserId"
	// AutomationRulePropertyConditionSupportedPropertyAccountNTDomain - The account NetBIOS domain name
	AutomationRulePropertyConditionSupportedPropertyAccountNTDomain AutomationRulePropertyConditionSupportedProperty = "AccountNTDomain"
	// AutomationRulePropertyConditionSupportedPropertyAccountName - The account name
	AutomationRulePropertyConditionSupportedPropertyAccountName AutomationRulePropertyConditionSupportedProperty = "AccountName"
	// AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID - The account unique identifier
	AutomationRulePropertyConditionSupportedPropertyAccountObjectGUID AutomationRulePropertyConditionSupportedProperty = "AccountObjectGuid"
	// AutomationRulePropertyConditionSupportedPropertyAccountPUID - The account Azure Active Directory Passport User ID
	AutomationRulePropertyConditionSupportedPropertyAccountPUID AutomationRulePropertyConditionSupportedProperty = "AccountPUID"
	// AutomationRulePropertyConditionSupportedPropertyAccountSid - The account security identifier
	AutomationRulePropertyConditionSupportedPropertyAccountSid AutomationRulePropertyConditionSupportedProperty = "AccountSid"
	// AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix - The account user principal name suffix
	AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix AutomationRulePropertyConditionSupportedProperty = "AccountUPNSuffix"
	// AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIDs - The analytic rule ids of the alert
	AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIDs AutomationRulePropertyConditionSupportedProperty = "AlertAnalyticRuleIds"
	// AutomationRulePropertyConditionSupportedPropertyAlertProductNames - The name of the product of the alert
	AutomationRulePropertyConditionSupportedPropertyAlertProductNames AutomationRulePropertyConditionSupportedProperty = "AlertProductNames"
	// AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID - The Azure resource id
	AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceID AutomationRulePropertyConditionSupportedProperty = "AzureResourceResourceId"
	// AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID - The Azure resource subscription id
	AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionID AutomationRulePropertyConditionSupportedProperty = "AzureResourceSubscriptionId"
	// AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID - The cloud application identifier
	AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppID AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppId"
	// AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName - The cloud application name
	AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName AutomationRulePropertyConditionSupportedProperty = "CloudApplicationAppName"
	// AutomationRulePropertyConditionSupportedPropertyDNSDomainName - The dns record domain name
	AutomationRulePropertyConditionSupportedPropertyDNSDomainName AutomationRulePropertyConditionSupportedProperty = "DNSDomainName"
	// AutomationRulePropertyConditionSupportedPropertyFileDirectory - The file directory full path
	AutomationRulePropertyConditionSupportedPropertyFileDirectory AutomationRulePropertyConditionSupportedProperty = "FileDirectory"
	// AutomationRulePropertyConditionSupportedPropertyFileHashValue - The file hash value
	AutomationRulePropertyConditionSupportedPropertyFileHashValue AutomationRulePropertyConditionSupportedProperty = "FileHashValue"
	// AutomationRulePropertyConditionSupportedPropertyFileName - The file name without path
	AutomationRulePropertyConditionSupportedPropertyFileName AutomationRulePropertyConditionSupportedProperty = "FileName"
	// AutomationRulePropertyConditionSupportedPropertyHostAzureID - The host Azure resource id
	AutomationRulePropertyConditionSupportedPropertyHostAzureID AutomationRulePropertyConditionSupportedProperty = "HostAzureID"
	// AutomationRulePropertyConditionSupportedPropertyHostNTDomain - The host NT domain
	AutomationRulePropertyConditionSupportedPropertyHostNTDomain AutomationRulePropertyConditionSupportedProperty = "HostNTDomain"
	// AutomationRulePropertyConditionSupportedPropertyHostName - The host name without domain
	AutomationRulePropertyConditionSupportedPropertyHostName AutomationRulePropertyConditionSupportedProperty = "HostName"
	// AutomationRulePropertyConditionSupportedPropertyHostNetBiosName - The host NetBIOS name
	AutomationRulePropertyConditionSupportedPropertyHostNetBiosName AutomationRulePropertyConditionSupportedProperty = "HostNetBiosName"
	// AutomationRulePropertyConditionSupportedPropertyHostOSVersion - The host operating system
	AutomationRulePropertyConditionSupportedPropertyHostOSVersion AutomationRulePropertyConditionSupportedProperty = "HostOSVersion"
	// AutomationRulePropertyConditionSupportedPropertyIPAddress - The IP address
	AutomationRulePropertyConditionSupportedPropertyIPAddress AutomationRulePropertyConditionSupportedProperty = "IPAddress"
	// AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsKey - The incident custom detail key
	AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsKey AutomationRulePropertyConditionSupportedProperty = "IncidentCustomDetailsKey"
	// AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsValue - The incident custom detail value
	AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsValue AutomationRulePropertyConditionSupportedProperty = "IncidentCustomDetailsValue"
	// AutomationRulePropertyConditionSupportedPropertyIncidentDescription - The description of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentDescription AutomationRulePropertyConditionSupportedProperty = "IncidentDescription"
	// AutomationRulePropertyConditionSupportedPropertyIncidentLabel - The labels of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentLabel AutomationRulePropertyConditionSupportedProperty = "IncidentLabel"
	// AutomationRulePropertyConditionSupportedPropertyIncidentProviderName - The provider name of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentProviderName AutomationRulePropertyConditionSupportedProperty = "IncidentProviderName"
	// AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs - The related Analytic rule ids of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIDs AutomationRulePropertyConditionSupportedProperty = "IncidentRelatedAnalyticRuleIds"
	// AutomationRulePropertyConditionSupportedPropertyIncidentSeverity - The severity of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentSeverity AutomationRulePropertyConditionSupportedProperty = "IncidentSeverity"
	// AutomationRulePropertyConditionSupportedPropertyIncidentStatus - The status of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentStatus AutomationRulePropertyConditionSupportedProperty = "IncidentStatus"
	// AutomationRulePropertyConditionSupportedPropertyIncidentTactics - The tactics of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentTactics AutomationRulePropertyConditionSupportedProperty = "IncidentTactics"
	// AutomationRulePropertyConditionSupportedPropertyIncidentTitle - The title of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentTitle AutomationRulePropertyConditionSupportedProperty = "IncidentTitle"
	// AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource - The update source of the incident
	AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource AutomationRulePropertyConditionSupportedProperty = "IncidentUpdatedBySource"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceID - "The IoT device id
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceID AutomationRulePropertyConditionSupportedProperty = "IoTDeviceId"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel - The IoT device model
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel AutomationRulePropertyConditionSupportedProperty = "IoTDeviceModel"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceName - The IoT device name
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceName AutomationRulePropertyConditionSupportedProperty = "IoTDeviceName"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem - The IoT device operating system
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem AutomationRulePropertyConditionSupportedProperty = "IoTDeviceOperatingSystem"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceType - The IoT device type
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceType AutomationRulePropertyConditionSupportedProperty = "IoTDeviceType"
	// AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor - The IoT device vendor
	AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor AutomationRulePropertyConditionSupportedProperty = "IoTDeviceVendor"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction - The mail message delivery action
	AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryAction"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation - The mail message delivery location
	AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation AutomationRulePropertyConditionSupportedProperty = "MailMessageDeliveryLocation"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender - The mail message P1 sender
	AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP1Sender"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender - The mail message P2 sender
	AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender AutomationRulePropertyConditionSupportedProperty = "MailMessageP2Sender"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient - The mail message recipient
	AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient AutomationRulePropertyConditionSupportedProperty = "MailMessageRecipient"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP - The mail message sender IP address
	AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP AutomationRulePropertyConditionSupportedProperty = "MailMessageSenderIP"
	// AutomationRulePropertyConditionSupportedPropertyMailMessageSubject - The mail message subject
	AutomationRulePropertyConditionSupportedPropertyMailMessageSubject AutomationRulePropertyConditionSupportedProperty = "MailMessageSubject"
	// AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName - The mailbox display name
	AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName AutomationRulePropertyConditionSupportedProperty = "MailboxDisplayName"
	// AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress - The mailbox primary address
	AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress AutomationRulePropertyConditionSupportedProperty = "MailboxPrimaryAddress"
	// AutomationRulePropertyConditionSupportedPropertyMailboxUPN - The mailbox user principal name
	AutomationRulePropertyConditionSupportedPropertyMailboxUPN AutomationRulePropertyConditionSupportedProperty = "MailboxUPN"
	// AutomationRulePropertyConditionSupportedPropertyMalwareCategory - The malware category
	AutomationRulePropertyConditionSupportedPropertyMalwareCategory AutomationRulePropertyConditionSupportedProperty = "MalwareCategory"
	// AutomationRulePropertyConditionSupportedPropertyMalwareName - The malware name
	AutomationRulePropertyConditionSupportedPropertyMalwareName AutomationRulePropertyConditionSupportedProperty = "MalwareName"
	// AutomationRulePropertyConditionSupportedPropertyProcessCommandLine - The process execution command line
	AutomationRulePropertyConditionSupportedPropertyProcessCommandLine AutomationRulePropertyConditionSupportedProperty = "ProcessCommandLine"
	// AutomationRulePropertyConditionSupportedPropertyProcessID - The process id
	AutomationRulePropertyConditionSupportedPropertyProcessID AutomationRulePropertyConditionSupportedProperty = "ProcessId"
	// AutomationRulePropertyConditionSupportedPropertyRegistryKey - The registry key path
	AutomationRulePropertyConditionSupportedPropertyRegistryKey AutomationRulePropertyConditionSupportedProperty = "RegistryKey"
	// AutomationRulePropertyConditionSupportedPropertyRegistryValueData - The registry key value in string formatted representation
	AutomationRulePropertyConditionSupportedPropertyRegistryValueData AutomationRulePropertyConditionSupportedProperty = "RegistryValueData"
	// AutomationRulePropertyConditionSupportedPropertyURL - The url
	AutomationRulePropertyConditionSupportedPropertyURL AutomationRulePropertyConditionSupportedProperty = "Url"
)

func PossibleAutomationRulePropertyConditionSupportedPropertyValues 

func PossibleAutomationRulePropertyConditionSupportedPropertyValues() []AutomationRulePropertyConditionSupportedProperty

PossibleAutomationRulePropertyConditionSupportedPropertyValues returns the possible values for the AutomationRulePropertyConditionSupportedProperty const type.

type AutomationRulePropertyValuesChangedCondition 

type AutomationRulePropertyValuesChangedCondition struct {
	ChangeType     *AutomationRulePropertyChangedConditionSupportedChangedType  `json:"changeType,omitempty"`
	Operator       *AutomationRulePropertyConditionSupportedOperator            `json:"operator,omitempty"`
	PropertyName   *AutomationRulePropertyChangedConditionSupportedPropertyType `json:"propertyName,omitempty"`
	PropertyValues []*string                                                    `json:"propertyValues,omitempty"`
}

func (AutomationRulePropertyValuesChangedCondition) MarshalJSON 

func (a AutomationRulePropertyValuesChangedCondition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesChangedCondition.

func (*AutomationRulePropertyValuesChangedCondition) UnmarshalJSON 

func (a *AutomationRulePropertyValuesChangedCondition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyValuesChangedCondition.

type AutomationRulePropertyValuesCondition 

type AutomationRulePropertyValuesCondition struct {
	Operator *AutomationRulePropertyConditionSupportedOperator `json:"operator,omitempty"`

	// The property to evaluate in an automation rule property condition.
	PropertyName   *AutomationRulePropertyConditionSupportedProperty `json:"propertyName,omitempty"`
	PropertyValues []*string                                         `json:"propertyValues,omitempty"`
}

func (AutomationRulePropertyValuesCondition) MarshalJSON 

func (a AutomationRulePropertyValuesCondition) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRulePropertyValuesCondition.

func (*AutomationRulePropertyValuesCondition) UnmarshalJSON 

func (a *AutomationRulePropertyValuesCondition) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulePropertyValuesCondition.

type AutomationRuleRunPlaybookAction 

type AutomationRuleRunPlaybookAction struct {
	// REQUIRED; The type of the automation rule action.
	ActionType *ActionType `json:"actionType,omitempty"`

	// REQUIRED
	Order               *int32                    `json:"order,omitempty"`
	ActionConfiguration *PlaybookActionProperties `json:"actionConfiguration,omitempty"`
}

AutomationRuleRunPlaybookAction - Describes an automation rule action to run a playbook

func (*AutomationRuleRunPlaybookAction) GetAutomationRuleAction 

func (a *AutomationRuleRunPlaybookAction) GetAutomationRuleAction() *AutomationRuleAction

GetAutomationRuleAction implements the AutomationRuleActionClassification interface for type AutomationRuleRunPlaybookAction.

func (AutomationRuleRunPlaybookAction) MarshalJSON 

func (a AutomationRuleRunPlaybookAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleRunPlaybookAction.

func (*AutomationRuleRunPlaybookAction) UnmarshalJSON 

func (a *AutomationRuleRunPlaybookAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleRunPlaybookAction.

type AutomationRuleTriggeringLogic 

type AutomationRuleTriggeringLogic struct {
	// REQUIRED; Determines whether the automation rule is enabled or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty"`

	// REQUIRED
	TriggersOn *TriggersOn `json:"triggersOn,omitempty"`

	// REQUIRED
	TriggersWhen *TriggersWhen `json:"triggersWhen,omitempty"`

	// The conditions to evaluate to determine if the automation rule should be triggered on a given object.
	Conditions []AutomationRuleConditionClassification `json:"conditions,omitempty"`

	// Determines when the automation rule should automatically expire and be disabled.
	ExpirationTimeUTC *time.Time `json:"expirationTimeUtc,omitempty"`
}

AutomationRuleTriggeringLogic - Describes automation rule triggering logic.

func (AutomationRuleTriggeringLogic) MarshalJSON 

func (a AutomationRuleTriggeringLogic) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRuleTriggeringLogic.

func (*AutomationRuleTriggeringLogic) UnmarshalJSON 

func (a *AutomationRuleTriggeringLogic) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRuleTriggeringLogic.

type AutomationRulesClient 

type AutomationRulesClient struct {
	// contains filtered or unexported fields
}

AutomationRulesClient contains the methods for the AutomationRules group. Don't use this type directly, use NewAutomationRulesClient() instead.

func NewAutomationRulesClient 

func NewAutomationRulesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*AutomationRulesClient, error)

NewAutomationRulesClient creates a new instance of AutomationRulesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*AutomationRulesClient) CreateOrUpdate 

func (client *AutomationRulesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, options *AutomationRulesClientCreateOrUpdateOptions) (AutomationRulesClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the automation rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • automationRuleID - Automation rule ID
  • options - AutomationRulesClientCreateOrUpdateOptions contains the optional parameters for the AutomationRulesClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/automationRules/AutomationRules_CreateOrUpdate.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationRulesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.AutomationRulesClientCreateOrUpdateOptions{AutomationRuleToUpsert: nil})
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.AutomationRule = armsecurityinsights.AutomationRule{
// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/automationRules"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.AutomationRuleProperties{
// 		Actions: []armsecurityinsights.AutomationRuleActionClassification{
// 			&armsecurityinsights.AutomationRuleRunPlaybookAction{
// 				ActionType: to.Ptr(armsecurityinsights.ActionTypeRunPlaybook),
// 				Order: to.Ptr[int32](1),
// 				ActionConfiguration: &armsecurityinsights.PlaybookActionProperties{
// 					LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/AlertPlaybook"),
// 					TenantID: to.Ptr("d23e3eef-eed0-428f-a2d5-bc48c268e31d"),
// 				},
// 		}},
// 		CreatedBy: &armsecurityinsights.ClientInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john.doe@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 			UserPrincipalName: to.Ptr("john@contoso.com"),
// 		},
// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:00Z"); return t}()),
// 		DisplayName: to.Ptr("Suspicious alerts in workspace"),
// 		LastModifiedBy: &armsecurityinsights.ClientInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john.doe@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 			UserPrincipalName: to.Ptr("john@contoso.com"),
// 		},
// 		LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30Z"); return t}()),
// 		Order: to.Ptr[int32](1),
// 		TriggeringLogic: &armsecurityinsights.AutomationRuleTriggeringLogic{
// 			Conditions: []armsecurityinsights.AutomationRuleConditionClassification{
// 				&armsecurityinsights.PropertyConditionProperties{
// 					ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty),
// 					ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{
// 						Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorContains),
// 						PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIDs),
// 						PropertyValues: []*string{
// 							to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
// 							to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")},
// 						},
// 				}},
// 				IsEnabled: to.Ptr(true),
// 				TriggersOn: to.Ptr(armsecurityinsights.TriggersOnAlerts),
// 				TriggersWhen: to.Ptr(armsecurityinsights.TriggersWhenCreated),
// 			},
// 		},
// 	}

Output:

func (*AutomationRulesClient) Delete 

func (client *AutomationRulesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, options *AutomationRulesClientDeleteOptions) (AutomationRulesClientDeleteResponse, error)

Delete - Delete the automation rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • automationRuleID - Automation rule ID
  • options - AutomationRulesClientDeleteOptions contains the optional parameters for the AutomationRulesClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/automationRules/AutomationRules_Delete.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationRulesClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Interface = map[string]any{
// }

Output:

func (*AutomationRulesClient) Get 

func (client *AutomationRulesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, automationRuleID string, options *AutomationRulesClientGetOptions) (AutomationRulesClientGetResponse, error)

Get - Gets the automation rule. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • automationRuleID - Automation rule ID
  • options - AutomationRulesClientGetOptions contains the optional parameters for the AutomationRulesClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/automationRules/AutomationRules_Get.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationRulesClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.AutomationRule = armsecurityinsights.AutomationRule{
// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/automationRules"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.AutomationRuleProperties{
// 		Actions: []armsecurityinsights.AutomationRuleActionClassification{
// 			&armsecurityinsights.AutomationRuleRunPlaybookAction{
// 				ActionType: to.Ptr(armsecurityinsights.ActionTypeRunPlaybook),
// 				Order: to.Ptr[int32](1),
// 				ActionConfiguration: &armsecurityinsights.PlaybookActionProperties{
// 					LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook"),
// 					TenantID: to.Ptr("d23e3eef-eed0-428f-a2d5-bc48c268e31d"),
// 				},
// 		}},
// 		CreatedBy: &armsecurityinsights.ClientInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john.doe@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 			UserPrincipalName: to.Ptr("john@contoso.com"),
// 		},
// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:00Z"); return t}()),
// 		DisplayName: to.Ptr("Suspicious alerts in workspace"),
// 		LastModifiedBy: &armsecurityinsights.ClientInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john.doe@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 			UserPrincipalName: to.Ptr("john@contoso.com"),
// 		},
// 		LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30Z"); return t}()),
// 		Order: to.Ptr[int32](1),
// 		TriggeringLogic: &armsecurityinsights.AutomationRuleTriggeringLogic{
// 			Conditions: []armsecurityinsights.AutomationRuleConditionClassification{
// 				&armsecurityinsights.BooleanConditionProperties{
// 					ConditionType: to.Ptr(armsecurityinsights.ConditionTypeBoolean),
// 					ConditionProperties: &armsecurityinsights.AutomationRuleBooleanCondition{
// 						InnerConditions: []armsecurityinsights.AutomationRuleConditionClassification{
// 							&armsecurityinsights.PropertyConditionProperties{
// 								ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty),
// 								ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{
// 									Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorEquals),
// 									PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyAccountName),
// 									PropertyValues: []*string{
// 										to.Ptr("Administrator")},
// 									},
// 								},
// 								&armsecurityinsights.PropertyConditionProperties{
// 									ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty),
// 									ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{
// 										Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorEquals),
// 										PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyHostName),
// 										PropertyValues: []*string{
// 											to.Ptr("MainServer")},
// 										},
// 								}},
// 								Operator: to.Ptr(armsecurityinsights.AutomationRuleBooleanConditionSupportedOperatorOr),
// 							},
// 						},
// 						&armsecurityinsights.PropertyArrayConditionProperties{
// 							ConditionType: to.Ptr(armsecurityinsights.ConditionTypePropertyArray),
// 							ConditionProperties: &armsecurityinsights.AutomationRulePropertyArrayValuesCondition{
// 								ArrayConditionType: to.Ptr(armsecurityinsights.AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem),
// 								ArrayType: to.Ptr(armsecurityinsights.AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetails),
// 								ItemConditions: []armsecurityinsights.AutomationRuleConditionClassification{
// 									&armsecurityinsights.PropertyConditionProperties{
// 										ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty),
// 										ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{
// 											Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorEquals),
// 											PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsKey),
// 											PropertyValues: []*string{
// 												to.Ptr("AlertTags")},
// 											},
// 										},
// 										&armsecurityinsights.PropertyArrayConditionProperties{
// 											ConditionType: to.Ptr(armsecurityinsights.ConditionTypePropertyArray),
// 											ConditionProperties: &armsecurityinsights.AutomationRulePropertyArrayValuesCondition{
// 												ArrayConditionType: to.Ptr(armsecurityinsights.AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem),
// 												ArrayType: to.Ptr(armsecurityinsights.AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetailValues),
// 												ItemConditions: []armsecurityinsights.AutomationRuleConditionClassification{
// 													&armsecurityinsights.PropertyConditionProperties{
// 														ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty),
// 														ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{
// 															Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorEquals),
// 															PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsValue),
// 															PropertyValues: []*string{
// 																to.Ptr("HighPriority")},
// 															},
// 													}},
// 												},
// 										}},
// 									},
// 							}},
// 							IsEnabled: to.Ptr(true),
// 							TriggersOn: to.Ptr(armsecurityinsights.TriggersOnIncidents),
// 							TriggersWhen: to.Ptr(armsecurityinsights.TriggersWhenCreated),
// 						},
// 					},
// 				}

Output:

func (*AutomationRulesClient) NewListPager 

func (client *AutomationRulesClient) NewListPager(resourceGroupName string, workspaceName string, options *AutomationRulesClientListOptions) *runtime.Pager[AutomationRulesClientListResponse]

NewListPager - Gets all automation rules.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - AutomationRulesClientListOptions contains the optional parameters for the AutomationRulesClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/automationRules/AutomationRules_List.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewAutomationRulesClient().NewListPager("myRg", "myWorkspace", nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.AutomationRulesList = armsecurityinsights.AutomationRulesList{
	// 	Value: []*armsecurityinsights.AutomationRule{
	// 		{
	// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/automationRules"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Properties: &armsecurityinsights.AutomationRuleProperties{
	// 				Actions: []armsecurityinsights.AutomationRuleActionClassification{
	// 					&armsecurityinsights.AutomationRuleRunPlaybookAction{
	// 						ActionType: to.Ptr(armsecurityinsights.ActionTypeRunPlaybook),
	// 						Order: to.Ptr[int32](1),
	// 						ActionConfiguration: &armsecurityinsights.PlaybookActionProperties{
	// 							LogicAppResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/AlertPlaybook"),
	// 							TenantID: to.Ptr("d23e3eef-eed0-428f-a2d5-bc48c268e31d"),
	// 						},
	// 				}},
	// 				CreatedBy: &armsecurityinsights.ClientInfo{
	// 					Name: to.Ptr("john doe"),
	// 					Email: to.Ptr("john.doe@contoso.com"),
	// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 					UserPrincipalName: to.Ptr("john@contoso.com"),
	// 				},
	// 				CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:00Z"); return t}()),
	// 				DisplayName: to.Ptr("Suspicious alerts in workspace"),
	// 				LastModifiedBy: &armsecurityinsights.ClientInfo{
	// 					Name: to.Ptr("john doe"),
	// 					Email: to.Ptr("john.doe@contoso.com"),
	// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 					UserPrincipalName: to.Ptr("john@contoso.com"),
	// 				},
	// 				LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30Z"); return t}()),
	// 				Order: to.Ptr[int32](1),
	// 				TriggeringLogic: &armsecurityinsights.AutomationRuleTriggeringLogic{
	// 					Conditions: []armsecurityinsights.AutomationRuleConditionClassification{
	// 						&armsecurityinsights.PropertyConditionProperties{
	// 							ConditionType: to.Ptr(armsecurityinsights.ConditionTypeProperty),
	// 							ConditionProperties: &armsecurityinsights.AutomationRulePropertyValuesCondition{
	// 								Operator: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedOperatorContains),
	// 								PropertyName: to.Ptr(armsecurityinsights.AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIDs),
	// 								PropertyValues: []*string{
	// 									to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
	// 									to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")},
	// 								},
	// 						}},
	// 						IsEnabled: to.Ptr(true),
	// 						TriggersOn: to.Ptr(armsecurityinsights.TriggersOnAlerts),
	// 						TriggersWhen: to.Ptr(armsecurityinsights.TriggersWhenCreated),
	// 					},
	// 				},
	// 		}},
	// 	}
}

Output:

type AutomationRulesClientCreateOrUpdateOptions 

type AutomationRulesClientCreateOrUpdateOptions struct {
	// The automation rule
	AutomationRuleToUpsert *AutomationRule
}

AutomationRulesClientCreateOrUpdateOptions contains the optional parameters for the AutomationRulesClient.CreateOrUpdate method.

type AutomationRulesClientCreateOrUpdateResponse 

type AutomationRulesClientCreateOrUpdateResponse struct {
	AutomationRule
}

AutomationRulesClientCreateOrUpdateResponse contains the response from method AutomationRulesClient.CreateOrUpdate.

type AutomationRulesClientDeleteOptions 

type AutomationRulesClientDeleteOptions struct {
}

AutomationRulesClientDeleteOptions contains the optional parameters for the AutomationRulesClient.Delete method.

type AutomationRulesClientDeleteResponse 

type AutomationRulesClientDeleteResponse struct {
	// Anything
	Interface any
}

AutomationRulesClientDeleteResponse contains the response from method AutomationRulesClient.Delete.

type AutomationRulesClientGetOptions 

type AutomationRulesClientGetOptions struct {
}

AutomationRulesClientGetOptions contains the optional parameters for the AutomationRulesClient.Get method.

type AutomationRulesClientGetResponse 

type AutomationRulesClientGetResponse struct {
	AutomationRule
}

AutomationRulesClientGetResponse contains the response from method AutomationRulesClient.Get.

type AutomationRulesClientListOptions 

type AutomationRulesClientListOptions struct {
}

AutomationRulesClientListOptions contains the optional parameters for the AutomationRulesClient.NewListPager method.

type AutomationRulesClientListResponse 

type AutomationRulesClientListResponse struct {
	AutomationRulesList
}

AutomationRulesClientListResponse contains the response from method AutomationRulesClient.NewListPager.

type AutomationRulesList 

type AutomationRulesList struct {
	NextLink *string           `json:"nextLink,omitempty"`
	Value    []*AutomationRule `json:"value,omitempty"`
}

func (AutomationRulesList) MarshalJSON 

func (a AutomationRulesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AutomationRulesList.

func (*AutomationRulesList) UnmarshalJSON 

func (a *AutomationRulesList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AutomationRulesList.

type Availability 

type Availability struct {
	// Set connector as preview
	IsPreview *bool `json:"isPreview,omitempty"`

	// The connector Availability Status
	Status *int32 `json:"status,omitempty"`
}

Availability - Connector Availability Status

func (Availability) MarshalJSON 

func (a Availability) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Availability.

func (*Availability) UnmarshalJSON 

func (a *Availability) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Availability.

type AwsCloudTrailCheckRequirements 

type AwsCloudTrailCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`
}

AwsCloudTrailCheckRequirements - Amazon Web Services CloudTrail requirements check request.

func (*AwsCloudTrailCheckRequirements) GetDataConnectorsCheckRequirements 

func (a *AwsCloudTrailCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AwsCloudTrailCheckRequirements.

func (AwsCloudTrailCheckRequirements) MarshalJSON 

func (a AwsCloudTrailCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailCheckRequirements.

func (*AwsCloudTrailCheckRequirements) UnmarshalJSON 

func (a *AwsCloudTrailCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailCheckRequirements.

type AwsCloudTrailDataConnector 

type AwsCloudTrailDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Amazon Web Services CloudTrail data connector properties.
	Properties *AwsCloudTrailDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AwsCloudTrailDataConnector - Represents Amazon Web Services CloudTrail data connector.

func (*AwsCloudTrailDataConnector) GetDataConnector 

func (a *AwsCloudTrailDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AwsCloudTrailDataConnector.

func (AwsCloudTrailDataConnector) MarshalJSON 

func (a AwsCloudTrailDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnector.

func (*AwsCloudTrailDataConnector) UnmarshalJSON 

func (a *AwsCloudTrailDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnector.

type AwsCloudTrailDataConnectorDataTypes 

type AwsCloudTrailDataConnectorDataTypes struct {
	// REQUIRED; Logs data type.
	Logs *AwsCloudTrailDataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsCloudTrailDataConnectorDataTypes - The available data types for Amazon Web Services CloudTrail data connector.

func (AwsCloudTrailDataConnectorDataTypes) MarshalJSON 

func (a AwsCloudTrailDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorDataTypes.

func (*AwsCloudTrailDataConnectorDataTypes) UnmarshalJSON 

func (a *AwsCloudTrailDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorDataTypes.

type AwsCloudTrailDataConnectorDataTypesLogs 

type AwsCloudTrailDataConnectorDataTypesLogs struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

AwsCloudTrailDataConnectorDataTypesLogs - Logs data type.

func (AwsCloudTrailDataConnectorDataTypesLogs) MarshalJSON 

func (a AwsCloudTrailDataConnectorDataTypesLogs) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorDataTypesLogs.

func (*AwsCloudTrailDataConnectorDataTypesLogs) UnmarshalJSON 

func (a *AwsCloudTrailDataConnectorDataTypesLogs) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorDataTypesLogs.

type AwsCloudTrailDataConnectorProperties 

type AwsCloudTrailDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *AwsCloudTrailDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access the Aws account.
	AwsRoleArn *string `json:"awsRoleArn,omitempty"`
}

AwsCloudTrailDataConnectorProperties - Amazon Web Services CloudTrail data connector properties.

func (AwsCloudTrailDataConnectorProperties) MarshalJSON 

func (a AwsCloudTrailDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsCloudTrailDataConnectorProperties.

func (*AwsCloudTrailDataConnectorProperties) UnmarshalJSON 

func (a *AwsCloudTrailDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsCloudTrailDataConnectorProperties.

type AwsS3CheckRequirements 

type AwsS3CheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`
}

AwsS3CheckRequirements - Amazon Web Services S3 requirements check request.

func (*AwsS3CheckRequirements) GetDataConnectorsCheckRequirements 

func (a *AwsS3CheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type AwsS3CheckRequirements.

func (AwsS3CheckRequirements) MarshalJSON 

func (a AwsS3CheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsS3CheckRequirements.

func (*AwsS3CheckRequirements) UnmarshalJSON 

func (a *AwsS3CheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3CheckRequirements.

type AwsS3DataConnector 

type AwsS3DataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Amazon Web Services S3 data connector properties.
	Properties *AwsS3DataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AwsS3DataConnector - Represents Amazon Web Services S3 data connector.

func (*AwsS3DataConnector) GetDataConnector 

func (a *AwsS3DataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type AwsS3DataConnector.

func (AwsS3DataConnector) MarshalJSON 

func (a AwsS3DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnector.

func (*AwsS3DataConnector) UnmarshalJSON 

func (a *AwsS3DataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnector.

type AwsS3DataConnectorDataTypes 

type AwsS3DataConnectorDataTypes struct {
	// REQUIRED; Logs data type.
	Logs *AwsS3DataConnectorDataTypesLogs `json:"logs,omitempty"`
}

AwsS3DataConnectorDataTypes - The available data types for Amazon Web Services S3 data connector.

func (AwsS3DataConnectorDataTypes) MarshalJSON 

func (a AwsS3DataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnectorDataTypes.

func (*AwsS3DataConnectorDataTypes) UnmarshalJSON 

func (a *AwsS3DataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnectorDataTypes.

type AwsS3DataConnectorDataTypesLogs 

type AwsS3DataConnectorDataTypesLogs struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

AwsS3DataConnectorDataTypesLogs - Logs data type.

func (AwsS3DataConnectorDataTypesLogs) MarshalJSON 

func (a AwsS3DataConnectorDataTypesLogs) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnectorDataTypesLogs.

func (*AwsS3DataConnectorDataTypesLogs) UnmarshalJSON 

func (a *AwsS3DataConnectorDataTypesLogs) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnectorDataTypesLogs.

type AwsS3DataConnectorProperties 

type AwsS3DataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *AwsS3DataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The logs destination table name in LogAnalytics.
	DestinationTable *string `json:"destinationTable,omitempty"`

	// REQUIRED; The Aws Role Arn that is used to access the Aws account.
	RoleArn *string `json:"roleArn,omitempty"`

	// REQUIRED; The AWS sqs urls for the connector.
	SqsUrls []*string `json:"sqsUrls,omitempty"`
}

AwsS3DataConnectorProperties - Amazon Web Services S3 data connector properties.

func (AwsS3DataConnectorProperties) MarshalJSON 

func (a AwsS3DataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AwsS3DataConnectorProperties.

func (*AwsS3DataConnectorProperties) UnmarshalJSON 

func (a *AwsS3DataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AwsS3DataConnectorProperties.

type AzureDevOpsResourceInfo 

type AzureDevOpsResourceInfo struct {
	// Id of the pipeline created for the source-control.
	PipelineID *string `json:"pipelineId,omitempty"`

	// Id of the service-connection created for the source-control.
	ServiceConnectionID *string `json:"serviceConnectionId,omitempty"`
}

AzureDevOpsResourceInfo - Resources created in Azure DevOps repository.

func (AzureDevOpsResourceInfo) MarshalJSON 

func (a AzureDevOpsResourceInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AzureDevOpsResourceInfo.

func (*AzureDevOpsResourceInfo) UnmarshalJSON 

func (a *AzureDevOpsResourceInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AzureDevOpsResourceInfo.

type AzureResourceEntity 

type AzureResourceEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// AzureResource entity properties
	Properties *AzureResourceEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

AzureResourceEntity - Represents an azure resource entity.

func (*AzureResourceEntity) GetEntity 

func (a *AzureResourceEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type AzureResourceEntity.

func (AzureResourceEntity) MarshalJSON 

func (a AzureResourceEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AzureResourceEntity.

func (*AzureResourceEntity) UnmarshalJSON 

func (a *AzureResourceEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntity.

type AzureResourceEntityProperties 

type AzureResourceEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The azure resource id of the resource
	ResourceID *string `json:"resourceId,omitempty" azure:"ro"`

	// READ-ONLY; The subscription id of the resource
	SubscriptionID *string `json:"subscriptionId,omitempty" azure:"ro"`
}

AzureResourceEntityProperties - AzureResource entity property bag.

func (AzureResourceEntityProperties) MarshalJSON 

func (a AzureResourceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type AzureResourceEntityProperties.

func (*AzureResourceEntityProperties) UnmarshalJSON 

func (a *AzureResourceEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type AzureResourceEntityProperties.

type Bookmark 

type Bookmark struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Bookmark properties
	Properties *BookmarkProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Bookmark - Represents a bookmark in Azure Security Insights.

func (Bookmark) MarshalJSON 

func (b Bookmark) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Bookmark.

func (*Bookmark) UnmarshalJSON 

func (b *Bookmark) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Bookmark.

type BookmarkClient 

type BookmarkClient struct {
	// contains filtered or unexported fields
}

BookmarkClient contains the methods for the Bookmark group. Don't use this type directly, use NewBookmarkClient() instead.

func NewBookmarkClient 

func NewBookmarkClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*BookmarkClient, error)

NewBookmarkClient creates a new instance of BookmarkClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*BookmarkClient) Expand 

func (client *BookmarkClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, parameters BookmarkExpandParameters, options *BookmarkClientExpandOptions) (BookmarkClientExpandResponse, error)

Expand - Expand an bookmark If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • parameters - The parameters required to execute an expand operation on the given bookmark.
  • options - BookmarkClientExpandOptions contains the optional parameters for the BookmarkClient.Expand method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/expand/PostExpandBookmark.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewBookmarkClient().Expand(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", armsecurityinsights.BookmarkExpandParameters{
	EndTime:     to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-24T17:21:00.000Z"); return t }()),
	ExpansionID: to.Ptr("27f76e63-c41b-480f-bb18-12ad2e011d49"),
	StartTime:   to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-25T17:21:00.000Z"); return t }()),
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.BookmarkExpandResponse = armsecurityinsights.BookmarkExpandResponse{
// 	MetaData: &armsecurityinsights.ExpansionResultsMetadata{
// 		Aggregations: []*armsecurityinsights.ExpansionResultAggregation{
// 			{
// 				Count: to.Ptr[int32](1),
// 				EntityKind: to.Ptr(armsecurityinsights.EntityKindAccount),
// 		}},
// 	},
// 	Value: &armsecurityinsights.BookmarkExpandResponseValue{
// 		Entities: []armsecurityinsights.EntityClassification{
// 			&armsecurityinsights.AccountEntity{
// 				Name: to.Ptr("fe4ddab5-8cea-eca3-c8b8-9e92e830a387"),
// 				Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 				ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fe4ddab5-8cea-eca3-c8b8-9e92e830a387"),
// 				Kind: to.Ptr(armsecurityinsights.EntityKindAccount),
// 				Properties: &armsecurityinsights.AccountEntityProperties{
// 					FriendlyName: to.Ptr("administrator"),
// 					AccountName: to.Ptr("administrator"),
// 					NtDomain: to.Ptr("domain"),
// 				},
// 		}},
// 	},
// }

Output:

type BookmarkClientExpandOptions 

type BookmarkClientExpandOptions struct {
}

BookmarkClientExpandOptions contains the optional parameters for the BookmarkClient.Expand method.

type BookmarkClientExpandResponse 

type BookmarkClientExpandResponse struct {
	BookmarkExpandResponse
}

BookmarkClientExpandResponse contains the response from method BookmarkClient.Expand.

type BookmarkEntityMappings 

type BookmarkEntityMappings struct {
	// The entity type
	EntityType *string `json:"entityType,omitempty"`

	// Array of fields mapping for that entity type
	FieldMappings []*EntityFieldMapping `json:"fieldMappings,omitempty"`
}

BookmarkEntityMappings - Describes the entity mappings of a single entity

func (BookmarkEntityMappings) MarshalJSON 

func (b BookmarkEntityMappings) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkEntityMappings.

func (*BookmarkEntityMappings) UnmarshalJSON 

func (b *BookmarkEntityMappings) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkEntityMappings.

type BookmarkExpandParameters 

type BookmarkExpandParameters struct {
	// The end date filter, so the only expansion results returned are before this date.
	EndTime *time.Time `json:"endTime,omitempty"`

	// The Id of the expansion to perform.
	ExpansionID *string `json:"expansionId,omitempty"`

	// The start date filter, so the only expansion results returned are after this date.
	StartTime *time.Time `json:"startTime,omitempty"`
}

BookmarkExpandParameters - The parameters required to execute an expand operation on the given bookmark.

func (BookmarkExpandParameters) MarshalJSON 

func (b BookmarkExpandParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkExpandParameters.

func (*BookmarkExpandParameters) UnmarshalJSON 

func (b *BookmarkExpandParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandParameters.

type BookmarkExpandResponse 

type BookmarkExpandResponse struct {
	// The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`

	// The expansion result values.
	Value *BookmarkExpandResponseValue `json:"value,omitempty"`
}

BookmarkExpandResponse - The entity expansion result operation response.

func (BookmarkExpandResponse) MarshalJSON 

func (b BookmarkExpandResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkExpandResponse.

func (*BookmarkExpandResponse) UnmarshalJSON 

func (b *BookmarkExpandResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandResponse.

type BookmarkExpandResponseValue 

type BookmarkExpandResponseValue struct {
	// Array of expansion result connected entities
	Edges []*ConnectedEntity `json:"edges,omitempty"`

	// Array of the expansion result entities.
	Entities []EntityClassification `json:"entities,omitempty"`
}

BookmarkExpandResponseValue - The expansion result values.

func (BookmarkExpandResponseValue) MarshalJSON 

func (b BookmarkExpandResponseValue) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkExpandResponseValue.

func (*BookmarkExpandResponseValue) UnmarshalJSON 

func (b *BookmarkExpandResponseValue) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkExpandResponseValue.

type BookmarkList 

type BookmarkList struct {
	// REQUIRED; Array of bookmarks.
	Value []*Bookmark `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of bookmarks.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

BookmarkList - List all the bookmarks.

func (BookmarkList) MarshalJSON 

func (b BookmarkList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkList.

func (*BookmarkList) UnmarshalJSON 

func (b *BookmarkList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkList.

type BookmarkProperties 

type BookmarkProperties struct {
	// REQUIRED; The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The query of the bookmark.
	Query *string `json:"query,omitempty"`

	// The time the bookmark was created
	Created *time.Time `json:"created,omitempty"`

	// Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`

	// Describes the entity mappings of the bookmark
	EntityMappings []*BookmarkEntityMappings `json:"entityMappings,omitempty"`

	// The bookmark event time
	EventTime *time.Time `json:"eventTime,omitempty"`

	// Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`

	// List of labels relevant to this bookmark
	Labels []*string `json:"labels,omitempty"`

	// The notes of the bookmark
	Notes *string `json:"notes,omitempty"`

	// The end time for the query
	QueryEndTime *time.Time `json:"queryEndTime,omitempty"`

	// The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`

	// The start time for the query
	QueryStartTime *time.Time `json:"queryStartTime,omitempty"`

	// A list of relevant mitre attacks
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// A list of relevant mitre techniques
	Techniques []*string `json:"techniques,omitempty"`

	// The last time the bookmark was updated
	Updated *time.Time `json:"updated,omitempty"`

	// Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`
}

BookmarkProperties - Describes bookmark properties

func (BookmarkProperties) MarshalJSON 

func (b BookmarkProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkProperties.

func (*BookmarkProperties) UnmarshalJSON 

func (b *BookmarkProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkProperties.

type BookmarkRelationsClient 

type BookmarkRelationsClient struct {
	// contains filtered or unexported fields
}

BookmarkRelationsClient contains the methods for the BookmarkRelations group. Don't use this type directly, use NewBookmarkRelationsClient() instead.

func NewBookmarkRelationsClient 

func NewBookmarkRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*BookmarkRelationsClient, error)

NewBookmarkRelationsClient creates a new instance of BookmarkRelationsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*BookmarkRelationsClient) CreateOrUpdate 

func (client *BookmarkRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, relation Relation, options *BookmarkRelationsClientCreateOrUpdateOptions) (BookmarkRelationsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates the bookmark relation. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • relationName - Relation Name
  • relation - The relation model
  • options - BookmarkRelationsClientCreateOrUpdateOptions contains the optional parameters for the BookmarkRelationsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/relations/CreateBookmarkRelation.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewBookmarkRelationsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "2216d0e1-91e3-4902-89fd-d2df8c535096", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", armsecurityinsights.Relation{
	Properties: &armsecurityinsights.RelationProperties{
		RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Relation = armsecurityinsights.Relation{
// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
// 	Properties: &armsecurityinsights.RelationProperties{
// 		RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812"),
// 		RelatedResourceName: to.Ptr("afbd324f-6c48-459c-8710-8d1e1cd03812"),
// 		RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/incidents"),
// 	},
// }

Output:

func (*BookmarkRelationsClient) Delete 

func (client *BookmarkRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientDeleteOptions) (BookmarkRelationsClientDeleteResponse, error)

Delete - Delete the bookmark relation. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • relationName - Relation Name
  • options - BookmarkRelationsClientDeleteOptions contains the optional parameters for the BookmarkRelationsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/relations/DeleteBookmarkRelation.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewBookmarkRelationsClient().Delete(ctx, "myRg", "myWorkspace", "2216d0e1-91e3-4902-89fd-d2df8c535096", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*BookmarkRelationsClient) Get 

func (client *BookmarkRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, relationName string, options *BookmarkRelationsClientGetOptions) (BookmarkRelationsClientGetResponse, error)

Get - Gets a bookmark relation. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • relationName - Relation Name
  • options - BookmarkRelationsClientGetOptions contains the optional parameters for the BookmarkRelationsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/relations/GetBookmarkRelationByName.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewBookmarkRelationsClient().Get(ctx, "myRg", "myWorkspace", "2216d0e1-91e3-4902-89fd-d2df8c535096", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Relation = armsecurityinsights.Relation{
// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
// 	Properties: &armsecurityinsights.RelationProperties{
// 		RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812"),
// 		RelatedResourceName: to.Ptr("afbd324f-6c48-459c-8710-8d1e1cd03812"),
// 		RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/incidents"),
// 	},
// }

Output:

func (*BookmarkRelationsClient) NewListPager 

func (client *BookmarkRelationsClient) NewListPager(resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarkRelationsClientListOptions) *runtime.Pager[BookmarkRelationsClientListResponse]

NewListPager - Gets all bookmark relations.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • options - BookmarkRelationsClientListOptions contains the optional parameters for the BookmarkRelationsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/relations/GetAllBookmarkRelations.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewBookmarkRelationsClient().NewListPager("myRg", "myWorkspace", "2216d0e1-91e3-4902-89fd-d2df8c535096", &armsecurityinsights.BookmarkRelationsClientListOptions{Filter: nil,
	Orderby:   nil,
	Top:       nil,
	SkipToken: nil,
})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.RelationList = armsecurityinsights.RelationList{
	// 	Value: []*armsecurityinsights.Relation{
	// 		{
	// 			Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 			Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
	// 			Properties: &armsecurityinsights.RelationProperties{
	// 				RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812"),
	// 				RelatedResourceName: to.Ptr("afbd324f-6c48-459c-8710-8d1e1cd03812"),
	// 				RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/incidents"),
	// 			},
	// 	}},
	// }
}

Output:

type BookmarkRelationsClientCreateOrUpdateOptions 

type BookmarkRelationsClientCreateOrUpdateOptions struct {
}

BookmarkRelationsClientCreateOrUpdateOptions contains the optional parameters for the BookmarkRelationsClient.CreateOrUpdate method.

type BookmarkRelationsClientCreateOrUpdateResponse 

type BookmarkRelationsClientCreateOrUpdateResponse struct {
	Relation
}

BookmarkRelationsClientCreateOrUpdateResponse contains the response from method BookmarkRelationsClient.CreateOrUpdate.

type BookmarkRelationsClientDeleteOptions 

type BookmarkRelationsClientDeleteOptions struct {
}

BookmarkRelationsClientDeleteOptions contains the optional parameters for the BookmarkRelationsClient.Delete method.

type BookmarkRelationsClientDeleteResponse 

type BookmarkRelationsClientDeleteResponse struct {
}

BookmarkRelationsClientDeleteResponse contains the response from method BookmarkRelationsClient.Delete.

type BookmarkRelationsClientGetOptions 

type BookmarkRelationsClientGetOptions struct {
}

BookmarkRelationsClientGetOptions contains the optional parameters for the BookmarkRelationsClient.Get method.

type BookmarkRelationsClientGetResponse 

type BookmarkRelationsClientGetResponse struct {
	Relation
}

BookmarkRelationsClientGetResponse contains the response from method BookmarkRelationsClient.Get.

type BookmarkRelationsClientListOptions 

type BookmarkRelationsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

BookmarkRelationsClientListOptions contains the optional parameters for the BookmarkRelationsClient.NewListPager method.

type BookmarkRelationsClientListResponse 

type BookmarkRelationsClientListResponse struct {
	RelationList
}

BookmarkRelationsClientListResponse contains the response from method BookmarkRelationsClient.NewListPager.

type BookmarkTimelineItem 

type BookmarkTimelineItem struct {
	// REQUIRED; The bookmark azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`

	// REQUIRED; The entity query kind type.
	Kind *EntityTimelineKind `json:"kind,omitempty"`

	// Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`

	// The bookmark display name.
	DisplayName *string `json:"displayName,omitempty"`

	// The bookmark end time.
	EndTimeUTC *time.Time `json:"endTimeUtc,omitempty"`

	// The bookmark event time.
	EventTime *time.Time `json:"eventTime,omitempty"`

	// List of labels relevant to this bookmark
	Labels []*string `json:"labels,omitempty"`

	// The notes of the bookmark
	Notes *string `json:"notes,omitempty"`

	// The bookmark start time.
	StartTimeUTC *time.Time `json:"startTimeUtc,omitempty"`
}

BookmarkTimelineItem - Represents bookmark timeline item.

func (*BookmarkTimelineItem) GetEntityTimelineItem 

func (b *BookmarkTimelineItem) GetEntityTimelineItem() *EntityTimelineItem

GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type BookmarkTimelineItem.

func (BookmarkTimelineItem) MarshalJSON 

func (b BookmarkTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BookmarkTimelineItem.

func (*BookmarkTimelineItem) UnmarshalJSON 

func (b *BookmarkTimelineItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BookmarkTimelineItem.

type BookmarksClient 

type BookmarksClient struct {
	// contains filtered or unexported fields
}

BookmarksClient contains the methods for the Bookmarks group. Don't use this type directly, use NewBookmarksClient() instead.

func NewBookmarksClient 

func NewBookmarksClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*BookmarksClient, error)

NewBookmarksClient creates a new instance of BookmarksClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*BookmarksClient) CreateOrUpdate 

func (client *BookmarksClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, bookmark Bookmark, options *BookmarksClientCreateOrUpdateOptions) (BookmarksClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the bookmark. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • bookmark - The bookmark
  • options - BookmarksClientCreateOrUpdateOptions contains the optional parameters for the BookmarksClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/CreateBookmark.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewBookmarksClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", armsecurityinsights.Bookmark{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Properties: &armsecurityinsights.BookmarkProperties{
		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t }()),
		CreatedBy: &armsecurityinsights.UserInfo{
			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		},
		DisplayName: to.Ptr("My bookmark"),
		EntityMappings: []*armsecurityinsights.BookmarkEntityMappings{
			{
				EntityType: to.Ptr("Account"),
				FieldMappings: []*armsecurityinsights.EntityFieldMapping{
					{
						Identifier: to.Ptr("Fullname"),
						Value:      to.Ptr("johndoe@microsoft.com"),
					}},
			}},
		Labels: []*string{
			to.Ptr("Tag1"),
			to.Ptr("Tag2")},
		Notes:       to.Ptr("Found a suspicious activity"),
		Query:       to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"),
		QueryResult: to.Ptr("Security Event query result"),
		Tactics: []*armsecurityinsights.AttackTactic{
			to.Ptr(armsecurityinsights.AttackTacticExecution)},
		Techniques: []*string{
			to.Ptr("T1609")},
		Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t }()),
		UpdatedBy: &armsecurityinsights.UserInfo{
			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Bookmark = armsecurityinsights.Bookmark{
// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.BookmarkProperties{
// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t}()),
// 		CreatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		DisplayName: to.Ptr("My bookmark"),
// 		EntityMappings: []*armsecurityinsights.BookmarkEntityMappings{
// 			{
// 				EntityType: to.Ptr("Account"),
// 				FieldMappings: []*armsecurityinsights.EntityFieldMapping{
// 					{
// 						Identifier: to.Ptr("Fullname"),
// 						Value: to.Ptr("johndoe@microsoft.com"),
// 				}},
// 		}},
// 		Labels: []*string{
// 			to.Ptr("Tag1"),
// 			to.Ptr("Tag2")},
// 			Notes: to.Ptr("Found a suspicious activity"),
// 			Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"),
// 			QueryResult: to.Ptr("Security Event query result"),
// 			Tactics: []*armsecurityinsights.AttackTactic{
// 				to.Ptr(armsecurityinsights.AttackTacticExecution)},
// 				Techniques: []*string{
// 					to.Ptr("T1609")},
// 					Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t}()),
// 					UpdatedBy: &armsecurityinsights.UserInfo{
// 						Name: to.Ptr("john doe"),
// 						Email: to.Ptr("john@contoso.com"),
// 						ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 					},
// 				},
// 			}

Output:

func (*BookmarksClient) Delete 

func (client *BookmarksClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarksClientDeleteOptions) (BookmarksClientDeleteResponse, error)

Delete - Delete the bookmark. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • options - BookmarksClientDeleteOptions contains the optional parameters for the BookmarksClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/DeleteBookmark.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewBookmarksClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*BookmarksClient) Get 

func (client *BookmarksClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, bookmarkID string, options *BookmarksClientGetOptions) (BookmarksClientGetResponse, error)

Get - Gets a bookmark. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • bookmarkID - Bookmark ID
  • options - BookmarksClientGetOptions contains the optional parameters for the BookmarksClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/GetBookmarkById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewBookmarksClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Bookmark = armsecurityinsights.Bookmark{
// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.BookmarkProperties{
// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t}()),
// 		CreatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		DisplayName: to.Ptr("My bookmark"),
// 		EntityMappings: []*armsecurityinsights.BookmarkEntityMappings{
// 			{
// 				EntityType: to.Ptr("Account"),
// 				FieldMappings: []*armsecurityinsights.EntityFieldMapping{
// 					{
// 						Identifier: to.Ptr("Fullname"),
// 						Value: to.Ptr("johndoe@microsoft.com"),
// 				}},
// 		}},
// 		IncidentInfo: &armsecurityinsights.IncidentInfo{
// 			IncidentID: to.Ptr("DDA55F97-170B-40B9-B8ED-CBFD05481E7D"),
// 			RelationName: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018"),
// 			Severity: to.Ptr(armsecurityinsights.IncidentSeverityLow),
// 			Title: to.Ptr("New case 1"),
// 		},
// 		Labels: []*string{
// 			to.Ptr("Tag1"),
// 			to.Ptr("Tag2")},
// 			Notes: to.Ptr("Found a suspicious activity"),
// 			Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"),
// 			QueryResult: to.Ptr("Security Event query result"),
// 			Tactics: []*armsecurityinsights.AttackTactic{
// 				to.Ptr(armsecurityinsights.AttackTacticExecution)},
// 				Techniques: []*string{
// 					to.Ptr("T1609")},
// 					Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t}()),
// 					UpdatedBy: &armsecurityinsights.UserInfo{
// 						Name: to.Ptr("john doe"),
// 						Email: to.Ptr("john@contoso.com"),
// 						ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 					},
// 				},
// 			}

Output:

func (*BookmarksClient) NewListPager 

func (client *BookmarksClient) NewListPager(resourceGroupName string, workspaceName string, options *BookmarksClientListOptions) *runtime.Pager[BookmarksClientListResponse]

NewListPager - Gets all bookmarks.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - BookmarksClientListOptions contains the optional parameters for the BookmarksClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/bookmarks/GetBookmarks.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewBookmarksClient().NewListPager("myRg", "myWorkspace", nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.BookmarkList = armsecurityinsights.BookmarkList{
	// 	Value: []*armsecurityinsights.Bookmark{
	// 		{
	// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Properties: &armsecurityinsights.BookmarkProperties{
	// 				Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t}()),
	// 				CreatedBy: &armsecurityinsights.UserInfo{
	// 					Name: to.Ptr("john doe"),
	// 					Email: to.Ptr("john@contoso.com"),
	// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 				},
	// 				DisplayName: to.Ptr("My bookmark"),
	// 				EntityMappings: []*armsecurityinsights.BookmarkEntityMappings{
	// 					{
	// 						EntityType: to.Ptr("Account"),
	// 						FieldMappings: []*armsecurityinsights.EntityFieldMapping{
	// 							{
	// 								Identifier: to.Ptr("Fullname"),
	// 								Value: to.Ptr("johndoe@microsoft.com"),
	// 						}},
	// 				}},
	// 				IncidentInfo: &armsecurityinsights.IncidentInfo{
	// 					IncidentID: to.Ptr("DDA55F97-170B-40B9-B8ED-CBFD05481E7D"),
	// 					RelationName: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0018"),
	// 					Severity: to.Ptr(armsecurityinsights.IncidentSeverityLow),
	// 					Title: to.Ptr("New case 1"),
	// 				},
	// 				Labels: []*string{
	// 					to.Ptr("Tag1"),
	// 					to.Ptr("Tag2")},
	// 					Notes: to.Ptr("Found a suspicious activity"),
	// 					Query: to.Ptr("SecurityEvent | where TimeGenerated > ago(1d) and TimeGenerated < ago(2d)"),
	// 					QueryResult: to.Ptr("Security Event query result"),
	// 					Tactics: []*armsecurityinsights.AttackTactic{
	// 						to.Ptr(armsecurityinsights.AttackTacticExecution)},
	// 						Techniques: []*string{
	// 							to.Ptr("T1609")},
	// 							Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:15:30Z"); return t}()),
	// 							UpdatedBy: &armsecurityinsights.UserInfo{
	// 								Name: to.Ptr("john doe"),
	// 								Email: to.Ptr("john@contoso.com"),
	// 								ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 							},
	// 						},
	// 				}},
	// 			}
}

Output:

type BookmarksClientCreateOrUpdateOptions 

type BookmarksClientCreateOrUpdateOptions struct {
}

BookmarksClientCreateOrUpdateOptions contains the optional parameters for the BookmarksClient.CreateOrUpdate method.

type BookmarksClientCreateOrUpdateResponse 

type BookmarksClientCreateOrUpdateResponse struct {
	Bookmark
}

BookmarksClientCreateOrUpdateResponse contains the response from method BookmarksClient.CreateOrUpdate.

type BookmarksClientDeleteOptions 

type BookmarksClientDeleteOptions struct {
}

BookmarksClientDeleteOptions contains the optional parameters for the BookmarksClient.Delete method.

type BookmarksClientDeleteResponse 

type BookmarksClientDeleteResponse struct {
}

BookmarksClientDeleteResponse contains the response from method BookmarksClient.Delete.

type BookmarksClientGetOptions 

type BookmarksClientGetOptions struct {
}

BookmarksClientGetOptions contains the optional parameters for the BookmarksClient.Get method.

type BookmarksClientGetResponse 

type BookmarksClientGetResponse struct {
	Bookmark
}

BookmarksClientGetResponse contains the response from method BookmarksClient.Get.

type BookmarksClientListOptions 

type BookmarksClientListOptions struct {
}

BookmarksClientListOptions contains the optional parameters for the BookmarksClient.NewListPager method.

type BookmarksClientListResponse 

type BookmarksClientListResponse struct {
	BookmarkList
}

BookmarksClientListResponse contains the response from method BookmarksClient.NewListPager.

type BooleanConditionProperties 

type BooleanConditionProperties struct {
	// REQUIRED
	ConditionType       *ConditionType                  `json:"conditionType,omitempty"`
	ConditionProperties *AutomationRuleBooleanCondition `json:"conditionProperties,omitempty"`
}

BooleanConditionProperties - Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions

func (*BooleanConditionProperties) GetAutomationRuleCondition 

func (b *BooleanConditionProperties) GetAutomationRuleCondition() *AutomationRuleCondition

GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type BooleanConditionProperties.

func (BooleanConditionProperties) MarshalJSON 

func (b BooleanConditionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type BooleanConditionProperties.

func (*BooleanConditionProperties) UnmarshalJSON 

func (b *BooleanConditionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type BooleanConditionProperties.

type ClientFactory 

type ClientFactory struct {
	// contains filtered or unexported fields
}

ClientFactory is a client factory used to create any client in this module. Don't use this type directly, use NewClientFactory instead.

func NewClientFactory 

func NewClientFactory(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ClientFactory, error)

NewClientFactory creates a new instance of ClientFactory with the specified values. The parameter values will be propagated to any client created from this factory.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ClientFactory) NewActionsClient 

func (c *ClientFactory) NewActionsClient() *ActionsClient

func (*ClientFactory) NewAlertRuleTemplatesClient 

func (c *ClientFactory) NewAlertRuleTemplatesClient() *AlertRuleTemplatesClient

func (*ClientFactory) NewAlertRulesClient 

func (c *ClientFactory) NewAlertRulesClient() *AlertRulesClient

func (*ClientFactory) NewAutomationRulesClient 

func (c *ClientFactory) NewAutomationRulesClient() *AutomationRulesClient

func (*ClientFactory) NewBookmarkClient 

func (c *ClientFactory) NewBookmarkClient() *BookmarkClient

func (*ClientFactory) NewBookmarkRelationsClient 

func (c *ClientFactory) NewBookmarkRelationsClient() *BookmarkRelationsClient

func (*ClientFactory) NewBookmarksClient 

func (c *ClientFactory) NewBookmarksClient() *BookmarksClient

func (*ClientFactory) NewDataConnectorsCheckRequirementsClient 

func (c *ClientFactory) NewDataConnectorsCheckRequirementsClient() *DataConnectorsCheckRequirementsClient

func (*ClientFactory) NewDataConnectorsClient 

func (c *ClientFactory) NewDataConnectorsClient() *DataConnectorsClient

func (*ClientFactory) NewDomainWhoisClient 

func (c *ClientFactory) NewDomainWhoisClient() *DomainWhoisClient

func (*ClientFactory) NewEntitiesClient 

func (c *ClientFactory) NewEntitiesClient() *EntitiesClient

func (*ClientFactory) NewEntitiesGetTimelineClient 

func (c *ClientFactory) NewEntitiesGetTimelineClient() *EntitiesGetTimelineClient

func (*ClientFactory) NewEntitiesRelationsClient 

func (c *ClientFactory) NewEntitiesRelationsClient() *EntitiesRelationsClient

func (*ClientFactory) NewEntityQueriesClient 

func (c *ClientFactory) NewEntityQueriesClient() *EntityQueriesClient

func (*ClientFactory) NewEntityQueryTemplatesClient 

func (c *ClientFactory) NewEntityQueryTemplatesClient() *EntityQueryTemplatesClient

func (*ClientFactory) NewEntityRelationsClient 

func (c *ClientFactory) NewEntityRelationsClient() *EntityRelationsClient

func (*ClientFactory) NewFileImportsClient 

func (c *ClientFactory) NewFileImportsClient() *FileImportsClient

func (*ClientFactory) NewIPGeodataClient 

func (c *ClientFactory) NewIPGeodataClient() *IPGeodataClient

func (*ClientFactory) NewIncidentCommentsClient 

func (c *ClientFactory) NewIncidentCommentsClient() *IncidentCommentsClient

func (*ClientFactory) NewIncidentRelationsClient 

func (c *ClientFactory) NewIncidentRelationsClient() *IncidentRelationsClient

func (*ClientFactory) NewIncidentsClient 

func (c *ClientFactory) NewIncidentsClient() *IncidentsClient

func (*ClientFactory) NewMetadataClient 

func (c *ClientFactory) NewMetadataClient() *MetadataClient

func (*ClientFactory) NewOfficeConsentsClient 

func (c *ClientFactory) NewOfficeConsentsClient() *OfficeConsentsClient

func (*ClientFactory) NewOperationsClient 

func (c *ClientFactory) NewOperationsClient() *OperationsClient

func (*ClientFactory) NewProductSettingsClient 

func (c *ClientFactory) NewProductSettingsClient() *ProductSettingsClient

func (*ClientFactory) NewSecurityMLAnalyticsSettingsClient 

func (c *ClientFactory) NewSecurityMLAnalyticsSettingsClient() *SecurityMLAnalyticsSettingsClient

func (*ClientFactory) NewSentinelOnboardingStatesClient 

func (c *ClientFactory) NewSentinelOnboardingStatesClient() *SentinelOnboardingStatesClient

func (*ClientFactory) NewSourceControlClient 

func (c *ClientFactory) NewSourceControlClient() *SourceControlClient

func (*ClientFactory) NewSourceControlsClient 

func (c *ClientFactory) NewSourceControlsClient() *SourceControlsClient

func (*ClientFactory) NewThreatIntelligenceIndicatorClient 

func (c *ClientFactory) NewThreatIntelligenceIndicatorClient() *ThreatIntelligenceIndicatorClient

func (*ClientFactory) NewThreatIntelligenceIndicatorMetricsClient 

func (c *ClientFactory) NewThreatIntelligenceIndicatorMetricsClient() *ThreatIntelligenceIndicatorMetricsClient

func (*ClientFactory) NewThreatIntelligenceIndicatorsClient 

func (c *ClientFactory) NewThreatIntelligenceIndicatorsClient() *ThreatIntelligenceIndicatorsClient

func (*ClientFactory) NewWatchlistItemsClient 

func (c *ClientFactory) NewWatchlistItemsClient() *WatchlistItemsClient

func (*ClientFactory) NewWatchlistsClient 

func (c *ClientFactory) NewWatchlistsClient() *WatchlistsClient

type ClientInfo 

type ClientInfo struct {
	// The email of the client.
	Email *string `json:"email,omitempty"`

	// The name of the client.
	Name *string `json:"name,omitempty"`

	// The object id of the client.
	ObjectID *string `json:"objectId,omitempty"`

	// The user principal name of the client.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
}

ClientInfo - Information on the client (user or application) that made some action

func (ClientInfo) MarshalJSON 

func (c ClientInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ClientInfo.

func (*ClientInfo) UnmarshalJSON 

func (c *ClientInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ClientInfo.

type CloudApplicationEntity 

type CloudApplicationEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// CloudApplication entity properties
	Properties *CloudApplicationEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

CloudApplicationEntity - Represents a cloud application entity.

func (*CloudApplicationEntity) GetEntity 

func (c *CloudApplicationEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type CloudApplicationEntity.

func (CloudApplicationEntity) MarshalJSON 

func (c CloudApplicationEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntity.

func (*CloudApplicationEntity) UnmarshalJSON 

func (c *CloudApplicationEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntity.

type CloudApplicationEntityProperties 

type CloudApplicationEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The technical identifier of the application.
	AppID *int32 `json:"appId,omitempty" azure:"ro"`

	// READ-ONLY; The name of the related cloud application.
	AppName *string `json:"appName,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The user defined instance name of the cloud application. It is often used to distinguish between several applications
	// of the same type that a customer has.
	InstanceName *string `json:"instanceName,omitempty" azure:"ro"`
}

CloudApplicationEntityProperties - CloudApplication entity property bag.

func (CloudApplicationEntityProperties) MarshalJSON 

func (c CloudApplicationEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CloudApplicationEntityProperties.

func (*CloudApplicationEntityProperties) UnmarshalJSON 

func (c *CloudApplicationEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CloudApplicationEntityProperties.

type CodelessAPIPollingDataConnector 

type CodelessAPIPollingDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Codeless poling data connector properties
	Properties *APIPollingParameters `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

CodelessAPIPollingDataConnector - Represents Codeless API Polling data connector.

func (*CodelessAPIPollingDataConnector) GetDataConnector 

func (c *CodelessAPIPollingDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type CodelessAPIPollingDataConnector.

func (CodelessAPIPollingDataConnector) MarshalJSON 

func (c CodelessAPIPollingDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessAPIPollingDataConnector.

func (*CodelessAPIPollingDataConnector) UnmarshalJSON 

func (c *CodelessAPIPollingDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessAPIPollingDataConnector.

type CodelessConnectorPollingAuthProperties 

type CodelessConnectorPollingAuthProperties struct {
	// REQUIRED; The authentication type
	AuthType *string `json:"authType,omitempty"`

	// A prefix send in the header before the actual token
	APIKeyIdentifier *string `json:"apiKeyIdentifier,omitempty"`

	// The header name which the token is sent with
	APIKeyName *string `json:"apiKeyName,omitempty"`

	// The endpoint used to authorize the user, used in Oauth 2.0 flow
	AuthorizationEndpoint *string `json:"authorizationEndpoint,omitempty"`

	// The query parameters used in authorization request, used in Oauth 2.0 flow
	AuthorizationEndpointQueryParameters any `json:"authorizationEndpointQueryParameters,omitempty"`

	// Describes the flow name, for example 'AuthCode' for Oauth 2.0
	FlowName *string `json:"flowName,omitempty"`

	// Marks if the key should sent in header
	IsAPIKeyInPostPayload *string `json:"isApiKeyInPostPayload,omitempty"`

	// Marks if we should send the client secret in header or payload, used in Oauth 2.0 flow
	IsClientSecretInHeader *bool `json:"isClientSecretInHeader,omitempty"`

	// The redirect endpoint where we will get the authorization code, used in Oauth 2.0 flow
	RedirectionEndpoint *string `json:"redirectionEndpoint,omitempty"`

	// The OAuth token scope
	Scope *string `json:"scope,omitempty"`

	// The endpoint used to issue a token, used in Oauth 2.0 flow
	TokenEndpoint *string `json:"tokenEndpoint,omitempty"`

	// The query headers used in token request, used in Oauth 2.0 flow
	TokenEndpointHeaders any `json:"tokenEndpointHeaders,omitempty"`

	// The query parameters used in token request, used in Oauth 2.0 flow
	TokenEndpointQueryParameters any `json:"tokenEndpointQueryParameters,omitempty"`
}

CodelessConnectorPollingAuthProperties - Describe the authentication properties needed to successfully authenticate with the server

func (CodelessConnectorPollingAuthProperties) MarshalJSON 

func (c CodelessConnectorPollingAuthProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingAuthProperties.

func (*CodelessConnectorPollingAuthProperties) UnmarshalJSON 

func (c *CodelessConnectorPollingAuthProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessConnectorPollingAuthProperties.

type CodelessConnectorPollingConfigProperties 

type CodelessConnectorPollingConfigProperties struct {
	// REQUIRED; Describe the authentication type of the poller
	Auth *CodelessConnectorPollingAuthProperties `json:"auth,omitempty"`

	// REQUIRED; Describe the poll request config parameters of the poller
	Request *CodelessConnectorPollingRequestProperties `json:"request,omitempty"`

	// The poller active status
	IsActive *bool `json:"isActive,omitempty"`

	// Describe the poll request paging config of the poller
	Paging *CodelessConnectorPollingPagingProperties `json:"paging,omitempty"`

	// Describe the response config parameters of the poller
	Response *CodelessConnectorPollingResponseProperties `json:"response,omitempty"`
}

CodelessConnectorPollingConfigProperties - Config to describe the polling config for API poller connector

func (CodelessConnectorPollingConfigProperties) MarshalJSON 

func (c CodelessConnectorPollingConfigProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingConfigProperties.

func (*CodelessConnectorPollingConfigProperties) UnmarshalJSON 

func (c *CodelessConnectorPollingConfigProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessConnectorPollingConfigProperties.

type CodelessConnectorPollingPagingProperties 

type CodelessConnectorPollingPagingProperties struct {
	// REQUIRED; Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'
	PagingType *string `json:"pagingType,omitempty"`

	// Defines the name of a next page attribute
	NextPageParaName *string `json:"nextPageParaName,omitempty"`

	// Defines the path to a next page token JSON
	NextPageTokenJSONPath *string `json:"nextPageTokenJsonPath,omitempty"`

	// Defines the path to a page count attribute
	PageCountAttributePath *string `json:"pageCountAttributePath,omitempty"`

	// Defines the paging size
	PageSize *int32 `json:"pageSize,omitempty"`

	// Defines the name of the page size parameter
	PageSizeParaName *string `json:"pageSizeParaName,omitempty"`

	// Defines the path to a paging time stamp attribute
	PageTimeStampAttributePath *string `json:"pageTimeStampAttributePath,omitempty"`

	// Defines the path to a page total count attribute
	PageTotalCountAttributePath *string `json:"pageTotalCountAttributePath,omitempty"`

	// Determines whether to search for the latest time stamp in the events list
	SearchTheLatestTimeStampFromEventsList *string `json:"searchTheLatestTimeStampFromEventsList,omitempty"`
}

CodelessConnectorPollingPagingProperties - Describe the properties needed to make a pagination call

func (CodelessConnectorPollingPagingProperties) MarshalJSON 

func (c CodelessConnectorPollingPagingProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingPagingProperties.

func (*CodelessConnectorPollingPagingProperties) UnmarshalJSON 

func (c *CodelessConnectorPollingPagingProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessConnectorPollingPagingProperties.

type CodelessConnectorPollingRequestProperties 

type CodelessConnectorPollingRequestProperties struct {
	// REQUIRED; Describe the endpoint we should pull the data from
	APIEndpoint *string `json:"apiEndpoint,omitempty"`

	// REQUIRED; The http method type we will use in the poll request, GET or POST
	HTTPMethod *string `json:"httpMethod,omitempty"`

	// REQUIRED; The time format will be used the query events in a specific window
	QueryTimeFormat *string `json:"queryTimeFormat,omitempty"`

	// REQUIRED; The window interval we will use the pull the data
	QueryWindowInMin *int32 `json:"queryWindowInMin,omitempty"`

	// This will be used the query events from the end of the time window
	EndTimeAttributeName *string `json:"endTimeAttributeName,omitempty"`

	// Describe the headers sent in the poll request
	Headers any `json:"headers,omitempty"`

	// Describe the query parameters sent in the poll request
	QueryParameters any `json:"queryParameters,omitempty"`

	// For advanced scenarios for example user name/password embedded in nested JSON payload
	QueryParametersTemplate *string `json:"queryParametersTemplate,omitempty"`

	// Defines the rate limit QPS
	RateLimitQPS *int32 `json:"rateLimitQps,omitempty"`

	// Describe the amount of time we should try and poll the data in case of failure
	RetryCount *int32 `json:"retryCount,omitempty"`

	// This will be used the query events from a start of the time window
	StartTimeAttributeName *string `json:"startTimeAttributeName,omitempty"`

	// The number of seconds we will consider as a request timeout
	TimeoutInSeconds *int32 `json:"timeoutInSeconds,omitempty"`
}

CodelessConnectorPollingRequestProperties - Describe the request properties needed to successfully pull from the server

func (CodelessConnectorPollingRequestProperties) MarshalJSON 

func (c CodelessConnectorPollingRequestProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingRequestProperties.

func (*CodelessConnectorPollingRequestProperties) UnmarshalJSON 

func (c *CodelessConnectorPollingRequestProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessConnectorPollingRequestProperties.

type CodelessConnectorPollingResponseProperties 

type CodelessConnectorPollingResponseProperties struct {
	// REQUIRED; Describes the path we should extract the data in the response
	EventsJSONPaths []*string `json:"eventsJsonPaths,omitempty"`

	// Describes if the data in the response is Gzip
	IsGzipCompressed *bool `json:"isGzipCompressed,omitempty"`

	// Describes the path we should extract the status code in the response
	SuccessStatusJSONPath *string `json:"successStatusJsonPath,omitempty"`

	// Describes the path we should extract the status value in the response
	SuccessStatusValue *string `json:"successStatusValue,omitempty"`
}

CodelessConnectorPollingResponseProperties - Describes the response from the external server

func (CodelessConnectorPollingResponseProperties) MarshalJSON 

func (c CodelessConnectorPollingResponseProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessConnectorPollingResponseProperties.

func (*CodelessConnectorPollingResponseProperties) UnmarshalJSON 

func (c *CodelessConnectorPollingResponseProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessConnectorPollingResponseProperties.

type CodelessParameters 

type CodelessParameters struct {
	// Config to describe the instructions blade
	ConnectorUIConfig *CodelessUIConnectorConfigProperties `json:"connectorUiConfig,omitempty"`
}

CodelessParameters - Represents Codeless UI data connector

func (CodelessParameters) MarshalJSON 

func (c CodelessParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessParameters.

func (*CodelessParameters) UnmarshalJSON 

func (c *CodelessParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessParameters.

type CodelessUIConnectorConfigProperties 

type CodelessUIConnectorConfigProperties struct {
	// REQUIRED; Connector Availability Status
	Availability *Availability `json:"availability,omitempty"`

	// REQUIRED; Define the way the connector check connectivity
	ConnectivityCriteria []*CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem `json:"connectivityCriteria,omitempty"`

	// REQUIRED; Data types to check for last data received
	DataTypes []*CodelessUIConnectorConfigPropertiesDataTypesItem `json:"dataTypes,omitempty"`

	// REQUIRED; Connector description
	DescriptionMarkdown *string `json:"descriptionMarkdown,omitempty"`

	// REQUIRED; The graph query to show the current data status
	GraphQueries []*CodelessUIConnectorConfigPropertiesGraphQueriesItem `json:"graphQueries,omitempty"`

	// REQUIRED; Name of the table the connector will insert the data to
	GraphQueriesTableName *string `json:"graphQueriesTableName,omitempty"`

	// REQUIRED; Instruction steps to enable the connector
	InstructionSteps []*CodelessUIConnectorConfigPropertiesInstructionStepsItem `json:"instructionSteps,omitempty"`

	// REQUIRED; Permissions required for the connector
	Permissions *Permissions `json:"permissions,omitempty"`

	// REQUIRED; Connector publisher name
	Publisher *string `json:"publisher,omitempty"`

	// REQUIRED; The sample queries for the connector
	SampleQueries []*CodelessUIConnectorConfigPropertiesSampleQueriesItem `json:"sampleQueries,omitempty"`

	// REQUIRED; Connector blade title
	Title *string `json:"title,omitempty"`

	// An optional custom image to be used when displaying the connector within Azure Sentinel's connector's gallery
	CustomImage *string `json:"customImage,omitempty"`
}

CodelessUIConnectorConfigProperties - Config to describe the instructions blade

func (CodelessUIConnectorConfigProperties) MarshalJSON 

func (c CodelessUIConnectorConfigProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigProperties.

func (*CodelessUIConnectorConfigProperties) UnmarshalJSON 

func (c *CodelessUIConnectorConfigProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigProperties.

type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem 

type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem struct {
	// type of connectivity
	Type *ConnectivityType `json:"type,omitempty"`

	// Queries for checking connectivity
	Value []*string `json:"value,omitempty"`
}

func (CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) MarshalJSON 

func (c CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem.

func (*CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) UnmarshalJSON 

func (c *CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem.

type CodelessUIConnectorConfigPropertiesDataTypesItem 

type CodelessUIConnectorConfigPropertiesDataTypesItem struct {
	// Query for indicate last data received
	LastDataReceivedQuery *string `json:"lastDataReceivedQuery,omitempty"`

	// Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder
	Name *string `json:"name,omitempty"`
}

func (CodelessUIConnectorConfigPropertiesDataTypesItem) MarshalJSON 

func (c CodelessUIConnectorConfigPropertiesDataTypesItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesDataTypesItem.

func (*CodelessUIConnectorConfigPropertiesDataTypesItem) UnmarshalJSON 

func (c *CodelessUIConnectorConfigPropertiesDataTypesItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigPropertiesDataTypesItem.

type CodelessUIConnectorConfigPropertiesGraphQueriesItem 

type CodelessUIConnectorConfigPropertiesGraphQueriesItem struct {
	// The base query for the graph
	BaseQuery *string `json:"baseQuery,omitempty"`

	// The legend for the graph
	Legend *string `json:"legend,omitempty"`

	// the metric that the query is checking
	MetricName *string `json:"metricName,omitempty"`
}

func (CodelessUIConnectorConfigPropertiesGraphQueriesItem) MarshalJSON 

func (c CodelessUIConnectorConfigPropertiesGraphQueriesItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesGraphQueriesItem.

func (*CodelessUIConnectorConfigPropertiesGraphQueriesItem) UnmarshalJSON 

func (c *CodelessUIConnectorConfigPropertiesGraphQueriesItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigPropertiesGraphQueriesItem.

type CodelessUIConnectorConfigPropertiesInstructionStepsItem 

type CodelessUIConnectorConfigPropertiesInstructionStepsItem struct {
	// Instruction step description
	Description *string `json:"description,omitempty"`

	// Instruction step details
	Instructions []*InstructionStepsInstructionsItem `json:"instructions,omitempty"`

	// Instruction step title
	Title *string `json:"title,omitempty"`
}

func (CodelessUIConnectorConfigPropertiesInstructionStepsItem) MarshalJSON 

func (c CodelessUIConnectorConfigPropertiesInstructionStepsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesInstructionStepsItem.

func (*CodelessUIConnectorConfigPropertiesInstructionStepsItem) UnmarshalJSON 

func (c *CodelessUIConnectorConfigPropertiesInstructionStepsItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigPropertiesInstructionStepsItem.

type CodelessUIConnectorConfigPropertiesSampleQueriesItem 

type CodelessUIConnectorConfigPropertiesSampleQueriesItem struct {
	// The sample query description
	Description *string `json:"description,omitempty"`

	// the sample query
	Query *string `json:"query,omitempty"`
}

func (CodelessUIConnectorConfigPropertiesSampleQueriesItem) MarshalJSON 

func (c CodelessUIConnectorConfigPropertiesSampleQueriesItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIConnectorConfigPropertiesSampleQueriesItem.

func (*CodelessUIConnectorConfigPropertiesSampleQueriesItem) UnmarshalJSON 

func (c *CodelessUIConnectorConfigPropertiesSampleQueriesItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIConnectorConfigPropertiesSampleQueriesItem.

type CodelessUIDataConnector 

type CodelessUIDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Codeless UI data connector properties
	Properties *CodelessParameters `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

CodelessUIDataConnector - Represents Codeless UI data connector.

func (*CodelessUIDataConnector) GetDataConnector 

func (c *CodelessUIDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type CodelessUIDataConnector.

func (CodelessUIDataConnector) MarshalJSON 

func (c CodelessUIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CodelessUIDataConnector.

func (*CodelessUIDataConnector) UnmarshalJSON 

func (c *CodelessUIDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CodelessUIDataConnector.

type ConditionType 

type ConditionType string
const (
	// ConditionTypeBoolean - Apply a boolean operator (e.g AND, OR) to conditions
	ConditionTypeBoolean ConditionType = "Boolean"
	// ConditionTypeProperty - Evaluate an object property value
	ConditionTypeProperty ConditionType = "Property"
	// ConditionTypePropertyArray - Evaluate an object array property value
	ConditionTypePropertyArray ConditionType = "PropertyArray"
	// ConditionTypePropertyArrayChanged - Evaluate an object array property changed value
	ConditionTypePropertyArrayChanged ConditionType = "PropertyArrayChanged"
	// ConditionTypePropertyChanged - Evaluate an object property changed value
	ConditionTypePropertyChanged ConditionType = "PropertyChanged"
)

func PossibleConditionTypeValues 

func PossibleConditionTypeValues() []ConditionType

PossibleConditionTypeValues returns the possible values for the ConditionType const type.

type ConfidenceLevel 

type ConfidenceLevel string

ConfidenceLevel - The confidence level of this alert. 

const (
	// ConfidenceLevelHigh - High confidence that the alert is true positive malicious
	ConfidenceLevelHigh ConfidenceLevel = "High"
	// ConfidenceLevelLow - Low confidence, meaning we have some doubts this is indeed malicious or part of an attack
	ConfidenceLevelLow ConfidenceLevel = "Low"
	// ConfidenceLevelUnknown - Unknown confidence, the is the default value
	ConfidenceLevelUnknown ConfidenceLevel = "Unknown"
)

func PossibleConfidenceLevelValues 

func PossibleConfidenceLevelValues() []ConfidenceLevel

PossibleConfidenceLevelValues returns the possible values for the ConfidenceLevel const type.

type ConfidenceScoreStatus 

type ConfidenceScoreStatus string

ConfidenceScoreStatus - The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. 

const (
	// ConfidenceScoreStatusFinal - Final score was calculated and available
	ConfidenceScoreStatusFinal ConfidenceScoreStatus = "Final"
	// ConfidenceScoreStatusInProcess - No score was set yet and calculation is in progress
	ConfidenceScoreStatusInProcess ConfidenceScoreStatus = "InProcess"
	// ConfidenceScoreStatusNotApplicable - Score will not be calculated for this alert as it is not supported by virtual analyst
	ConfidenceScoreStatusNotApplicable ConfidenceScoreStatus = "NotApplicable"
	// ConfidenceScoreStatusNotFinal - Score is calculated and shown as part of the alert, but may be updated again at a later
	// time following the processing of additional data
	ConfidenceScoreStatusNotFinal ConfidenceScoreStatus = "NotFinal"
)

func PossibleConfidenceScoreStatusValues 

func PossibleConfidenceScoreStatusValues() []ConfidenceScoreStatus

PossibleConfidenceScoreStatusValues returns the possible values for the ConfidenceScoreStatus const type.

type ConnectAuthKind 

type ConnectAuthKind string

ConnectAuthKind - The authentication kind used to poll the data 

const (
	ConnectAuthKindAPIKey ConnectAuthKind = "APIKey"
	ConnectAuthKindBasic  ConnectAuthKind = "Basic"
	ConnectAuthKindOAuth2 ConnectAuthKind = "OAuth2"
)

func PossibleConnectAuthKindValues 

func PossibleConnectAuthKindValues() []ConnectAuthKind

PossibleConnectAuthKindValues returns the possible values for the ConnectAuthKind const type.

type ConnectedEntity 

type ConnectedEntity struct {
	// key-value pairs for a connected entity mapping
	AdditionalData any `json:"additionalData,omitempty"`

	// Entity Id of the connected entity
	TargetEntityID *string `json:"targetEntityId,omitempty"`
}

ConnectedEntity - Expansion result connected entities

func (ConnectedEntity) MarshalJSON 

func (c ConnectedEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ConnectedEntity.

func (*ConnectedEntity) UnmarshalJSON 

func (c *ConnectedEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ConnectedEntity.

type ConnectivityType 

type ConnectivityType string

ConnectivityType - type of connectivity 

const (
	ConnectivityTypeIsConnectedQuery ConnectivityType = "IsConnectedQuery"
)

func PossibleConnectivityTypeValues 

func PossibleConnectivityTypeValues() []ConnectivityType

PossibleConnectivityTypeValues returns the possible values for the ConnectivityType const type.

type ContentPathMap 

type ContentPathMap struct {
	// Content type.
	ContentType *ContentType `json:"contentType,omitempty"`

	// The path to the content.
	Path *string `json:"path,omitempty"`
}

ContentPathMap - The mapping of content type to a repo path.

func (ContentPathMap) MarshalJSON 

func (c ContentPathMap) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ContentPathMap.

func (*ContentPathMap) UnmarshalJSON 

func (c *ContentPathMap) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ContentPathMap.

type ContentType 

type ContentType string

ContentType - The content type of a source control path. 

const (
	ContentTypeAnalyticRule ContentType = "AnalyticRule"
	ContentTypeWorkbook     ContentType = "Workbook"
)

func PossibleContentTypeValues 

func PossibleContentTypeValues() []ContentType

PossibleContentTypeValues returns the possible values for the ContentType const type.

type CreatedByType 

type CreatedByType string

CreatedByType - The type of identity that created the resource. 

const (
	CreatedByTypeApplication     CreatedByType = "Application"
	CreatedByTypeKey             CreatedByType = "Key"
	CreatedByTypeManagedIdentity CreatedByType = "ManagedIdentity"
	CreatedByTypeUser            CreatedByType = "User"
)

func PossibleCreatedByTypeValues 

func PossibleCreatedByTypeValues() []CreatedByType

PossibleCreatedByTypeValues returns the possible values for the CreatedByType const type.

type CustomEntityQuery 

type CustomEntityQuery struct {
	// REQUIRED; the entity query kind
	Kind *CustomEntityQueryKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

CustomEntityQuery - Specific entity query that supports put requests.

func (*CustomEntityQuery) GetCustomEntityQuery 

func (c *CustomEntityQuery) GetCustomEntityQuery() *CustomEntityQuery

GetCustomEntityQuery implements the CustomEntityQueryClassification interface for type CustomEntityQuery.

func (CustomEntityQuery) MarshalJSON 

func (c CustomEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type CustomEntityQuery.

func (*CustomEntityQuery) UnmarshalJSON 

func (c *CustomEntityQuery) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type CustomEntityQuery.

type CustomEntityQueryClassification 

type CustomEntityQueryClassification interface {
	// GetCustomEntityQuery returns the CustomEntityQuery content of the underlying type.
	GetCustomEntityQuery() *CustomEntityQuery
}

CustomEntityQueryClassification provides polymorphic access to related types. Call the interface's GetCustomEntityQuery() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityCustomEntityQuery, *CustomEntityQuery

type CustomEntityQueryKind 

type CustomEntityQueryKind string

CustomEntityQueryKind - The kind of the entity query that supports put request. 

const (
	CustomEntityQueryKindActivity CustomEntityQueryKind = "Activity"
)

func PossibleCustomEntityQueryKindValues 

func PossibleCustomEntityQueryKindValues() []CustomEntityQueryKind

PossibleCustomEntityQueryKindValues returns the possible values for the CustomEntityQueryKind const type.

type DNSEntity 

type DNSEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Dns entity properties
	Properties *DNSEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

DNSEntity - Represents a dns entity.

func (*DNSEntity) GetEntity 

func (d *DNSEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type DNSEntity.

func (DNSEntity) MarshalJSON 

func (d DNSEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DNSEntity.

func (*DNSEntity) UnmarshalJSON 

func (d *DNSEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntity.

type DNSEntityProperties 

type DNSEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; An ip entity id for the dns server resolving the request
	DNSServerIPEntityID *string `json:"dnsServerIpEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The name of the dns record associated with the alert
	DomainName *string `json:"domainName,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; An ip entity id for the dns request client
	HostIPAddressEntityID *string `json:"hostIpAddressEntityId,omitempty" azure:"ro"`

	// READ-ONLY; Ip entity identifiers for the resolved ip address.
	IPAddressEntityIDs []*string `json:"ipAddressEntityIds,omitempty" azure:"ro"`
}

DNSEntityProperties - Dns entity property bag.

func (DNSEntityProperties) MarshalJSON 

func (d DNSEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DNSEntityProperties.

func (*DNSEntityProperties) UnmarshalJSON 

func (d *DNSEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DNSEntityProperties.

type DataConnector 

type DataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

DataConnector - Data connector

func (*DataConnector) GetDataConnector 

func (d *DataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type DataConnector.

func (DataConnector) MarshalJSON 

func (d DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnector.

func (*DataConnector) UnmarshalJSON 

func (d *DataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnector.

type DataConnectorAuthorizationState 

type DataConnectorAuthorizationState string

DataConnectorAuthorizationState - Describes the state of user's authorization for a connector kind. 

const (
	DataConnectorAuthorizationStateInvalid DataConnectorAuthorizationState = "Invalid"
	DataConnectorAuthorizationStateValid   DataConnectorAuthorizationState = "Valid"
)

func PossibleDataConnectorAuthorizationStateValues 

func PossibleDataConnectorAuthorizationStateValues() []DataConnectorAuthorizationState

PossibleDataConnectorAuthorizationStateValues returns the possible values for the DataConnectorAuthorizationState const type.

type DataConnectorClassification 

type DataConnectorClassification interface {
	// GetDataConnector returns the DataConnector content of the underlying type.
	GetDataConnector() *DataConnector
}

DataConnectorClassification provides polymorphic access to related types. Call the interface's GetDataConnector() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AADDataConnector, *AATPDataConnector, *ASCDataConnector, *AwsCloudTrailDataConnector, *AwsS3DataConnector, *CodelessAPIPollingDataConnector, - *CodelessUIDataConnector, *DataConnector, *Dynamics365DataConnector, *IoTDataConnector, *MCASDataConnector, *MDATPDataConnector, - *MSTIDataConnector, *MTPDataConnector, *Office365ProjectDataConnector, *OfficeATPDataConnector, *OfficeDataConnector, - *OfficeIRMDataConnector, *OfficePowerBIDataConnector, *TIDataConnector, *TiTaxiiDataConnector

type DataConnectorConnectBody 

type DataConnectorConnectBody struct {
	// The API key of the audit server.
	APIKey *string `json:"apiKey,omitempty"`

	// The authorization code used in OAuth 2.0 code flow to issue a token.
	AuthorizationCode *string `json:"authorizationCode,omitempty"`

	// The client id of the OAuth 2.0 application.
	ClientID *string `json:"clientId,omitempty"`

	// The client secret of the OAuth 2.0 application.
	ClientSecret *string `json:"clientSecret,omitempty"`

	// Used in v2 logs connector. Represents the data collection ingestion endpoint in log analytics.
	DataCollectionEndpoint *string `json:"dataCollectionEndpoint,omitempty"`

	// Used in v2 logs connector. The data collection rule immutable id, the rule defines the transformation and data destination.
	DataCollectionRuleImmutableID *string `json:"dataCollectionRuleImmutableId,omitempty"`

	// The authentication kind used to poll the data
	Kind *ConnectAuthKind `json:"kind,omitempty"`

	// Used in v2 logs connector. The stream we are sending the data to, this is the name of the streamDeclarations defined in
	// the DCR.
	OutputStream *string `json:"outputStream,omitempty"`

	// The user password in the audit log server.
	Password                     *string `json:"password,omitempty"`
	RequestConfigUserInputValues []any   `json:"requestConfigUserInputValues,omitempty"`

	// The user name in the audit log server.
	UserName *string `json:"userName,omitempty"`
}

DataConnectorConnectBody - Represents Codeless API Polling data connector.

func (DataConnectorConnectBody) MarshalJSON 

func (d DataConnectorConnectBody) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnectorConnectBody.

func (*DataConnectorConnectBody) UnmarshalJSON 

func (d *DataConnectorConnectBody) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorConnectBody.

type DataConnectorDataTypeCommon 

type DataConnectorDataTypeCommon struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

DataConnectorDataTypeCommon - Common field for data type in data connectors.

func (DataConnectorDataTypeCommon) MarshalJSON 

func (d DataConnectorDataTypeCommon) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnectorDataTypeCommon.

func (*DataConnectorDataTypeCommon) UnmarshalJSON 

func (d *DataConnectorDataTypeCommon) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorDataTypeCommon.

type DataConnectorKind 

type DataConnectorKind string

DataConnectorKind - The kind of the data connector 

const (
	DataConnectorKindAPIPolling                                DataConnectorKind = "APIPolling"
	DataConnectorKindAmazonWebServicesCloudTrail               DataConnectorKind = "AmazonWebServicesCloudTrail"
	DataConnectorKindAmazonWebServicesS3                       DataConnectorKind = "AmazonWebServicesS3"
	DataConnectorKindAzureActiveDirectory                      DataConnectorKind = "AzureActiveDirectory"
	DataConnectorKindAzureAdvancedThreatProtection             DataConnectorKind = "AzureAdvancedThreatProtection"
	DataConnectorKindAzureSecurityCenter                       DataConnectorKind = "AzureSecurityCenter"
	DataConnectorKindDynamics365                               DataConnectorKind = "Dynamics365"
	DataConnectorKindGenericUI                                 DataConnectorKind = "GenericUI"
	DataConnectorKindIOT                                       DataConnectorKind = "IOT"
	DataConnectorKindMicrosoftCloudAppSecurity                 DataConnectorKind = "MicrosoftCloudAppSecurity"
	DataConnectorKindMicrosoftDefenderAdvancedThreatProtection DataConnectorKind = "MicrosoftDefenderAdvancedThreatProtection"
	DataConnectorKindMicrosoftThreatIntelligence               DataConnectorKind = "MicrosoftThreatIntelligence"
	DataConnectorKindMicrosoftThreatProtection                 DataConnectorKind = "MicrosoftThreatProtection"
	DataConnectorKindOffice365                                 DataConnectorKind = "Office365"
	DataConnectorKindOffice365Project                          DataConnectorKind = "Office365Project"
	DataConnectorKindOfficeATP                                 DataConnectorKind = "OfficeATP"
	DataConnectorKindOfficeIRM                                 DataConnectorKind = "OfficeIRM"
	DataConnectorKindOfficePowerBI                             DataConnectorKind = "OfficePowerBI"
	DataConnectorKindThreatIntelligence                        DataConnectorKind = "ThreatIntelligence"
	DataConnectorKindThreatIntelligenceTaxii                   DataConnectorKind = "ThreatIntelligenceTaxii"
)

func PossibleDataConnectorKindValues 

func PossibleDataConnectorKindValues() []DataConnectorKind

PossibleDataConnectorKindValues returns the possible values for the DataConnectorKind const type.

type DataConnectorLicenseState 

type DataConnectorLicenseState string

DataConnectorLicenseState - Describes the state of user's license for a connector kind. 

const (
	DataConnectorLicenseStateInvalid DataConnectorLicenseState = "Invalid"
	DataConnectorLicenseStateUnknown DataConnectorLicenseState = "Unknown"
	DataConnectorLicenseStateValid   DataConnectorLicenseState = "Valid"
)

func PossibleDataConnectorLicenseStateValues 

func PossibleDataConnectorLicenseStateValues() []DataConnectorLicenseState

PossibleDataConnectorLicenseStateValues returns the possible values for the DataConnectorLicenseState const type.

type DataConnectorList 

type DataConnectorList struct {
	// REQUIRED; Array of data connectors.
	Value []DataConnectorClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of data connectors.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

DataConnectorList - List all the data connectors.

func (DataConnectorList) MarshalJSON 

func (d DataConnectorList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnectorList.

func (*DataConnectorList) UnmarshalJSON 

func (d *DataConnectorList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorList.

type DataConnectorRequirementsState 

type DataConnectorRequirementsState struct {
	// Authorization state for this connector
	AuthorizationState *DataConnectorAuthorizationState `json:"authorizationState,omitempty"`

	// License state for this connector
	LicenseState *DataConnectorLicenseState `json:"licenseState,omitempty"`
}

DataConnectorRequirementsState - Data connector requirements status.

func (DataConnectorRequirementsState) MarshalJSON 

func (d DataConnectorRequirementsState) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnectorRequirementsState.

func (*DataConnectorRequirementsState) UnmarshalJSON 

func (d *DataConnectorRequirementsState) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorRequirementsState.

type DataConnectorsCheckRequirements 

type DataConnectorsCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`
}

DataConnectorsCheckRequirements - Data connector requirements properties.

func (*DataConnectorsCheckRequirements) GetDataConnectorsCheckRequirements 

func (d *DataConnectorsCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type DataConnectorsCheckRequirements.

func (DataConnectorsCheckRequirements) MarshalJSON 

func (d DataConnectorsCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataConnectorsCheckRequirements.

func (*DataConnectorsCheckRequirements) UnmarshalJSON 

func (d *DataConnectorsCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsCheckRequirements.

type DataConnectorsCheckRequirementsClassification 

type DataConnectorsCheckRequirementsClassification interface {
	// GetDataConnectorsCheckRequirements returns the DataConnectorsCheckRequirements content of the underlying type.
	GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements
}

DataConnectorsCheckRequirementsClassification provides polymorphic access to related types. Call the interface's GetDataConnectorsCheckRequirements() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AADCheckRequirements, *AATPCheckRequirements, *ASCCheckRequirements, *AwsCloudTrailCheckRequirements, *AwsS3CheckRequirements, - *DataConnectorsCheckRequirements, *Dynamics365CheckRequirements, *IoTCheckRequirements, *MCASCheckRequirements, *MDATPCheckRequirements, - *MSTICheckRequirements, *MtpCheckRequirements, *Office365ProjectCheckRequirements, *OfficeATPCheckRequirements, *OfficeIRMCheckRequirements, - *OfficePowerBICheckRequirements, *TICheckRequirements, *TiTaxiiCheckRequirements

type DataConnectorsCheckRequirementsClient 

type DataConnectorsCheckRequirementsClient struct {
	// contains filtered or unexported fields
}

DataConnectorsCheckRequirementsClient contains the methods for the DataConnectorsCheckRequirements group. Don't use this type directly, use NewDataConnectorsCheckRequirementsClient() instead.

func NewDataConnectorsCheckRequirementsClient 

func NewDataConnectorsCheckRequirementsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DataConnectorsCheckRequirementsClient, error)

NewDataConnectorsCheckRequirementsClient creates a new instance of DataConnectorsCheckRequirementsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*DataConnectorsCheckRequirementsClient) Post 

func (client *DataConnectorsCheckRequirementsClient) Post(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorsCheckRequirements DataConnectorsCheckRequirementsClassification, options *DataConnectorsCheckRequirementsClientPostOptions) (DataConnectorsCheckRequirementsClientPostResponse, error)

Post - Get requirements state for a data connector type. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • dataConnectorsCheckRequirements - The parameters for requirements check message
  • options - DataConnectorsCheckRequirementsClientPostOptions contains the optional parameters for the DataConnectorsCheckRequirementsClient.Post method.
Example (CheckRequirementsForAad)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectory.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.AADCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory),
	Properties: &armsecurityinsights.AADCheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForAadNoAuthorization)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoAuthorization.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.AADCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory),
	Properties: &armsecurityinsights.AADCheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForAadNoLicense)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsAzureActiveDirectoryNoLicense.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.AADCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory),
	Properties: &armsecurityinsights.AADCheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForAsc)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsAzureSecurityCenter.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.ASCCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureSecurityCenter),
	Properties: &armsecurityinsights.ASCCheckRequirementsProperties{
		SubscriptionID: to.Ptr("c0688291-89d7-4bed-87a2-a7b1bff43f4c"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForDynamics365)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsDynamics365.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.Dynamics365CheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindDynamics365),
	Properties: &armsecurityinsights.Dynamics365CheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForIoT)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsIoT.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.IoTCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindIOT),
	Properties: &armsecurityinsights.IoTCheckRequirementsProperties{
		SubscriptionID: to.Ptr("c0688291-89d7-4bed-87a2-a7b1bff43f4c"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForMcas)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftCloudAppSecurity.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.MCASCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity),
	Properties: &armsecurityinsights.MCASCheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForMdatp)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsMdatp.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.MCASCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity),
	Properties: &armsecurityinsights.MCASCheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForMicrosoftThreatIntelligence)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatIntelligence.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.MSTICheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftThreatIntelligence),
	Properties: &armsecurityinsights.MSTICheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForMicrosoftThreatProtection)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsMicrosoftThreatProtection.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.MtpCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftThreatProtection),
	Properties: &armsecurityinsights.MTPCheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForOffice365Project)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsOffice365Project.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.Office365ProjectCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365Project),
	Properties: &armsecurityinsights.Office365ProjectCheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForOfficeAtp)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeATP.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.OfficeATPCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficeATP),
	Properties: &armsecurityinsights.OfficeATPCheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForOfficeIrm)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsOfficeIRM.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.OfficeIRMCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficeIRM),
	Properties: &armsecurityinsights.OfficeIRMCheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForOfficePowerBi)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsOfficePowerBI.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.OfficePowerBICheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficePowerBI),
	Properties: &armsecurityinsights.OfficePowerBICheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForTi)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligence.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.TICheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence),
	Properties: &armsecurityinsights.TICheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:
Example (CheckRequirementsForTiTaxii)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CheckRequirementsThreatIntelligenceTaxii.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsCheckRequirementsClient().Post(ctx, "myRg", "myWorkspace", &armsecurityinsights.TiTaxiiCheckRequirements{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii),
	Properties: &armsecurityinsights.TiTaxiiCheckRequirementsProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.DataConnectorRequirementsState = armsecurityinsights.DataConnectorRequirementsState{
// 	AuthorizationState: to.Ptr(armsecurityinsights.DataConnectorAuthorizationStateValid),
// 	LicenseState: to.Ptr(armsecurityinsights.DataConnectorLicenseStateValid),
// }

Output:

type DataConnectorsCheckRequirementsClientPostOptions 

type DataConnectorsCheckRequirementsClientPostOptions struct {
}

DataConnectorsCheckRequirementsClientPostOptions contains the optional parameters for the DataConnectorsCheckRequirementsClient.Post method.

type DataConnectorsCheckRequirementsClientPostResponse 

type DataConnectorsCheckRequirementsClientPostResponse struct {
	DataConnectorRequirementsState
}

DataConnectorsCheckRequirementsClientPostResponse contains the response from method DataConnectorsCheckRequirementsClient.Post.

type DataConnectorsClient 

type DataConnectorsClient struct {
	// contains filtered or unexported fields
}

DataConnectorsClient contains the methods for the DataConnectors group. Don't use this type directly, use NewDataConnectorsClient() instead.

func NewDataConnectorsClient 

func NewDataConnectorsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DataConnectorsClient, error)

NewDataConnectorsClient creates a new instance of DataConnectorsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*DataConnectorsClient) Connect 

func (client *DataConnectorsClient) Connect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, connectBody DataConnectorConnectBody, options *DataConnectorsClientConnectOptions) (DataConnectorsClientConnectResponse, error)

Connect - Connects a data connector. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • dataConnectorID - Connector ID
  • connectBody - The data connector
  • options - DataConnectorsClientConnectOptions contains the optional parameters for the DataConnectorsClient.Connect method.
Example (ConnectAnApiPollingDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/ConnectAPIPolling.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewDataConnectorsClient().Connect(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", armsecurityinsights.DataConnectorConnectBody{
	APIKey: to.Ptr("123456789"),
	Kind:   to.Ptr(armsecurityinsights.ConnectAuthKindAPIKey),
	RequestConfigUserInputValues: []any{
		map[string]any{
			"displayText":      "Organization Name",
			"placeHolderName":  "{{placeHolder1}}",
			"placeHolderValue": "somePlaceHolderValue",
			"requestObjectKey": "apiEndpoint",
		}},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:
Example (ConnectAnApiPollingV2LogsDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/ConnectAPIPollingV2Logs.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewDataConnectorsClient().Connect(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", armsecurityinsights.DataConnectorConnectBody{
	APIKey:                        to.Ptr("123456789"),
	DataCollectionEndpoint:        to.Ptr("https://test.eastus.ingest.monitor.azure.com"),
	DataCollectionRuleImmutableID: to.Ptr("dcr-34adsj9o7d6f9de204478b9cgb43b631"),
	Kind:                          to.Ptr(armsecurityinsights.ConnectAuthKindAPIKey),
	OutputStream:                  to.Ptr("Custom-MyTableRawData"),
	RequestConfigUserInputValues: []any{
		map[string]any{
			"displayText":      "Organization Name",
			"placeHolderName":  "{{placeHolder1}}",
			"placeHolderValue": "somePlaceHolderValue",
			"requestObjectKey": "apiEndpoint",
		}},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*DataConnectorsClient) CreateOrUpdate 

func (client *DataConnectorsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, dataConnector DataConnectorClassification, options *DataConnectorsClientCreateOrUpdateOptions) (DataConnectorsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the data connector. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • dataConnectorID - Connector ID
  • dataConnector - The data connector
  • options - DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate method.
Example (CreatesOrUpdatesAApiPollingDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateAPIPolling.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", &armsecurityinsights.CodelessAPIPollingDataConnector{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindAPIPolling),
	Properties: &armsecurityinsights.APIPollingParameters{
		ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{
			Availability: &armsecurityinsights.Availability{
				IsPreview: to.Ptr(true),
				Status:    to.Ptr[int32](1),
			},
			ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{
				{
					Type:  to.Ptr(armsecurityinsights.ConnectivityType("SentinelKindsV2")),
					Value: []*string{},
				}},
			DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{
				{
					Name:                  to.Ptr("{{graphQueriesTableName}}"),
					LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"),
				}},
			DescriptionMarkdown: to.Ptr("The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process."),
			GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{
				{
					BaseQuery:  to.Ptr("{{graphQueriesTableName}}"),
					Legend:     to.Ptr("GitHub audit log events"),
					MetricName: to.Ptr("Total events received"),
				}},
			GraphQueriesTableName: to.Ptr("GitHubAuditLogPolling_CL"),
			InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{
				{
					Description: to.Ptr("Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key"),
					Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{
						{
							Type: to.Ptr(armsecurityinsights.SettingType("APIKey")),
							Parameters: map[string]any{
								"enable": "true",
								"userRequestPlaceHoldersInput": []any{
									map[string]any{
										"displayText":      "Organization Name",
										"placeHolderName":  "{{placeHolder1}}",
										"placeHolderValue": "",
										"requestObjectKey": "apiEndpoint",
									},
								},
							},
						}},
					Title: to.Ptr("Connect GitHub Enterprise Audit Log to Azure Sentinel"),
				}},
			Permissions: &armsecurityinsights.Permissions{
				Customs: []*armsecurityinsights.PermissionsCustomsItem{
					{
						Name:        to.Ptr("GitHub API personal token Key"),
						Description: to.Ptr("You need access to GitHub personal token, the key should have 'admin:org' scope"),
					}},
				ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{
					{
						PermissionsDisplayText: to.Ptr("read and write permissions are required."),
						Provider:               to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces),
						ProviderDisplayName:    to.Ptr("Workspace"),
						RequiredPermissions: &armsecurityinsights.RequiredPermissions{
							Delete: to.Ptr(true),
							Read:   to.Ptr(true),
							Write:  to.Ptr(true),
						},
						Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
					}},
			},
			Publisher: to.Ptr("GitHub"),
			SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{
				{
					Description: to.Ptr("All logs"),
					Query:       to.Ptr("{{graphQueriesTableName}}\n | take 10 <change>"),
				}},
			Title: to.Ptr("GitHub Enterprise Audit Log"),
		},
		PollingConfig: &armsecurityinsights.CodelessConnectorPollingConfigProperties{
			Auth: &armsecurityinsights.CodelessConnectorPollingAuthProperties{
				APIKeyIdentifier: to.Ptr("token"),
				APIKeyName:       to.Ptr("Authorization"),
				AuthType:         to.Ptr("APIKey"),
			},
			Paging: &armsecurityinsights.CodelessConnectorPollingPagingProperties{
				PageSizeParaName: to.Ptr("per_page"),
				PagingType:       to.Ptr("LinkHeader"),
			},
			Response: &armsecurityinsights.CodelessConnectorPollingResponseProperties{
				EventsJSONPaths: []*string{
					to.Ptr("$")},
			},
			Request: &armsecurityinsights.CodelessConnectorPollingRequestProperties{
				APIEndpoint: to.Ptr("https://api.github.com/organizations/{{placeHolder1}}/audit-log"),
				Headers: map[string]any{
					"Accept":     "application/json",
					"User-Agent": "Scuba",
				},
				HTTPMethod: to.Ptr("Get"),
				QueryParameters: map[string]any{
					"phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}",
				},
				QueryTimeFormat:  to.Ptr("yyyy-MM-ddTHH:mm:ssZ"),
				QueryWindowInMin: to.Ptr[int32](15),
				RateLimitQPS:     to.Ptr[int32](50),
				RetryCount:       to.Ptr[int32](2),
				TimeoutInSeconds: to.Ptr[int32](60),
			},
		},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.CodelessAPIPollingDataConnector{
// 		Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
// 		Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAPIPolling),
// 		Properties: &armsecurityinsights.APIPollingParameters{
// 			ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{
// 				Availability: &armsecurityinsights.Availability{
// 					IsPreview: to.Ptr(true),
// 					Status: to.Ptr[int32](1),
// 				},
// 				ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{
// 					{
// 						Type: to.Ptr(armsecurityinsights.ConnectivityType("SentinelKindsV2")),
// 						Value: []*string{
// 						},
// 				}},
// 				DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{
// 					{
// 						Name: to.Ptr("{{graphQueriesTableName}}"),
// 						LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"),
// 				}},
// 				DescriptionMarkdown: to.Ptr("The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process."),
// 				GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{
// 					{
// 						BaseQuery: to.Ptr("{{graphQueriesTableName}}"),
// 						Legend: to.Ptr("GitHub audit log events"),
// 						MetricName: to.Ptr("Total events received"),
// 				}},
// 				GraphQueriesTableName: to.Ptr("GitHubAuditLogPolling_CL"),
// 				InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{
// 					{
// 						Description: to.Ptr("Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key"),
// 						Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{
// 							{
// 								Type: to.Ptr(armsecurityinsights.SettingType("APIKey")),
// 								Parameters: map[string]any{
// 									"enable": "true",
// 									"userRequestPlaceHoldersInput":[]any{
// 										map[string]any{
// 											"displayText": "Organization Name",
// 											"placeHolderName": "{{placeHolder1}}",
// 											"placeHolderValue": "",
// 											"requestObjectKey": "apiEndpoint",
// 										},
// 									},
// 								},
// 						}},
// 						Title: to.Ptr("Connect GitHub Enterprise Audit Log to Azure Sentinel"),
// 				}},
// 				Permissions: &armsecurityinsights.Permissions{
// 					Customs: []*armsecurityinsights.PermissionsCustomsItem{
// 						{
// 							Name: to.Ptr("GitHub API personal token Key"),
// 							Description: to.Ptr("You need access to GitHub personal token, the key should have 'admin:org' scope"),
// 					}},
// 					ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{
// 						{
// 							PermissionsDisplayText: to.Ptr("read and write permissions are required."),
// 							Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces),
// 							ProviderDisplayName: to.Ptr("Workspace"),
// 							RequiredPermissions: &armsecurityinsights.RequiredPermissions{
// 								Delete: to.Ptr(true),
// 								Read: to.Ptr(true),
// 								Write: to.Ptr(true),
// 							},
// 							Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
// 					}},
// 				},
// 				Publisher: to.Ptr("GitHub"),
// 				SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{
// 					{
// 						Description: to.Ptr("All logs"),
// 						Query: to.Ptr("{{graphQueriesTableName}}\n | take 10 <change>"),
// 				}},
// 				Title: to.Ptr("GitHub Enterprise Audit Log"),
// 			},
// 			PollingConfig: &armsecurityinsights.CodelessConnectorPollingConfigProperties{
// 				Auth: &armsecurityinsights.CodelessConnectorPollingAuthProperties{
// 					APIKeyIdentifier: to.Ptr("token"),
// 					APIKeyName: to.Ptr("Authorization"),
// 					AuthType: to.Ptr("APIKey"),
// 				},
// 				Paging: &armsecurityinsights.CodelessConnectorPollingPagingProperties{
// 					PageSizeParaName: to.Ptr("per_page"),
// 					PagingType: to.Ptr("LinkHeader"),
// 				},
// 				Response: &armsecurityinsights.CodelessConnectorPollingResponseProperties{
// 					EventsJSONPaths: []*string{
// 						to.Ptr("$")},
// 					},
// 					Request: &armsecurityinsights.CodelessConnectorPollingRequestProperties{
// 						APIEndpoint: to.Ptr("https://api.github.com/organizations/{{placeHolder1}}/audit-log"),
// 						Headers: map[string]any{
// 							"Accept": "application/json",
// 							"User-Agent": "Scuba",
// 						},
// 						HTTPMethod: to.Ptr("Get"),
// 						QueryParameters: map[string]any{
// 							"phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}",
// 						},
// 						QueryTimeFormat: to.Ptr("yyyy-MM-ddTHH:mm:ssZ"),
// 						QueryWindowInMin: to.Ptr[int32](15),
// 						RateLimitQPS: to.Ptr[int32](50),
// 						RetryCount: to.Ptr[int32](2),
// 						TimeoutInSeconds: to.Ptr[int32](60),
// 					},
// 				},
// 			},
// 		},
// 		                        }

Output:
Example (CreatesOrUpdatesADynamics365DataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateDynamics365DataConnetor.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "c2541efb-c9a6-47fe-9501-87d1017d1512", &armsecurityinsights.Dynamics365DataConnector{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindDynamics365),
	Properties: &armsecurityinsights.Dynamics365DataConnectorProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		DataTypes: &armsecurityinsights.Dynamics365DataConnectorDataTypes{
			Dynamics365CdsActivities: &armsecurityinsights.Dynamics365DataConnectorDataTypesDynamics365CdsActivities{
				State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
			},
		},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.Dynamics365DataConnector{
// 		Name: to.Ptr("c2541efb-c9a6-47fe-9501-87d1017d1512"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindDynamics365),
// 		Properties: &armsecurityinsights.Dynamics365DataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.Dynamics365DataConnectorDataTypes{
// 				Dynamics365CdsActivities: &armsecurityinsights.Dynamics365DataConnectorDataTypesDynamics365CdsActivities{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (CreatesOrUpdatesAGenericUiDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateGenericUI.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", &armsecurityinsights.CodelessUIDataConnector{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindGenericUI),
	Properties: &armsecurityinsights.CodelessParameters{
		ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{
			Availability: &armsecurityinsights.Availability{
				IsPreview: to.Ptr(true),
				Status:    to.Ptr[int32](1),
			},
			ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{
				{
					Type: to.Ptr(armsecurityinsights.ConnectivityTypeIsConnectedQuery),
					Value: []*string{
						to.Ptr("{{graphQueriesTableName}}\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)")},
				}},
			DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{
				{
					Name:                  to.Ptr("{{graphQueriesTableName}}"),
					LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"),
				}},
			DescriptionMarkdown: to.Ptr("The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation "),
			GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{
				{
					BaseQuery:  to.Ptr("{{graphQueriesTableName}}"),
					Legend:     to.Ptr("{{graphQueriesTableName}}"),
					MetricName: to.Ptr("Total data received"),
				}},
			GraphQueriesTableName: to.Ptr("QualysHostDetection_CL"),
			InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{
				{
					Description: to.Ptr(">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."),
					Title:       to.Ptr(""),
				},
				{
					Description: to.Ptr(">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."),
					Title:       to.Ptr(""),
				},
				{
					Description: to.Ptr("**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."),
					Title:       to.Ptr(""),
				},
				{
					Description: to.Ptr("**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available."),
					Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{
						{
							Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel),
							Parameters: map[string]any{
								"fillWith": []any{
									"WorkspaceId",
								},
								"label": "Workspace ID",
							},
						},
						{
							Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel),
							Parameters: map[string]any{
								"fillWith": []any{
									"PrimaryKey",
								},
								"label": "Primary Key",
							},
						}},
					Title: to.Ptr(""),
				},
				{
					Description: to.Ptr("Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."),
					Title:       to.Ptr("Option 1 - Azure Resource Manager (ARM) Template"),
				},
				{
					Description: to.Ptr("Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."),
					Title:       to.Ptr("Option 2 - Manual Deployment of Azure Functions"),
				},
				{
					Description: to.Ptr("**1. Create a Function App**\n\n1.  From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."),
					Title:       to.Ptr(""),
				},
				{
					Description: to.Ptr("**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."),
					Title:       to.Ptr(""),
				},
				{
					Description: to.Ptr("**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n		apiUsername\n		apiPassword\n		workspaceID\n		workspaceKey\n		uri\n		filterParameters\n		timeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https://<API Server>/api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."),
					Title:       to.Ptr(""),
				},
				{
					Description: to.Ptr("**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"),
					Title:       to.Ptr(""),
				}},
			Permissions: &armsecurityinsights.Permissions{
				Customs: []*armsecurityinsights.PermissionsCustomsItem{
					{
						Name:        to.Ptr("Microsoft.Web/sites permissions"),
						Description: to.Ptr("Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."),
					},
					{
						Name:        to.Ptr("Qualys API Key"),
						Description: to.Ptr("A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."),
					}},
				ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{
					{
						PermissionsDisplayText: to.Ptr("read and write permissions on the workspace are required."),
						Provider:               to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces),
						ProviderDisplayName:    to.Ptr("Workspace"),
						RequiredPermissions: &armsecurityinsights.RequiredPermissions{
							Delete: to.Ptr(true),
							Read:   to.Ptr(true),
							Write:  to.Ptr(true),
						},
						Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
					},
					{
						PermissionsDisplayText: to.Ptr("read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)."),
						Provider:               to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys),
						ProviderDisplayName:    to.Ptr("Keys"),
						RequiredPermissions: &armsecurityinsights.RequiredPermissions{
							Action: to.Ptr(true),
						},
						Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
					}},
			},
			Publisher: to.Ptr("Qualys"),
			SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{
				{
					Description: to.Ptr("Top 10 Vulerabilities detected"),
					Query:       to.Ptr("{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"),
				}},
			Title: to.Ptr("Qualys Vulnerability Management (CCP DEMO)"),
		},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.CodelessUIDataConnector{
// 		Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
// 		Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindGenericUI),
// 		Properties: &armsecurityinsights.CodelessParameters{
// 			ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{
// 				Availability: &armsecurityinsights.Availability{
// 					IsPreview: to.Ptr(true),
// 					Status: to.Ptr[int32](1),
// 				},
// 				ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{
// 					{
// 						Type: to.Ptr(armsecurityinsights.ConnectivityTypeIsConnectedQuery),
// 						Value: []*string{
// 							to.Ptr("{{graphQueriesTableName}}\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)")},
// 					}},
// 					DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{
// 						{
// 							Name: to.Ptr("{{graphQueriesTableName}}"),
// 							LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"),
// 					}},
// 					DescriptionMarkdown: to.Ptr("The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation "),
// 					GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{
// 						{
// 							BaseQuery: to.Ptr("{{graphQueriesTableName}}"),
// 							Legend: to.Ptr("{{graphQueriesTableName}}"),
// 							MetricName: to.Ptr("Total data received"),
// 					}},
// 					GraphQueriesTableName: to.Ptr("QualysHostDetection_CL"),
// 					InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{
// 						{
// 							Description: to.Ptr(">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr(">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available."),
// 							Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{
// 								{
// 									Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel),
// 									Parameters: map[string]any{
// 										"fillWith":[]any{
// 											"WorkspaceId",
// 										},
// 										"label": "Workspace ID",
// 									},
// 								},
// 								{
// 									Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel),
// 									Parameters: map[string]any{
// 										"fillWith":[]any{
// 											"PrimaryKey",
// 										},
// 										"label": "Primary Key",
// 									},
// 							}},
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."),
// 							Title: to.Ptr("Option 1 - Azure Resource Manager (ARM) Template"),
// 						},
// 						{
// 							Description: to.Ptr("Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."),
// 							Title: to.Ptr("Option 2 - Manual Deployment of Azure Functions"),
// 						},
// 						{
// 							Description: to.Ptr("**1. Create a Function App**\n\n1.  From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n		apiUsername\n		apiPassword\n		workspaceID\n		workspaceKey\n		uri\n		filterParameters\n		timeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https://<API Server>/api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"),
// 							Title: to.Ptr(""),
// 					}},
// 					Permissions: &armsecurityinsights.Permissions{
// 						Customs: []*armsecurityinsights.PermissionsCustomsItem{
// 							{
// 								Name: to.Ptr("Microsoft.Web/sites permissions"),
// 								Description: to.Ptr("Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."),
// 							},
// 							{
// 								Name: to.Ptr("Qualys API Key"),
// 								Description: to.Ptr("A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."),
// 						}},
// 						ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{
// 							{
// 								PermissionsDisplayText: to.Ptr("read and write permissions on the workspace are required."),
// 								Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces),
// 								ProviderDisplayName: to.Ptr("Workspace"),
// 								RequiredPermissions: &armsecurityinsights.RequiredPermissions{
// 									Delete: to.Ptr(true),
// 									Read: to.Ptr(true),
// 									Write: to.Ptr(true),
// 								},
// 								Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
// 							},
// 							{
// 								PermissionsDisplayText: to.Ptr("read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)."),
// 								Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys),
// 								ProviderDisplayName: to.Ptr("Keys"),
// 								RequiredPermissions: &armsecurityinsights.RequiredPermissions{
// 									Action: to.Ptr(true),
// 								},
// 								Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
// 						}},
// 					},
// 					Publisher: to.Ptr("Qualys"),
// 					SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{
// 						{
// 							Description: to.Ptr("Top 10 Vulerabilities detected"),
// 							Query: to.Ptr("{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"),
// 					}},
// 					Title: to.Ptr("Qualys Vulnerability Management (CCP DEMO)"),
// 				},
// 			},
// 		},
// 		                        }

Output:
Example (CreatesOrUpdatesAThreatIntelligenceTaxiiDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceTaxiiDataConnector.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.TiTaxiiDataConnector{
	Etag: to.Ptr("d12423f6-a60b-4ca5-88c0-feb1a182d0f0"),
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii),
	Properties: &armsecurityinsights.TiTaxiiDataConnectorProperties{
		TenantID:     to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
		CollectionID: to.Ptr("135"),
		DataTypes: &armsecurityinsights.TiTaxiiDataConnectorDataTypes{
			TaxiiClient: &armsecurityinsights.TiTaxiiDataConnectorDataTypesTaxiiClient{
				State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
			},
		},
		FriendlyName:        to.Ptr("testTaxii"),
		Password:            to.Ptr("--"),
		PollingFrequency:    to.Ptr(armsecurityinsights.PollingFrequencyOnceADay),
		TaxiiLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t }()),
		TaxiiServer:         to.Ptr("https://limo.anomali.com/api/v1/taxii2/feeds"),
		UserName:            to.Ptr("--"),
		WorkspaceID:         to.Ptr("dd124572-4962-4495-9bd2-9dade12314b4"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.TiTaxiiDataConnector{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("d12423f6-a60b-4ca5-88c0-feb1a182d0f0"),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii),
// 		Properties: &armsecurityinsights.TiTaxiiDataConnectorProperties{
// 			TenantID: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
// 			CollectionID: to.Ptr("135"),
// 			DataTypes: &armsecurityinsights.TiTaxiiDataConnectorDataTypes{
// 				TaxiiClient: &armsecurityinsights.TiTaxiiDataConnectorDataTypesTaxiiClient{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 			FriendlyName: to.Ptr("testTaxii"),
// 			PollingFrequency: to.Ptr(armsecurityinsights.PollingFrequencyOnceADay),
// 			TaxiiLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t}()),
// 			TaxiiServer: to.Ptr("https://limo.anomali.com/api/v1/taxii2/feeds"),
// 			WorkspaceID: to.Ptr("28e5f051-34cb-4208-9037-693e5342a871"),
// 		},
// 	},
// 	                        }

Output:
Example (CreatesOrUpdatesAnOffice365DataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateOfficeDataConnetor.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.OfficeDataConnector{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365),
	Properties: &armsecurityinsights.OfficeDataConnectorProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{
			Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{
				State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
			},
			SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{
				State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
			},
			Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{
				State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
			},
		},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.OfficeDataConnector{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365),
// 		Properties: &armsecurityinsights.OfficeDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{
// 				Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 				SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 				Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (CreatesOrUpdatesAnOffice365ProjectDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateOffice365ProjectDataConnetor.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.Office365ProjectDataConnector{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365Project),
	Properties: &armsecurityinsights.Office365ProjectDataConnectorProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		DataTypes: &armsecurityinsights.Office365ProjectConnectorDataTypes{
			Logs: &armsecurityinsights.Office365ProjectConnectorDataTypesLogs{
				State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
			},
		},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.Office365ProjectDataConnector{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365Project),
// 		Properties: &armsecurityinsights.Office365ProjectDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.Office365ProjectConnectorDataTypes{
// 				Logs: &armsecurityinsights.Office365ProjectConnectorDataTypesLogs{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (CreatesOrUpdatesAnOfficePowerBiDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateOfficePowerBIDataConnector.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.OfficePowerBIDataConnector{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficePowerBI),
	Properties: &armsecurityinsights.OfficePowerBIDataConnectorProperties{
		TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
		DataTypes: &armsecurityinsights.OfficePowerBIConnectorDataTypes{
			Logs: &armsecurityinsights.OfficePowerBIConnectorDataTypesLogs{
				State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
			},
		},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.OfficePowerBIDataConnector{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficePowerBI),
// 		Properties: &armsecurityinsights.OfficePowerBIDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.OfficePowerBIConnectorDataTypes{
// 				Logs: &armsecurityinsights.OfficePowerBIConnectorDataTypesLogs{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (CreatesOrUpdatesAnThreatIntelligencePlatformDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/CreateThreatIntelligenceDataConnector.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.TIDataConnector{
	Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence),
	Properties: &armsecurityinsights.TIDataConnectorProperties{
		TenantID: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
		DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{
			Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{
				State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
			},
		},
		TipLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t }()),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientCreateOrUpdateResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.TIDataConnector{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence),
// 		Properties: &armsecurityinsights.TIDataConnectorProperties{
// 			TenantID: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
// 			DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{
// 				Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 			TipLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t}()),
// 		},
// 	},
// 	                        }

Output:

func (*DataConnectorsClient) Delete 

func (client *DataConnectorsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDeleteOptions) (DataConnectorsClientDeleteResponse, error)

Delete - Delete the data connector. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • dataConnectorID - Connector ID
  • options - DataConnectorsClientDeleteOptions contains the optional parameters for the DataConnectorsClient.Delete method.
Example (DeleteAApiPollingDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DeleteAPIPolling.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:
Example (DeleteAGenericUiDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DeleteGenericUI.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:
Example (DeleteAnOffice365DataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DeleteOfficeDataConnetor.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:
Example (DeleteAnOffice365ProjectDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DeleteOffice365ProjectDataConnetor.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:
Example (DeleteAnOfficePowerBiDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DeleteOfficePowerBIDataConnetor.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewDataConnectorsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*DataConnectorsClient) Disconnect 

func (client *DataConnectorsClient) Disconnect(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientDisconnectOptions) (DataConnectorsClientDisconnectResponse, error)

Disconnect - Disconnect a data connector. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • dataConnectorID - Connector ID
  • options - DataConnectorsClientDisconnectOptions contains the optional parameters for the DataConnectorsClient.Disconnect method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/DisconnectAPIPolling.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewDataConnectorsClient().Disconnect(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*DataConnectorsClient) Get 

func (client *DataConnectorsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, dataConnectorID string, options *DataConnectorsClientGetOptions) (DataConnectorsClientGetResponse, error)

Get - Gets a data connector. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • dataConnectorID - Connector ID
  • options - DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method.
Example (GetAApiPollingDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAPIPolling.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.CodelessAPIPollingDataConnector{
// 		Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
// 		Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAPIPolling),
// 		Properties: &armsecurityinsights.APIPollingParameters{
// 			ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{
// 				Availability: &armsecurityinsights.Availability{
// 					IsPreview: to.Ptr(true),
// 					Status: to.Ptr[int32](1),
// 				},
// 				ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{
// 					{
// 						Type: to.Ptr(armsecurityinsights.ConnectivityType("SentinelKindsV2")),
// 						Value: []*string{
// 						},
// 				}},
// 				CustomImage: to.Ptr("The image connector content"),
// 				DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{
// 					{
// 						Name: to.Ptr("{{graphQueriesTableName}}"),
// 						LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"),
// 				}},
// 				DescriptionMarkdown: to.Ptr("The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process."),
// 				GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{
// 					{
// 						BaseQuery: to.Ptr("{{graphQueriesTableName}}"),
// 						Legend: to.Ptr("GitHub audit log events"),
// 						MetricName: to.Ptr("Total events received"),
// 				}},
// 				GraphQueriesTableName: to.Ptr("GitHubAuditLogPolling_CL"),
// 				InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{
// 					{
// 						Description: to.Ptr("Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key"),
// 						Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{
// 							{
// 								Type: to.Ptr(armsecurityinsights.SettingType("APIKey")),
// 								Parameters: map[string]any{
// 									"enable": "true",
// 									"userRequestPlaceHoldersInput":[]any{
// 										map[string]any{
// 											"displayText": "Organization Name",
// 											"placeHolderName": "{{placeHolder1}}",
// 											"placeHolderValue": "",
// 											"requestObjectKey": "apiEndpoint",
// 										},
// 									},
// 								},
// 						}},
// 						Title: to.Ptr("Connect GitHub Enterprise Audit Log to Azure Sentinel"),
// 				}},
// 				Permissions: &armsecurityinsights.Permissions{
// 					Customs: []*armsecurityinsights.PermissionsCustomsItem{
// 						{
// 							Name: to.Ptr("GitHub API personal token Key"),
// 							Description: to.Ptr("You need access to GitHub personal token, the key should have 'admin:org' scope"),
// 					}},
// 					ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{
// 						{
// 							PermissionsDisplayText: to.Ptr("read and write permissions are required."),
// 							Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces),
// 							ProviderDisplayName: to.Ptr("Workspace"),
// 							RequiredPermissions: &armsecurityinsights.RequiredPermissions{
// 								Delete: to.Ptr(true),
// 								Read: to.Ptr(true),
// 								Write: to.Ptr(true),
// 							},
// 							Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
// 					}},
// 				},
// 				Publisher: to.Ptr("GitHub"),
// 				SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{
// 					{
// 						Description: to.Ptr("All logs"),
// 						Query: to.Ptr("{{graphQueriesTableName}}\n | take 10 <change>"),
// 				}},
// 				Title: to.Ptr("GitHub Enterprise Audit Log"),
// 			},
// 			PollingConfig: &armsecurityinsights.CodelessConnectorPollingConfigProperties{
// 				Auth: &armsecurityinsights.CodelessConnectorPollingAuthProperties{
// 					APIKeyIdentifier: to.Ptr("token"),
// 					APIKeyName: to.Ptr("Authorization"),
// 					AuthType: to.Ptr("APIKey"),
// 				},
// 				Paging: &armsecurityinsights.CodelessConnectorPollingPagingProperties{
// 					PageSizeParaName: to.Ptr("per_page"),
// 					PagingType: to.Ptr("LinkHeader"),
// 				},
// 				Response: &armsecurityinsights.CodelessConnectorPollingResponseProperties{
// 					EventsJSONPaths: []*string{
// 						to.Ptr("$")},
// 					},
// 					Request: &armsecurityinsights.CodelessConnectorPollingRequestProperties{
// 						APIEndpoint: to.Ptr("https://api.github.com/organizations/{{placeHolder1}}/audit-log"),
// 						Headers: map[string]any{
// 							"Accept": "application/json",
// 							"User-Agent": "Scuba",
// 						},
// 						HTTPMethod: to.Ptr("Get"),
// 						QueryParameters: map[string]any{
// 							"phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}",
// 						},
// 						QueryTimeFormat: to.Ptr("yyyy-MM-ddTHH:mm:ssZ"),
// 						QueryWindowInMin: to.Ptr[int32](15),
// 						RateLimitQPS: to.Ptr[int32](50),
// 						RetryCount: to.Ptr[int32](2),
// 						TimeoutInSeconds: to.Ptr[int32](60),
// 					},
// 				},
// 			},
// 		},
// 		                        }

Output:
Example (GetAAscDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAzureSecurityCenterById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "763f9fa1-c2d3-4fa2-93e9-bccd4899aa12", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.ASCDataConnector{
// 		Name: to.Ptr("763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureSecurityCenter),
// 		Properties: &armsecurityinsights.ASCDataConnectorProperties{
// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 			SubscriptionID: to.Ptr("c0688291-89d7-4bed-87a2-a7b1bff43f4c"),
// 		},
// 	},
// 	                        }

Output:
Example (GetADynamics365DataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetDynamics365DataConnectorById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c2541efb-c9a6-47fe-9501-87d1017d1512", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.Dynamics365DataConnector{
// 		Name: to.Ptr("c2541efb-c9a6-47fe-9501-87d1017d1512"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindDynamics365),
// 		Properties: &armsecurityinsights.Dynamics365DataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.Dynamics365DataConnectorDataTypes{
// 				Dynamics365CdsActivities: &armsecurityinsights.Dynamics365DataConnectorDataTypesDynamics365CdsActivities{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAGenericUiDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetGenericUI.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "316ec55e-7138-4d63-ab18-90c8a60fd1c8", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.CodelessUIDataConnector{
// 		Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
// 		Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindGenericUI),
// 		Properties: &armsecurityinsights.CodelessParameters{
// 			ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{
// 				Availability: &armsecurityinsights.Availability{
// 					IsPreview: to.Ptr(true),
// 					Status: to.Ptr[int32](1),
// 				},
// 				ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{
// 					{
// 						Type: to.Ptr(armsecurityinsights.ConnectivityTypeIsConnectedQuery),
// 						Value: []*string{
// 							to.Ptr("{{graphQueriesTableName}}\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)")},
// 					}},
// 					CustomImage: to.Ptr("The image connector content"),
// 					DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{
// 						{
// 							Name: to.Ptr("{{graphQueriesTableName}}"),
// 							LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"),
// 					}},
// 					DescriptionMarkdown: to.Ptr("The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation "),
// 					GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{
// 						{
// 							BaseQuery: to.Ptr("{{graphQueriesTableName}}"),
// 							Legend: to.Ptr("{{graphQueriesTableName}}"),
// 							MetricName: to.Ptr("Total data received"),
// 					}},
// 					GraphQueriesTableName: to.Ptr("QualysHostDetection_CL"),
// 					InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{
// 						{
// 							Description: to.Ptr(">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr(">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available."),
// 							Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{
// 								{
// 									Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel),
// 									Parameters: map[string]any{
// 										"fillWith":[]any{
// 											"WorkspaceId",
// 										},
// 										"label": "Workspace ID",
// 									},
// 								},
// 								{
// 									Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel),
// 									Parameters: map[string]any{
// 										"fillWith":[]any{
// 											"PrimaryKey",
// 										},
// 										"label": "Primary Key",
// 									},
// 							}},
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."),
// 							Title: to.Ptr("Option 1 - Azure Resource Manager (ARM) Template"),
// 						},
// 						{
// 							Description: to.Ptr("Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."),
// 							Title: to.Ptr("Option 2 - Manual Deployment of Azure Functions"),
// 						},
// 						{
// 							Description: to.Ptr("**1. Create a Function App**\n\n1.  From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n		apiUsername\n		apiPassword\n		workspaceID\n		workspaceKey\n		uri\n		filterParameters\n		timeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https://<API Server>/api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."),
// 							Title: to.Ptr(""),
// 						},
// 						{
// 							Description: to.Ptr("**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"),
// 							Title: to.Ptr(""),
// 					}},
// 					Permissions: &armsecurityinsights.Permissions{
// 						Customs: []*armsecurityinsights.PermissionsCustomsItem{
// 							{
// 								Name: to.Ptr("Microsoft.Web/sites permissions"),
// 								Description: to.Ptr("Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."),
// 							},
// 							{
// 								Name: to.Ptr("Qualys API Key"),
// 								Description: to.Ptr("A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."),
// 						}},
// 						ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{
// 							{
// 								PermissionsDisplayText: to.Ptr("read and write permissions on the workspace are required."),
// 								Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces),
// 								ProviderDisplayName: to.Ptr("Workspace"),
// 								RequiredPermissions: &armsecurityinsights.RequiredPermissions{
// 									Delete: to.Ptr(true),
// 									Read: to.Ptr(true),
// 									Write: to.Ptr(true),
// 								},
// 								Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
// 							},
// 							{
// 								PermissionsDisplayText: to.Ptr("read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)."),
// 								Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys),
// 								ProviderDisplayName: to.Ptr("Keys"),
// 								RequiredPermissions: &armsecurityinsights.RequiredPermissions{
// 									Action: to.Ptr(true),
// 								},
// 								Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
// 						}},
// 					},
// 					Publisher: to.Ptr("Qualys"),
// 					SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{
// 						{
// 							Description: to.Ptr("Top 10 Vulerabilities detected"),
// 							Query: to.Ptr("{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"),
// 					}},
// 					Title: to.Ptr("Qualys Vulnerability Management (CCP DEMO)"),
// 				},
// 			},
// 		},
// 		                        }

Output:
Example (GetAIoTDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetIoTById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "d2e5dc7a-f3a2-429d-954b-939fa8c2932e", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.IoTDataConnector{
// 		Name: to.Ptr("d2e5dc7a-f3a2-429d-954b-939fa8c2932e"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/d2e5dc7a-f3a2-429d-954b-939fa8c2932e"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindIOT),
// 		Properties: &armsecurityinsights.IoTDataConnectorProperties{
// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 			SubscriptionID: to.Ptr("c0688291-89d7-4bed-87a2-a7b1bff43f4c"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAMcasDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetMicrosoftCloudAppSecurityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "b96d014d-b5c2-4a01-9aba-a8058f629d42", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.MCASDataConnector{
// 		Name: to.Ptr("b96d014d-b5c2-4a01-9aba-a8058f629d42"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity),
// 		Properties: &armsecurityinsights.MCASDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.MCASDataConnectorDataTypes{
// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 				DiscoveryLogs: &armsecurityinsights.DataConnectorDataTypeCommon{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAMdatpDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetMicrosoftDefenderAdvancedThreatProtectionById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "06b3ccb8-1384-4bcc-aec7-852f6d57161b", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.MDATPDataConnector{
// 		Name: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection),
// 		Properties: &armsecurityinsights.MDATPDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAMicrosoftThreatIntelligenceDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetMicrosoftThreatIntelligenceById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c345bf40-8509-4ed2-b947-50cb773aaf04", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.MSTIDataConnector{
// 		Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftThreatIntelligence),
// 		Properties: &armsecurityinsights.MSTIDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.MSTIDataConnectorDataTypes{
// 				BingSafetyPhishingURL: &armsecurityinsights.MSTIDataConnectorDataTypesBingSafetyPhishingURL{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 					LookbackPeriod: to.Ptr("example ??"),
// 				},
// 				MicrosoftEmergingThreatFeed: &armsecurityinsights.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 					LookbackPeriod: to.Ptr("example"),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAMicrosoftThreatProtectionDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetMicrosoftThreatProtectionById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c345bf40-8509-4ed2-b947-50cb773aaf04", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.MTPDataConnector{
// 		Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftThreatProtection),
// 		Properties: &armsecurityinsights.MTPDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.MTPDataConnectorDataTypes{
// 				Incidents: &armsecurityinsights.MTPDataConnectorDataTypesIncidents{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetATiDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetThreatIntelligenceById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c345bf40-8509-4ed2-b947-50cb773aaf04", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.TIDataConnector{
// 		Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence),
// 		Properties: &armsecurityinsights.TIDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{
// 				Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 			TipLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t}()),
// 		},
// 	},
// 	                        }

Output:
Example (GetATiTaxiiDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetThreatIntelligenceTaxiiById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c39bb458-02a7-4b3f-b0c8-71a1d2692652", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.TiTaxiiDataConnector{
// 		Name: to.Ptr("c39bb458-02a7-4b3f-b0c8-71a1d2692652"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii),
// 		Properties: &armsecurityinsights.TiTaxiiDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			CollectionID: to.Ptr("e0b1f32d-1188-48f7-a7a3-de71924e4b5e"),
// 			DataTypes: &armsecurityinsights.TiTaxiiDataConnectorDataTypes{
// 				TaxiiClient: &armsecurityinsights.TiTaxiiDataConnectorDataTypesTaxiiClient{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 			FriendlyName: to.Ptr("My TI Taxii Connector"),
// 			Password: to.Ptr(""),
// 			PollingFrequency: to.Ptr(armsecurityinsights.PollingFrequencyOnceADay),
// 			TaxiiLookbackPeriod: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-01-01T13:00:30.123Z"); return t}()),
// 			TaxiiServer: to.Ptr("https://mytaxiiserver.com/taxiing/v2/api"),
// 			UserName: to.Ptr(""),
// 			WorkspaceID: to.Ptr("8b014a77-4695-4ef4-96bb-6623afb121a2"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAnAadDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAzureActiveDirectoryById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.AADDataConnector{
// 		Name: to.Ptr("f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory),
// 		Properties: &armsecurityinsights.AADDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAnAatpDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAzureAdvancedThreatProtectionById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "07e42cb3-e658-4e90-801c-efa0f29d3d44", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.AATPDataConnector{
// 		Name: to.Ptr("07e42cb3-e658-4e90-801c-efa0f29d3d44"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureAdvancedThreatProtection),
// 		Properties: &armsecurityinsights.AATPDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAnAwsCloudTrailDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAmazonWebServicesCloudTrailById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "c345bf40-8509-4ed2-b947-50cb773aaf04", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.AwsCloudTrailDataConnector{
// 		Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAmazonWebServicesCloudTrail),
// 		Properties: &armsecurityinsights.AwsCloudTrailDataConnectorProperties{
// 			AwsRoleArn: to.Ptr("myAwsRoleArn"),
// 			DataTypes: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypes{
// 				Logs: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypesLogs{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAnAwsS3DataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetAmazonWebServicesS3ById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "afef3743-0c88-469c-84ff-ca2e87dc1e48", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.AwsS3DataConnector{
// 		Name: to.Ptr("afef3743-0c88-469c-84ff-ca2e87dc1e48"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindAmazonWebServicesS3),
// 		Properties: &armsecurityinsights.AwsS3DataConnectorProperties{
// 			DataTypes: &armsecurityinsights.AwsS3DataConnectorDataTypes{
// 				Logs: &armsecurityinsights.AwsS3DataConnectorDataTypesLogs{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 			DestinationTable: to.Ptr("AWSVPCFlow"),
// 			RoleArn: to.Ptr("arn:aws:iam::072643944673:role/RoleName"),
// 			SqsUrls: []*string{
// 				to.Ptr("https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName")},
// 			},
// 		},
// 		                        }

Output:
Example (GetAnOffice365DataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetOfficeDataConnetorById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.OfficeDataConnector{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365),
// 		Properties: &armsecurityinsights.OfficeDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{
// 				Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 				SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 				Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAnOffice365PowerBiDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetOfficePowerBIDataConnetorById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.OfficePowerBIDataConnector{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficePowerBI),
// 		Properties: &armsecurityinsights.OfficePowerBIDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.OfficePowerBIConnectorDataTypes{
// 				Logs: &armsecurityinsights.OfficePowerBIConnectorDataTypesLogs{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAnOffice365ProjectDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetOffice365ProjectDataConnetorById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.Office365ProjectDataConnector{
// 		Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365Project),
// 		Properties: &armsecurityinsights.Office365ProjectDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.Office365ProjectConnectorDataTypes{
// 				Logs: &armsecurityinsights.Office365ProjectConnectorDataTypesLogs{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAnOfficeAtpDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetOffice365AdvancedThreatProtectionById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "3d3e955e-33eb-401d-89a7-251c81ddd660", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.OfficeATPDataConnector{
// 		Name: to.Ptr("3d3e955e-33eb-401d-89a7-251c81ddd660"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficeATP),
// 		Properties: &armsecurityinsights.OfficeATPDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:
Example (GetAnOfficeIrmDataConnector)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetMicrosoftInsiderRiskManagementById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDataConnectorsClient().Get(ctx, "myRg", "myWorkspace", "3d3e955e-33eb-401d-89a7-251c81ddd660", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.DataConnectorsClientGetResponse{
// 	                            DataConnectorClassification: &armsecurityinsights.OfficeIRMDataConnector{
// 		Name: to.Ptr("3d3e955e-33eb-401d-89a7-251c81ddd660"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficeIRM),
// 		Properties: &armsecurityinsights.OfficeIRMDataConnectorProperties{
// 			TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
// 			DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
// 				Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
// 					State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
// 				},
// 			},
// 		},
// 	},
// 	                        }

Output:

func (*DataConnectorsClient) NewListPager 

func (client *DataConnectorsClient) NewListPager(resourceGroupName string, workspaceName string, options *DataConnectorsClientListOptions) *runtime.Pager[DataConnectorsClientListResponse]

NewListPager - Gets all data connectors.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/dataConnectors/GetDataConnectors.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewDataConnectorsClient().NewListPager("myRg", "myWorkspace", nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.DataConnectorList = armsecurityinsights.DataConnectorList{
	// 	Value: []armsecurityinsights.DataConnectorClassification{
	// 		&armsecurityinsights.ASCDataConnector{
	// 			Name: to.Ptr("763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/763f9fa1-c2d3-4fa2-93e9-bccd4899aa12"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureSecurityCenter),
	// 			Properties: &armsecurityinsights.ASCDataConnectorProperties{
	// 				DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
	// 					Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 				},
	// 				SubscriptionID: to.Ptr("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"),
	// 			},
	// 		},
	// 		&armsecurityinsights.TIDataConnector{
	// 			Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligence),
	// 			Properties: &armsecurityinsights.TIDataConnectorProperties{
	// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 				DataTypes: &armsecurityinsights.TIDataConnectorDataTypes{
	// 					Indicators: &armsecurityinsights.TIDataConnectorDataTypesIndicators{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 				},
	// 			},
	// 		},
	// 		&armsecurityinsights.TiTaxiiDataConnector{
	// 			Name: to.Ptr("c39bb458-02a7-4b3f-b0c8-71a1d2692652"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c39bb458-02a7-4b3f-b0c8-71a1d2692652"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindThreatIntelligenceTaxii),
	// 			Properties: &armsecurityinsights.TiTaxiiDataConnectorProperties{
	// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 				CollectionID: to.Ptr("e0b1f32d-1188-48f7-a7a3-de71924e4b5e"),
	// 				DataTypes: &armsecurityinsights.TiTaxiiDataConnectorDataTypes{
	// 					TaxiiClient: &armsecurityinsights.TiTaxiiDataConnectorDataTypesTaxiiClient{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 				},
	// 				FriendlyName: to.Ptr("My TI Taxii Connector"),
	// 				Password: to.Ptr(""),
	// 				PollingFrequency: to.Ptr(armsecurityinsights.PollingFrequencyOnceAMinute),
	// 				TaxiiServer: to.Ptr("https://mytaxiiserver.com/taxiing/v2/api"),
	// 				UserName: to.Ptr(""),
	// 				WorkspaceID: to.Ptr("8b014a77-4695-4ef4-96bb-6623afb121a2"),
	// 			},
	// 		},
	// 		&armsecurityinsights.AADDataConnector{
	// 			Name: to.Ptr("f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/f0cd27d2-5f03-4c06-ba31-d2dc82dcb51d"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureActiveDirectory),
	// 			Properties: &armsecurityinsights.AADDataConnectorProperties{
	// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 				DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
	// 					Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 				},
	// 			},
	// 		},
	// 		&armsecurityinsights.OfficeDataConnector{
	// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365),
	// 			Properties: &armsecurityinsights.OfficeDataConnectorProperties{
	// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 				DataTypes: &armsecurityinsights.OfficeDataConnectorDataTypes{
	// 					Exchange: &armsecurityinsights.OfficeDataConnectorDataTypesExchange{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 					SharePoint: &armsecurityinsights.OfficeDataConnectorDataTypesSharePoint{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 					Teams: &armsecurityinsights.OfficeDataConnectorDataTypesTeams{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 				},
	// 			},
	// 		},
	// 		&armsecurityinsights.MCASDataConnector{
	// 			Name: to.Ptr("b96d014d-b5c2-4a01-9aba-a8058f629d42"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/b96d014d-b5c2-4a01-9aba-a8058f629d42"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftCloudAppSecurity),
	// 			Properties: &armsecurityinsights.MCASDataConnectorProperties{
	// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 				DataTypes: &armsecurityinsights.MCASDataConnectorDataTypes{
	// 					Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 					DiscoveryLogs: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 				},
	// 			},
	// 		},
	// 		&armsecurityinsights.AATPDataConnector{
	// 			Name: to.Ptr("07e42cb3-e658-4e90-801c-efa0f29d3d44"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/07e42cb3-e658-4e90-801c-efa0f29d3d44"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindAzureAdvancedThreatProtection),
	// 			Properties: &armsecurityinsights.AATPDataConnectorProperties{
	// 				TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 				DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
	// 					Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 				},
	// 			},
	// 		},
	// 		&armsecurityinsights.AwsCloudTrailDataConnector{
	// 			Name: to.Ptr("c345bf40-8509-4ed2-b947-50cb773aaf04"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/c345bf40-8509-4ed2-b947-50cb773aaf04"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindAmazonWebServicesCloudTrail),
	// 			Properties: &armsecurityinsights.AwsCloudTrailDataConnectorProperties{
	// 				AwsRoleArn: to.Ptr("myAwsRoleArn"),
	// 				DataTypes: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypes{
	// 					Logs: &armsecurityinsights.AwsCloudTrailDataConnectorDataTypesLogs{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 				},
	// 			},
	// 		},
	// 		&armsecurityinsights.AwsS3DataConnector{
	// 			Name: to.Ptr("afef3743-0c88-469c-84ff-ca2e87dc1e48"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/afef3743-0c88-469c-84ff-ca2e87dc1e48"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.DataConnectorKindAmazonWebServicesS3),
	// 			Properties: &armsecurityinsights.AwsS3DataConnectorProperties{
	// 				DataTypes: &armsecurityinsights.AwsS3DataConnectorDataTypes{
	// 					Logs: &armsecurityinsights.AwsS3DataConnectorDataTypesLogs{
	// 						State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 					},
	// 				},
	// 				DestinationTable: to.Ptr("AWSVPCFlow"),
	// 				RoleArn: to.Ptr("arn:aws:iam::072643944673:role/RoleName"),
	// 				SqsUrls: []*string{
	// 					to.Ptr("https://sqs.us-west-1.amazonaws.com/111111111111/sqsTestName")},
	// 				},
	// 			},
	// 			&armsecurityinsights.MDATPDataConnector{
	// 				Name: to.Ptr("06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
	// 				Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 				ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/06b3ccb8-1384-4bcc-aec7-852f6d57161b"),
	// 				Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 				Kind: to.Ptr(armsecurityinsights.DataConnectorKindMicrosoftDefenderAdvancedThreatProtection),
	// 				Properties: &armsecurityinsights.MDATPDataConnectorProperties{
	// 					TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 					DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
	// 						Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 							State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 						},
	// 					},
	// 				},
	// 			},
	// 			&armsecurityinsights.OfficeATPDataConnector{
	// 				Name: to.Ptr("3d3e955e-33eb-401d-89a7-251c81ddd660"),
	// 				Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 				ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"),
	// 				Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 				Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficeATP),
	// 				Properties: &armsecurityinsights.OfficeATPDataConnectorProperties{
	// 					TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 					DataTypes: &armsecurityinsights.AlertsDataTypeOfDataConnector{
	// 						Alerts: &armsecurityinsights.DataConnectorDataTypeCommon{
	// 							State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 						},
	// 					},
	// 				},
	// 			},
	// 			&armsecurityinsights.Office365ProjectDataConnector{
	// 				Name: to.Ptr("3d3e955e-33eb-401d-89a7-251c81ddd660"),
	// 				Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 				ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"),
	// 				Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 				Kind: to.Ptr(armsecurityinsights.DataConnectorKindOffice365Project),
	// 				Properties: &armsecurityinsights.Office365ProjectDataConnectorProperties{
	// 					TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 					DataTypes: &armsecurityinsights.Office365ProjectConnectorDataTypes{
	// 						Logs: &armsecurityinsights.Office365ProjectConnectorDataTypesLogs{
	// 							State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 						},
	// 					},
	// 				},
	// 			},
	// 			&armsecurityinsights.OfficePowerBIDataConnector{
	// 				Name: to.Ptr("3d3e955e-33eb-401d-89a7-251c81ddd660"),
	// 				Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 				ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"),
	// 				Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 				Kind: to.Ptr(armsecurityinsights.DataConnectorKindOfficePowerBI),
	// 				Properties: &armsecurityinsights.OfficePowerBIDataConnectorProperties{
	// 					TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 					DataTypes: &armsecurityinsights.OfficePowerBIConnectorDataTypes{
	// 						Logs: &armsecurityinsights.OfficePowerBIConnectorDataTypesLogs{
	// 							State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 						},
	// 					},
	// 				},
	// 			},
	// 			&armsecurityinsights.Dynamics365DataConnector{
	// 				Name: to.Ptr("c2541efb-c9a6-47fe-9501-87d1017d1512"),
	// 				Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 				ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/3d3e955e-33eb-401d-89a7-251c81ddd660"),
	// 				Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 				Kind: to.Ptr(armsecurityinsights.DataConnectorKindDynamics365),
	// 				Properties: &armsecurityinsights.Dynamics365DataConnectorProperties{
	// 					TenantID: to.Ptr("2070ecc9-b4d5-4ae4-adaa-936fa1954fa8"),
	// 					DataTypes: &armsecurityinsights.Dynamics365DataConnectorDataTypes{
	// 						Dynamics365CdsActivities: &armsecurityinsights.Dynamics365DataConnectorDataTypesDynamics365CdsActivities{
	// 							State: to.Ptr(armsecurityinsights.DataTypeStateEnabled),
	// 						},
	// 					},
	// 				},
	// 			},
	// 			&armsecurityinsights.CodelessUIDataConnector{
	// 				Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
	// 				Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 				ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
	// 				Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""),
	// 				Kind: to.Ptr(armsecurityinsights.DataConnectorKindGenericUI),
	// 				Properties: &armsecurityinsights.CodelessParameters{
	// 					ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{
	// 						Availability: &armsecurityinsights.Availability{
	// 							IsPreview: to.Ptr(true),
	// 							Status: to.Ptr[int32](1),
	// 						},
	// 						ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{
	// 							{
	// 								Type: to.Ptr(armsecurityinsights.ConnectivityTypeIsConnectedQuery),
	// 								Value: []*string{
	// 									to.Ptr("{{graphQueriesTableName}}\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)")},
	// 							}},
	// 							CustomImage: to.Ptr("The image connector content"),
	// 							DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{
	// 								{
	// 									Name: to.Ptr("{{graphQueriesTableName}}"),
	// 									LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"),
	// 							}},
	// 							DescriptionMarkdown: to.Ptr("The [Qualys Vulnerability Management (VM)](https://www.qualys.com/apps/vulnerability-management/) data connector provides the capability to ingest vulnerability host detection data into Azure Sentinel through the Qualys API. The connector provides visibility into host detection data from vulerability scans. This connector provides Azure Sentinel the capability to view dashboards, create custom alerts, and improve investigation "),
	// 							GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{
	// 								{
	// 									BaseQuery: to.Ptr("{{graphQueriesTableName}}"),
	// 									Legend: to.Ptr("{{graphQueriesTableName}}"),
	// 									MetricName: to.Ptr("Total data received"),
	// 							}},
	// 							GraphQueriesTableName: to.Ptr("QualysHostDetection_CL"),
	// 							InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{
	// 								{
	// 									Description: to.Ptr(">**NOTE:** This connector uses Azure Functions to connect to Qualys VM to pull its logs into Azure Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details."),
	// 									Title: to.Ptr(""),
	// 								},
	// 								{
	// 									Description: to.Ptr(">**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App."),
	// 									Title: to.Ptr(""),
	// 								},
	// 								{
	// 									Description: to.Ptr("**STEP 1 - Configuration steps for the Qualys VM API**\n\n1. Log into the Qualys Vulnerability Management console with an administrator account, select the **Users** tab and the **Users** subtab. \n2. Click on the **New** drop-down menu and select **Users..**\n3. Create a username and password for the API account. \n4. In the **User Roles** tab, ensure the account role is set to **Manager** and access is allowed to **GUI** and **API**\n4. Log out of the administrator account and log into the console with the new API credentials for validation, then log out of the API account. \n5. Log back into the console using an administrator account and modify the API accounts User Roles, removing access to **GUI**. \n6. Save all changes."),
	// 									Title: to.Ptr(""),
	// 								},
	// 								{
	// 									Description: to.Ptr("**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**\n\n>**IMPORTANT:** Before deploying the Qualys VM connector, have the Workspace ID and Workspace Primary Key (can be copied from the following), as well as the Qualys VM API Authorization Key(s), readily available."),
	// 									Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{
	// 										{
	// 											Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel),
	// 											Parameters: map[string]any{
	// 												"fillWith":[]any{
	// 													"WorkspaceId",
	// 												},
	// 												"label": "Workspace ID",
	// 											},
	// 										},
	// 										{
	// 											Type: to.Ptr(armsecurityinsights.SettingTypeCopyableLabel),
	// 											Parameters: map[string]any{
	// 												"fillWith":[]any{
	// 													"PrimaryKey",
	// 												},
	// 												"label": "Primary Key",
	// 											},
	// 									}},
	// 									Title: to.Ptr(""),
	// 								},
	// 								{
	// 									Description: to.Ptr("Use this method for automated deployment of the Qualys VM connector using an ARM Tempate.\n\n1. Click the **Deploy to Azure** button below. \n\n	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinelqualysvmazuredeploy)\n2. Select the preferred **Subscription**, **Resource Group** and **Location**. \n3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password** , update the **URI**, and any additional URI **Filter Parameters** (each filter should be separated by an \"&\" symbol, no spaces.) \n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348) -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format. \n - The default **Time Interval** is set to pull the last five (5) minutes of data. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly (in the function.json file, post deployment) to prevent overlapping data ingestion. \n> - Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details. \n4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. \n5. Click **Purchase** to deploy."),
	// 									Title: to.Ptr("Option 1 - Azure Resource Manager (ARM) Template"),
	// 								},
	// 								{
	// 									Description: to.Ptr("Use the following step-by-step instructions to deploy the Quayls VM connector manually with Azure Functions."),
	// 									Title: to.Ptr("Option 2 - Manual Deployment of Azure Functions"),
	// 								},
	// 								{
	// 									Description: to.Ptr("**1. Create a Function App**\n\n1.  From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp), and select **+ Add**.\n2. In the **Basics** tab, ensure Runtime stack is set to **Powershell Core**. \n3. In the **Hosting** tab, ensure the **Consumption (Serverless)** plan type is selected.\n4. Make other preferrable configuration changes, if needed, then click **Create**."),
	// 									Title: to.Ptr(""),
	// 								},
	// 								{
	// 									Description: to.Ptr("**2. Import Function App Code**\n\n1. In the newly created Function App, select **Functions** on the left pane and click **+ New Function**.\n2. Select **Timer Trigger**.\n3. Enter a unique Function **Name** and leave the default cron schedule of every 5 minutes, then click **Create**.\n5. Click on **Code + Test** on the left pane. \n6. Copy the [Function App Code](https://aka.ms/sentinelqualysvmazurefunctioncode) and paste into the Function App `run.ps1` editor.\n7. Click **Save**."),
	// 									Title: to.Ptr(""),
	// 								},
	// 								{
	// 									Description: to.Ptr("**3. Configure the Function App**\n\n1. In the Function App, select the Function App Name and select **Configuration**.\n2. In the **Application settings** tab, select **+ New application setting**.\n3. Add each of the following seven (7) application settings individually, with their respective string values (case-sensitive): \n		apiUsername\n		apiPassword\n		workspaceID\n		workspaceKey\n		uri\n		filterParameters\n		timeInterval\n> - Enter the URI that corresponds to your region. The complete list of API Server URLs can be [found here](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf#G4.735348). The `uri` value must follow the following schema: `https://<API Server>/api/2.0/fo/asset/host/vm/detection/?action=list&vm_processed_after=` -- There is no need to add a time suffix to the URI, the Function App will dynamically append the Time Value to the URI in the proper format.\n> - Add any additional filter parameters, for the `filterParameters` variable, that need to be appended to the URI. Each parameter should be seperated by an \"&\" symbol and should not include any spaces.\n> - Set the `timeInterval` (in minutes) to the value of `5` to correspond to the Timer Trigger of every `5` minutes. If the time interval needs to be modified, it is recommended to change the Function App Timer Trigger accordingly to prevent overlapping data ingestion.\n> - Note: If using Azure Key Vault, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](https://docs.microsoft.com/azure/app-service/app-service-key-vault-references) for further details.\n4. Once all application settings have been entered, click **Save**."),
	// 									Title: to.Ptr(""),
	// 								},
	// 								{
	// 									Description: to.Ptr("**4. Configure the host.json**.\n\nDue to the potentially large amount of Qualys host detection data being ingested, it can cause the execution time to surpass the default Function App timeout of five (5) minutes. Increase the default timeout duration to the maximum of ten (10) minutes, under the Consumption Plan, to allow more time for the Function App to execute.\n\n1. In the Function App, select the Function App Name and select the **App Service Editor** blade.\n2. Click **Go** to open the editor, then select the **host.json** file under the **wwwroot** directory.\n3. Add the line `\"functionTimeout\": \"00:10:00\",` above the `managedDependancy` line \n4. Ensure **SAVED** appears on the top right corner of the editor, then exit the editor.\n\n> NOTE: If a longer timeout duration is required, consider upgrading to an [App Service Plan](https://docs.microsoft.com/azure/azure-functions/functions-scale#timeout)"),
	// 									Title: to.Ptr(""),
	// 							}},
	// 							Permissions: &armsecurityinsights.Permissions{
	// 								Customs: []*armsecurityinsights.PermissionsCustomsItem{
	// 									{
	// 										Name: to.Ptr("Microsoft.Web/sites permissions"),
	// 										Description: to.Ptr("Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](https://docs.microsoft.com/azure/azure-functions/)."),
	// 									},
	// 									{
	// 										Name: to.Ptr("Qualys API Key"),
	// 										Description: to.Ptr("A Qualys VM API username and password is required. [See the documentation to learn more about Qualys VM API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf)."),
	// 								}},
	// 								ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{
	// 									{
	// 										PermissionsDisplayText: to.Ptr("read and write permissions on the workspace are required."),
	// 										Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces),
	// 										ProviderDisplayName: to.Ptr("Workspace"),
	// 										RequiredPermissions: &armsecurityinsights.RequiredPermissions{
	// 											Delete: to.Ptr(true),
	// 											Read: to.Ptr(true),
	// 											Write: to.Ptr(true),
	// 										},
	// 										Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
	// 									},
	// 									{
	// 										PermissionsDisplayText: to.Ptr("read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)."),
	// 										Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys),
	// 										ProviderDisplayName: to.Ptr("Keys"),
	// 										RequiredPermissions: &armsecurityinsights.RequiredPermissions{
	// 											Action: to.Ptr(true),
	// 										},
	// 										Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
	// 								}},
	// 							},
	// 							Publisher: to.Ptr("Qualys"),
	// 							SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{
	// 								{
	// 									Description: to.Ptr("Top 10 Vulerabilities detected"),
	// 									Query: to.Ptr("{{graphQueriesTableName}}\n | mv-expand todynamic(Detections_s)\n | extend Vulnerability = tostring(Detections_s.Results)\n | summarize count() by Vulnerability\n | top 10 by count_"),
	// 							}},
	// 							Title: to.Ptr("Qualys Vulnerability Management (CCP DEMO)"),
	// 						},
	// 					},
	// 				},
	// 				&armsecurityinsights.CodelessAPIPollingDataConnector{
	// 					Name: to.Ptr("316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
	// 					Type: to.Ptr("Microsoft.SecurityInsights/dataConnectors"),
	// 					ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/dataConnectors/316ec55e-7138-4d63-ab18-90c8a60fd1c8"),
	// 					Etag: to.Ptr("\"1a00b074-0000-0100-0000-606ef5bd0000\""),
	// 					Kind: to.Ptr(armsecurityinsights.DataConnectorKindAPIPolling),
	// 					Properties: &armsecurityinsights.APIPollingParameters{
	// 						ConnectorUIConfig: &armsecurityinsights.CodelessUIConnectorConfigProperties{
	// 							Availability: &armsecurityinsights.Availability{
	// 								IsPreview: to.Ptr(true),
	// 								Status: to.Ptr[int32](1),
	// 							},
	// 							ConnectivityCriteria: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesConnectivityCriteriaItem{
	// 								{
	// 									Type: to.Ptr(armsecurityinsights.ConnectivityType("SentinelKindsV2")),
	// 									Value: []*string{
	// 									},
	// 							}},
	// 							DataTypes: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesDataTypesItem{
	// 								{
	// 									Name: to.Ptr("{{graphQueriesTableName}}"),
	// 									LastDataReceivedQuery: to.Ptr("{{graphQueriesTableName}}\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"),
	// 							}},
	// 							DescriptionMarkdown: to.Ptr("The GitHub audit log connector provides the capability to ingest GitHub logs into Azure Sentinel. By connecting GitHub audit logs into Azure Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process."),
	// 							GraphQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesGraphQueriesItem{
	// 								{
	// 									BaseQuery: to.Ptr("{{graphQueriesTableName}}"),
	// 									Legend: to.Ptr("GitHub audit log events"),
	// 									MetricName: to.Ptr("Total events received"),
	// 							}},
	// 							GraphQueriesTableName: to.Ptr("GitHubAuditLogPolling_CL"),
	// 							InstructionSteps: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesInstructionStepsItem{
	// 								{
	// 									Description: to.Ptr("Enable GitHub audit Logs. \n Follow [this](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token) to create or find your personal key"),
	// 									Instructions: []*armsecurityinsights.InstructionStepsInstructionsItem{
	// 										{
	// 											Type: to.Ptr(armsecurityinsights.SettingType("APIKey")),
	// 											Parameters: map[string]any{
	// 												"enable": "true",
	// 												"userRequestPlaceHoldersInput":[]any{
	// 													map[string]any{
	// 														"displayText": "Organization Name",
	// 														"placeHolderName": "{{placeHolder1}}",
	// 														"placeHolderValue": "",
	// 														"requestObjectKey": "apiEndpoint",
	// 													},
	// 												},
	// 											},
	// 									}},
	// 									Title: to.Ptr("Connect GitHub Enterprise Audit Log to Azure Sentinel"),
	// 							}},
	// 							Permissions: &armsecurityinsights.Permissions{
	// 								Customs: []*armsecurityinsights.PermissionsCustomsItem{
	// 									{
	// 										Name: to.Ptr("GitHub API personal token Key"),
	// 										Description: to.Ptr("You need access to GitHub personal token, the key should have 'admin:org' scope"),
	// 								}},
	// 								ResourceProvider: []*armsecurityinsights.PermissionsResourceProviderItem{
	// 									{
	// 										PermissionsDisplayText: to.Ptr("read and write permissions are required."),
	// 										Provider: to.Ptr(armsecurityinsights.ProviderNameMicrosoftOperationalInsightsWorkspaces),
	// 										ProviderDisplayName: to.Ptr("Workspace"),
	// 										RequiredPermissions: &armsecurityinsights.RequiredPermissions{
	// 											Delete: to.Ptr(true),
	// 											Read: to.Ptr(true),
	// 											Write: to.Ptr(true),
	// 										},
	// 										Scope: to.Ptr(armsecurityinsights.PermissionProviderScopeWorkspace),
	// 								}},
	// 							},
	// 							Publisher: to.Ptr("GitHub"),
	// 							SampleQueries: []*armsecurityinsights.CodelessUIConnectorConfigPropertiesSampleQueriesItem{
	// 								{
	// 									Description: to.Ptr("All logs"),
	// 									Query: to.Ptr("{{graphQueriesTableName}}\n | take 10 <change>"),
	// 							}},
	// 							Title: to.Ptr("GitHub Enterprise Audit Log"),
	// 						},
	// 						PollingConfig: &armsecurityinsights.CodelessConnectorPollingConfigProperties{
	// 							Auth: &armsecurityinsights.CodelessConnectorPollingAuthProperties{
	// 								APIKeyIdentifier: to.Ptr("token"),
	// 								APIKeyName: to.Ptr("Authorization"),
	// 								AuthType: to.Ptr("APIKey"),
	// 							},
	// 							Paging: &armsecurityinsights.CodelessConnectorPollingPagingProperties{
	// 								PageSizeParaName: to.Ptr("per_page"),
	// 								PagingType: to.Ptr("LinkHeader"),
	// 							},
	// 							Response: &armsecurityinsights.CodelessConnectorPollingResponseProperties{
	// 								EventsJSONPaths: []*string{
	// 									to.Ptr("$")},
	// 								},
	// 								Request: &armsecurityinsights.CodelessConnectorPollingRequestProperties{
	// 									APIEndpoint: to.Ptr("https://api.github.com/organizations/{{placeHolder1}}/audit-log"),
	// 									Headers: map[string]any{
	// 										"Accept": "application/json",
	// 										"User-Agent": "Scuba",
	// 									},
	// 									HTTPMethod: to.Ptr("Get"),
	// 									QueryParameters: map[string]any{
	// 										"phrase": "created:{_QueryWindowStartTime}..{_QueryWindowEndTime}",
	// 									},
	// 									QueryTimeFormat: to.Ptr("yyyy-MM-ddTHH:mm:ssZ"),
	// 									QueryWindowInMin: to.Ptr[int32](15),
	// 									RateLimitQPS: to.Ptr[int32](50),
	// 									RetryCount: to.Ptr[int32](2),
	// 									TimeoutInSeconds: to.Ptr[int32](60),
	// 								},
	// 							},
	// 						},
	// 				}},
	// 			}
}

Output:

type DataConnectorsClientConnectOptions 

type DataConnectorsClientConnectOptions struct {
}

DataConnectorsClientConnectOptions contains the optional parameters for the DataConnectorsClient.Connect method.

type DataConnectorsClientConnectResponse 

type DataConnectorsClientConnectResponse struct {
}

DataConnectorsClientConnectResponse contains the response from method DataConnectorsClient.Connect.

type DataConnectorsClientCreateOrUpdateOptions 

type DataConnectorsClientCreateOrUpdateOptions struct {
}

DataConnectorsClientCreateOrUpdateOptions contains the optional parameters for the DataConnectorsClient.CreateOrUpdate method.

type DataConnectorsClientCreateOrUpdateResponse 

type DataConnectorsClientCreateOrUpdateResponse struct {
	DataConnectorClassification
}

DataConnectorsClientCreateOrUpdateResponse contains the response from method DataConnectorsClient.CreateOrUpdate.

func (*DataConnectorsClientCreateOrUpdateResponse) UnmarshalJSON 

func (d *DataConnectorsClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientCreateOrUpdateResponse.

type DataConnectorsClientDeleteOptions 

type DataConnectorsClientDeleteOptions struct {
}

DataConnectorsClientDeleteOptions contains the optional parameters for the DataConnectorsClient.Delete method.

type DataConnectorsClientDeleteResponse 

type DataConnectorsClientDeleteResponse struct {
}

DataConnectorsClientDeleteResponse contains the response from method DataConnectorsClient.Delete.

type DataConnectorsClientDisconnectOptions 

type DataConnectorsClientDisconnectOptions struct {
}

DataConnectorsClientDisconnectOptions contains the optional parameters for the DataConnectorsClient.Disconnect method.

type DataConnectorsClientDisconnectResponse 

type DataConnectorsClientDisconnectResponse struct {
}

DataConnectorsClientDisconnectResponse contains the response from method DataConnectorsClient.Disconnect.

type DataConnectorsClientGetOptions 

type DataConnectorsClientGetOptions struct {
}

DataConnectorsClientGetOptions contains the optional parameters for the DataConnectorsClient.Get method.

type DataConnectorsClientGetResponse 

type DataConnectorsClientGetResponse struct {
	DataConnectorClassification
}

DataConnectorsClientGetResponse contains the response from method DataConnectorsClient.Get.

func (*DataConnectorsClientGetResponse) UnmarshalJSON 

func (d *DataConnectorsClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataConnectorsClientGetResponse.

type DataConnectorsClientListOptions 

type DataConnectorsClientListOptions struct {
}

DataConnectorsClientListOptions contains the optional parameters for the DataConnectorsClient.NewListPager method.

type DataConnectorsClientListResponse 

type DataConnectorsClientListResponse struct {
	DataConnectorList
}

DataConnectorsClientListResponse contains the response from method DataConnectorsClient.NewListPager.

type DataTypeDefinitions 

type DataTypeDefinitions struct {
	// The data type name
	DataType *string `json:"dataType,omitempty"`
}

DataTypeDefinitions - The data type definition

func (DataTypeDefinitions) MarshalJSON 

func (d DataTypeDefinitions) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DataTypeDefinitions.

func (*DataTypeDefinitions) UnmarshalJSON 

func (d *DataTypeDefinitions) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DataTypeDefinitions.

type DataTypeState 

type DataTypeState string

DataTypeState - Describe whether this data type connection is enabled or not. 

const (
	DataTypeStateDisabled DataTypeState = "Disabled"
	DataTypeStateEnabled  DataTypeState = "Enabled"
)

func PossibleDataTypeStateValues 

func PossibleDataTypeStateValues() []DataTypeState

PossibleDataTypeStateValues returns the possible values for the DataTypeState const type.

type DeleteStatus 

type DeleteStatus string

DeleteStatus - Indicates whether the file was deleted from the storage account. 

const (
	// DeleteStatusDeleted - The file was deleted.
	DeleteStatusDeleted DeleteStatus = "Deleted"
	// DeleteStatusNotDeleted - The file was not deleted.
	DeleteStatusNotDeleted DeleteStatus = "NotDeleted"
	// DeleteStatusUnspecified - Unspecified
	DeleteStatusUnspecified DeleteStatus = "Unspecified"
)

func PossibleDeleteStatusValues 

func PossibleDeleteStatusValues() []DeleteStatus

PossibleDeleteStatusValues returns the possible values for the DeleteStatus const type.

type DeliveryAction 

type DeliveryAction string

DeliveryAction - The delivery action of this mail message like Delivered, Blocked, Replaced etc 

const (
	// DeliveryActionUnknown - Unknown
	DeliveryActionUnknown DeliveryAction = "Unknown"
	// DeliveryActionDeliveredAsSpam - DeliveredAsSpam
	DeliveryActionDeliveredAsSpam DeliveryAction = "DeliveredAsSpam"
	// DeliveryActionDelivered - Delivered
	DeliveryActionDelivered DeliveryAction = "Delivered"
	// DeliveryActionBlocked - Blocked
	DeliveryActionBlocked DeliveryAction = "Blocked"
	// DeliveryActionReplaced - Replaced
	DeliveryActionReplaced DeliveryAction = "Replaced"
)

func PossibleDeliveryActionValues 

func PossibleDeliveryActionValues() []DeliveryAction

PossibleDeliveryActionValues returns the possible values for the DeliveryAction const type.

type DeliveryLocation 

type DeliveryLocation string

DeliveryLocation - The delivery location of this mail message like Inbox, JunkFolder etc 

const (
	// DeliveryLocationUnknown - Unknown
	DeliveryLocationUnknown DeliveryLocation = "Unknown"
	// DeliveryLocationInbox - Inbox
	DeliveryLocationInbox DeliveryLocation = "Inbox"
	// DeliveryLocationJunkFolder - JunkFolder
	DeliveryLocationJunkFolder DeliveryLocation = "JunkFolder"
	// DeliveryLocationDeletedFolder - DeletedFolder
	DeliveryLocationDeletedFolder DeliveryLocation = "DeletedFolder"
	// DeliveryLocationQuarantine - Quarantine
	DeliveryLocationQuarantine DeliveryLocation = "Quarantine"
	// DeliveryLocationExternal - External
	DeliveryLocationExternal DeliveryLocation = "External"
	// DeliveryLocationFailed - Failed
	DeliveryLocationFailed DeliveryLocation = "Failed"
	// DeliveryLocationDropped - Dropped
	DeliveryLocationDropped DeliveryLocation = "Dropped"
	// DeliveryLocationForwarded - Forwarded
	DeliveryLocationForwarded DeliveryLocation = "Forwarded"
)

func PossibleDeliveryLocationValues 

func PossibleDeliveryLocationValues() []DeliveryLocation

PossibleDeliveryLocationValues returns the possible values for the DeliveryLocation const type.

type Deployment 

type Deployment struct {
	// Deployment identifier.
	DeploymentID *string `json:"deploymentId,omitempty"`

	// Url to access repository action logs.
	DeploymentLogsURL *string `json:"deploymentLogsUrl,omitempty"`

	// The outcome of the deployment.
	DeploymentResult *DeploymentResult `json:"deploymentResult,omitempty"`

	// Current status of the deployment.
	DeploymentState *DeploymentState `json:"deploymentState,omitempty"`

	// The time when the deployment finished.
	DeploymentTime *time.Time `json:"deploymentTime,omitempty"`
}

Deployment - Description about a deployment.

func (Deployment) MarshalJSON 

func (d Deployment) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Deployment.

func (*Deployment) UnmarshalJSON 

func (d *Deployment) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Deployment.

type DeploymentFetchStatus 

type DeploymentFetchStatus string

DeploymentFetchStatus - Status while trying to fetch the deployment information. 

const (
	DeploymentFetchStatusNotFound     DeploymentFetchStatus = "NotFound"
	DeploymentFetchStatusSuccess      DeploymentFetchStatus = "Success"
	DeploymentFetchStatusUnauthorized DeploymentFetchStatus = "Unauthorized"
)

func PossibleDeploymentFetchStatusValues 

func PossibleDeploymentFetchStatusValues() []DeploymentFetchStatus

PossibleDeploymentFetchStatusValues returns the possible values for the DeploymentFetchStatus const type.

type DeploymentInfo 

type DeploymentInfo struct {
	// Deployment information.
	Deployment *Deployment `json:"deployment,omitempty"`

	// Status while fetching the last deployment.
	DeploymentFetchStatus *DeploymentFetchStatus `json:"deploymentFetchStatus,omitempty"`

	// Additional details about the deployment that can be shown to the user.
	Message *string `json:"message,omitempty"`
}

DeploymentInfo - Information regarding a deployment.

func (DeploymentInfo) MarshalJSON 

func (d DeploymentInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type DeploymentInfo.

func (*DeploymentInfo) UnmarshalJSON 

func (d *DeploymentInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type DeploymentInfo.

type DeploymentResult 

type DeploymentResult string

DeploymentResult - Status while trying to fetch the deployment information. 

const (
	DeploymentResultCanceled DeploymentResult = "Canceled"
	DeploymentResultFailed   DeploymentResult = "Failed"
	DeploymentResultSuccess  DeploymentResult = "Success"
)

func PossibleDeploymentResultValues 

func PossibleDeploymentResultValues() []DeploymentResult

PossibleDeploymentResultValues returns the possible values for the DeploymentResult const type.

type DeploymentState 

type DeploymentState string

DeploymentState - The current state of the deployment. 

const (
	DeploymentStateCanceling  DeploymentState = "Canceling"
	DeploymentStateCompleted  DeploymentState = "Completed"
	DeploymentStateInProgress DeploymentState = "In_Progress"
	DeploymentStateQueued     DeploymentState = "Queued"
)

func PossibleDeploymentStateValues 

func PossibleDeploymentStateValues() []DeploymentState

PossibleDeploymentStateValues returns the possible values for the DeploymentState const type.

type DeviceImportance 

type DeviceImportance string

DeviceImportance - Device importance, determines if the device classified as 'crown jewel' 

const (
	// DeviceImportanceHigh - High
	DeviceImportanceHigh DeviceImportance = "High"
	// DeviceImportanceLow - Low
	DeviceImportanceLow DeviceImportance = "Low"
	// DeviceImportanceNormal - Normal
	DeviceImportanceNormal DeviceImportance = "Normal"
	// DeviceImportanceUnknown - Unknown - Default value
	DeviceImportanceUnknown DeviceImportance = "Unknown"
)

func PossibleDeviceImportanceValues 

func PossibleDeviceImportanceValues() []DeviceImportance

PossibleDeviceImportanceValues returns the possible values for the DeviceImportance const type.

type DomainWhoisClient 

type DomainWhoisClient struct {
	// contains filtered or unexported fields
}

DomainWhoisClient contains the methods for the DomainWhois group. Don't use this type directly, use NewDomainWhoisClient() instead.

func NewDomainWhoisClient 

func NewDomainWhoisClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*DomainWhoisClient, error)

NewDomainWhoisClient creates a new instance of DomainWhoisClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*DomainWhoisClient) Get 

func (client *DomainWhoisClient) Get(ctx context.Context, resourceGroupName string, domain string, options *DomainWhoisClientGetOptions) (DomainWhoisClientGetResponse, error)

Get - Get whois information for a single domain name If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • domain - Domain name to be enriched
  • options - DomainWhoisClientGetOptions contains the optional parameters for the DomainWhoisClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/enrichment/GetWhoisByDomainName.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewDomainWhoisClient().Get(ctx, "myRg", "microsoft.com", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.EnrichmentDomainWhois = armsecurityinsights.EnrichmentDomainWhois{
// 	Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T16:15:01.187045Z"); return t}()),
// 	Domain: to.Ptr("microsoft.com"),
// 	ParsedWhois: &armsecurityinsights.EnrichmentDomainWhoisDetails{
// 		Contacts: &armsecurityinsights.EnrichmentDomainWhoisContacts{
// 			Admin: &armsecurityinsights.EnrichmentDomainWhoisContact{
// 				Name: to.Ptr("Administrator"),
// 				Country: to.Ptr("United States"),
// 				Email: to.Ptr("mail@microsoft.com"),
// 				Org: to.Ptr("Microsoft"),
// 				Phone: to.Ptr("1-800-555-1234"),
// 				Postal: to.Ptr("98052"),
// 				State: to.Ptr("WA"),
// 				Street: []*string{
// 					to.Ptr("One Microsoft Way")},
// 				},
// 				Billing: &armsecurityinsights.EnrichmentDomainWhoisContact{
// 					Name: to.Ptr("Administrator"),
// 					Country: to.Ptr("United States"),
// 					Email: to.Ptr("mail@microsoft.com"),
// 					Org: to.Ptr("Microsoft"),
// 					Phone: to.Ptr("1-800-555-1234"),
// 					Postal: to.Ptr("98052"),
// 					State: to.Ptr("WA"),
// 					Street: []*string{
// 						to.Ptr("One Microsoft Way")},
// 					},
// 					Tech: &armsecurityinsights.EnrichmentDomainWhoisContact{
// 						Name: to.Ptr("Administrator"),
// 						Country: to.Ptr("United States"),
// 						Email: to.Ptr("mail@microsoft.com"),
// 						Org: to.Ptr("Microsoft"),
// 						Phone: to.Ptr("1-800-555-1234"),
// 						Postal: to.Ptr("98052"),
// 						State: to.Ptr("WA"),
// 						Street: []*string{
// 							to.Ptr("One Microsoft Way")},
// 						},
// 					},
// 					NameServers: []*string{
// 						to.Ptr("ns1-205.azure-dns.com"),
// 						to.Ptr("ns2-205.azure-dns.net"),
// 						to.Ptr("ns3-205.azure-dns.org"),
// 						to.Ptr("ns4-205.azure-dns.info")},
// 						Registrar: &armsecurityinsights.EnrichmentDomainWhoisRegistrarDetails{
// 							Name: to.Ptr("MarkMonitor, Inc"),
// 							AbuseContactEmail: to.Ptr("abuse@microsoft.com"),
// 							AbuseContactPhone: to.Ptr("12083895770"),
// 							URL: to.Ptr("http://www.markmonitor.com"),
// 							WhoisServer: to.Ptr("whois.markmonitor.com"),
// 						},
// 						Statuses: []*string{
// 							to.Ptr("clientUpdateProhibited"),
// 							to.Ptr("clientTransferProhibited"),
// 							to.Ptr("clientDeleteProhibited"),
// 							to.Ptr("serverUpdateProhibited"),
// 							to.Ptr("serverTransferProhibited"),
// 							to.Ptr("serverDeleteProhibited")},
// 						},
// 						Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T16:15:01.187045Z"); return t}()),
// 					}

Output:

type DomainWhoisClientGetOptions 

type DomainWhoisClientGetOptions struct {
}

DomainWhoisClientGetOptions contains the optional parameters for the DomainWhoisClient.Get method.

type DomainWhoisClientGetResponse 

type DomainWhoisClientGetResponse struct {
	EnrichmentDomainWhois
}

DomainWhoisClientGetResponse contains the response from method DomainWhoisClient.Get.

type Dynamics365CheckRequirements 

type Dynamics365CheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Dynamics365 requirements check properties.
	Properties *Dynamics365CheckRequirementsProperties `json:"properties,omitempty"`
}

Dynamics365CheckRequirements - Represents Dynamics365 requirements check request.

func (*Dynamics365CheckRequirements) GetDataConnectorsCheckRequirements 

func (d *Dynamics365CheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type Dynamics365CheckRequirements.

func (Dynamics365CheckRequirements) MarshalJSON 

func (d Dynamics365CheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Dynamics365CheckRequirements.

func (*Dynamics365CheckRequirements) UnmarshalJSON 

func (d *Dynamics365CheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365CheckRequirements.

type Dynamics365CheckRequirementsProperties 

type Dynamics365CheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

Dynamics365CheckRequirementsProperties - Dynamics365 requirements check properties.

func (Dynamics365CheckRequirementsProperties) MarshalJSON 

func (d Dynamics365CheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Dynamics365CheckRequirementsProperties.

func (*Dynamics365CheckRequirementsProperties) UnmarshalJSON 

func (d *Dynamics365CheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365CheckRequirementsProperties.

type Dynamics365DataConnector 

type Dynamics365DataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Dynamics365 data connector properties.
	Properties *Dynamics365DataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Dynamics365DataConnector - Represents Dynamics365 data connector.

func (*Dynamics365DataConnector) GetDataConnector 

func (d *Dynamics365DataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type Dynamics365DataConnector.

func (Dynamics365DataConnector) MarshalJSON 

func (d Dynamics365DataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnector.

func (*Dynamics365DataConnector) UnmarshalJSON 

func (d *Dynamics365DataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnector.

type Dynamics365DataConnectorDataTypes 

type Dynamics365DataConnectorDataTypes struct {
	// REQUIRED; Common Data Service data type connection.
	Dynamics365CdsActivities *Dynamics365DataConnectorDataTypesDynamics365CdsActivities `json:"dynamics365CdsActivities,omitempty"`
}

Dynamics365DataConnectorDataTypes - The available data types for Dynamics365 data connector.

func (Dynamics365DataConnectorDataTypes) MarshalJSON 

func (d Dynamics365DataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnectorDataTypes.

func (*Dynamics365DataConnectorDataTypes) UnmarshalJSON 

func (d *Dynamics365DataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnectorDataTypes.

type Dynamics365DataConnectorDataTypesDynamics365CdsActivities 

type Dynamics365DataConnectorDataTypesDynamics365CdsActivities struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

Dynamics365DataConnectorDataTypesDynamics365CdsActivities - Common Data Service data type connection.

func (Dynamics365DataConnectorDataTypesDynamics365CdsActivities) MarshalJSON 

func (d Dynamics365DataConnectorDataTypesDynamics365CdsActivities) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnectorDataTypesDynamics365CdsActivities.

func (*Dynamics365DataConnectorDataTypesDynamics365CdsActivities) UnmarshalJSON 

func (d *Dynamics365DataConnectorDataTypesDynamics365CdsActivities) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnectorDataTypesDynamics365CdsActivities.

type Dynamics365DataConnectorProperties 

type Dynamics365DataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *Dynamics365DataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

Dynamics365DataConnectorProperties - Dynamics365 data connector properties.

func (Dynamics365DataConnectorProperties) MarshalJSON 

func (d Dynamics365DataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Dynamics365DataConnectorProperties.

func (*Dynamics365DataConnectorProperties) UnmarshalJSON 

func (d *Dynamics365DataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Dynamics365DataConnectorProperties.

type ElevationToken 

type ElevationToken string

ElevationToken - The elevation token associated with the process. 

const (
	// ElevationTokenDefault - Default elevation token
	ElevationTokenDefault ElevationToken = "Default"
	// ElevationTokenFull - Full elevation token
	ElevationTokenFull ElevationToken = "Full"
	// ElevationTokenLimited - Limited elevation token
	ElevationTokenLimited ElevationToken = "Limited"
)

func PossibleElevationTokenValues 

func PossibleElevationTokenValues() []ElevationToken

PossibleElevationTokenValues returns the possible values for the ElevationToken const type.

type EnrichmentDomainWhois 

type EnrichmentDomainWhois struct {
	// The timestamp at which this record was created
	Created *time.Time `json:"created,omitempty"`

	// The domain for this whois record
	Domain *string `json:"domain,omitempty"`

	// The timestamp at which this record will expire
	Expires *time.Time `json:"expires,omitempty"`

	// The whois record for a given domain
	ParsedWhois *EnrichmentDomainWhoisDetails `json:"parsedWhois,omitempty"`

	// The hostname of this registrar's whois server
	Server *string `json:"server,omitempty"`

	// The timestamp at which this record was last updated
	Updated *time.Time `json:"updated,omitempty"`
}

EnrichmentDomainWhois - Whois information for a given domain and associated metadata

func (EnrichmentDomainWhois) MarshalJSON 

func (e EnrichmentDomainWhois) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhois.

func (*EnrichmentDomainWhois) UnmarshalJSON 

func (e *EnrichmentDomainWhois) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhois.

type EnrichmentDomainWhoisContact 

type EnrichmentDomainWhoisContact struct {
	// The city for this contact
	City *string `json:"city,omitempty"`

	// The country for this contact
	Country *string `json:"country,omitempty"`

	// The email address for this contact
	Email *string `json:"email,omitempty"`

	// The fax number for this contact
	Fax *string `json:"fax,omitempty"`

	// The name of this contact
	Name *string `json:"name,omitempty"`

	// The organization for this contact
	Org *string `json:"org,omitempty"`

	// The phone number for this contact
	Phone *string `json:"phone,omitempty"`

	// The postal code for this contact
	Postal *string `json:"postal,omitempty"`

	// The state for this contact
	State *string `json:"state,omitempty"`

	// A list describing the street address for this contact
	Street []*string `json:"street,omitempty"`
}

EnrichmentDomainWhoisContact - An individual contact associated with this domain

func (EnrichmentDomainWhoisContact) MarshalJSON 

func (e EnrichmentDomainWhoisContact) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisContact.

func (*EnrichmentDomainWhoisContact) UnmarshalJSON 

func (e *EnrichmentDomainWhoisContact) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhoisContact.

type EnrichmentDomainWhoisContacts 

type EnrichmentDomainWhoisContacts struct {
	// The admin contact for this whois record
	Admin *EnrichmentDomainWhoisContact `json:"admin,omitempty"`

	// The billing contact for this whois record
	Billing *EnrichmentDomainWhoisContact `json:"billing,omitempty"`

	// The registrant contact for this whois record
	Registrant *EnrichmentDomainWhoisContact `json:"registrant,omitempty"`

	// The technical contact for this whois record
	Tech *EnrichmentDomainWhoisContact `json:"tech,omitempty"`
}

EnrichmentDomainWhoisContacts - The set of contacts associated with this domain

func (EnrichmentDomainWhoisContacts) MarshalJSON 

func (e EnrichmentDomainWhoisContacts) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisContacts.

func (*EnrichmentDomainWhoisContacts) UnmarshalJSON 

func (e *EnrichmentDomainWhoisContacts) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhoisContacts.

type EnrichmentDomainWhoisDetails 

type EnrichmentDomainWhoisDetails struct {
	// The set of contacts associated with this domain
	Contacts *EnrichmentDomainWhoisContacts `json:"contacts,omitempty"`

	// A list of name servers associated with this domain
	NameServers []*string `json:"nameServers,omitempty"`

	// The registrar associated with this domain
	Registrar *EnrichmentDomainWhoisRegistrarDetails `json:"registrar,omitempty"`

	// The set of status flags for this whois record
	Statuses []*string `json:"statuses,omitempty"`
}

EnrichmentDomainWhoisDetails - The whois record for a given domain

func (EnrichmentDomainWhoisDetails) MarshalJSON 

func (e EnrichmentDomainWhoisDetails) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisDetails.

func (*EnrichmentDomainWhoisDetails) UnmarshalJSON 

func (e *EnrichmentDomainWhoisDetails) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhoisDetails.

type EnrichmentDomainWhoisRegistrarDetails 

type EnrichmentDomainWhoisRegistrarDetails struct {
	// This registrar's abuse contact email
	AbuseContactEmail *string `json:"abuseContactEmail,omitempty"`

	// This registrar's abuse contact phone number
	AbuseContactPhone *string `json:"abuseContactPhone,omitempty"`

	// This registrar's Internet Assigned Numbers Authority id
	IanaID *string `json:"ianaId,omitempty"`

	// The name of this registrar
	Name *string `json:"name,omitempty"`

	// This registrar's URL
	URL *string `json:"url,omitempty"`

	// The hostname of this registrar's whois server
	WhoisServer *string `json:"whoisServer,omitempty"`
}

EnrichmentDomainWhoisRegistrarDetails - The registrar associated with this domain

func (EnrichmentDomainWhoisRegistrarDetails) MarshalJSON 

func (e EnrichmentDomainWhoisRegistrarDetails) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EnrichmentDomainWhoisRegistrarDetails.

func (*EnrichmentDomainWhoisRegistrarDetails) UnmarshalJSON 

func (e *EnrichmentDomainWhoisRegistrarDetails) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentDomainWhoisRegistrarDetails.

type EnrichmentIPGeodata 

type EnrichmentIPGeodata struct {
	// The autonomous system number associated with this IP address
	Asn *string `json:"asn,omitempty"`

	// The name of the carrier for this IP address
	Carrier *string `json:"carrier,omitempty"`

	// The city this IP address is located in
	City *string `json:"city,omitempty"`

	// A numeric rating of confidence that the value in the 'city' field is correct, on a scale of 0-100
	CityCf *int32 `json:"cityCf,omitempty"`

	// The continent this IP address is located on
	Continent *string `json:"continent,omitempty"`

	// The county this IP address is located in
	Country *string `json:"country,omitempty"`

	// A numeric rating of confidence that the value in the 'country' field is correct on a scale of 0-100
	CountryCf *int32 `json:"countryCf,omitempty"`

	// The dotted-decimal or colon-separated string representation of the IP address
	IPAddr *string `json:"ipAddr,omitempty"`

	// A description of the connection type of this IP address
	IPRoutingType *string `json:"ipRoutingType,omitempty"`

	// The latitude of this IP address
	Latitude *string `json:"latitude,omitempty"`

	// The longitude of this IP address
	Longitude *string `json:"longitude,omitempty"`

	// The name of the organization for this IP address
	Organization *string `json:"organization,omitempty"`

	// The type of the organization for this IP address
	OrganizationType *string `json:"organizationType,omitempty"`

	// The geographic region this IP address is located in
	Region *string `json:"region,omitempty"`

	// The state this IP address is located in
	State *string `json:"state,omitempty"`

	// A numeric rating of confidence that the value in the 'state' field is correct on a scale of 0-100
	StateCf *int32 `json:"stateCf,omitempty"`

	// The abbreviated name for the state this IP address is located in
	StateCode *string `json:"stateCode,omitempty"`
}

EnrichmentIPGeodata - Geodata information for a given IP address

func (EnrichmentIPGeodata) MarshalJSON 

func (e EnrichmentIPGeodata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EnrichmentIPGeodata.

func (*EnrichmentIPGeodata) UnmarshalJSON 

func (e *EnrichmentIPGeodata) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EnrichmentIPGeodata.

type EntitiesClient 

type EntitiesClient struct {
	// contains filtered or unexported fields
}

EntitiesClient contains the methods for the Entities group. Don't use this type directly, use NewEntitiesClient() instead.

func NewEntitiesClient 

func NewEntitiesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntitiesClient, error)

NewEntitiesClient creates a new instance of EntitiesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*EntitiesClient) Expand 

func (client *EntitiesClient) Expand(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityExpandParameters, options *EntitiesClientExpandOptions) (EntitiesClientExpandResponse, error)

Expand - Expands an entity. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityID - entity ID
  • parameters - The parameters required to execute an expand operation on the given entity.
  • options - EntitiesClientExpandOptions contains the optional parameters for the EntitiesClient.Expand method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/expand/PostExpandEntity.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Expand(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", armsecurityinsights.EntityExpandParameters{
	EndTime:     to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-05-26T00:00:00.000Z"); return t }()),
	ExpansionID: to.Ptr("a77992f3-25e9-4d01-99a4-5ff606cc410a"),
	StartTime:   to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-04-25T00:00:00.000Z"); return t }()),
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.EntityExpandResponse = armsecurityinsights.EntityExpandResponse{
// 	MetaData: &armsecurityinsights.ExpansionResultsMetadata{
// 		Aggregations: []*armsecurityinsights.ExpansionResultAggregation{
// 			{
// 				Count: to.Ptr[int32](1),
// 				EntityKind: to.Ptr(armsecurityinsights.EntityKindAccount),
// 		}},
// 	},
// 	Value: &armsecurityinsights.EntityExpandResponseValue{
// 		Edges: []*armsecurityinsights.EntityEdges{
// 			{
// 				AdditionalData: map[string]any{
// 					"EpochTimestamp": "1608289949",
// 					"FirstSeen": "2021-09-01T11:12:29.597Z",
// 					"Source": "Heartbeat",
// 				},
// 				TargetEntityID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/c1d60d86-5988-11eb-ae93-0242ac130002"),
// 		}},
// 		Entities: []armsecurityinsights.EntityClassification{
// 			&armsecurityinsights.IPEntity{
// 				Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 				Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 				ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 				Kind: to.Ptr(armsecurityinsights.EntityKindIP),
// 				Properties: &armsecurityinsights.IPEntityProperties{
// 					FriendlyName: to.Ptr("13.89.108.248"),
// 					Address: to.Ptr("13.89.108.248"),
// 				},
// 		}},
// 	},
// }

Output:

func (*EntitiesClient) Get 

func (client *EntitiesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, options *EntitiesClientGetOptions) (EntitiesClientGetResponse, error)

Get - Gets an entity. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityID - entity ID
  • options - EntitiesClientGetOptions contains the optional parameters for the EntitiesClient.Get method.
Example (GetACloudApplicationEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetCloudApplicationEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.CloudApplicationEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindCloudApplication),
// 		Properties: &armsecurityinsights.CloudApplicationEntityProperties{
// 			FriendlyName: to.Ptr("AppName"),
// 			AppID: to.Ptr[int32](1),
// 			AppName: to.Ptr("AppName"),
// 			InstanceName: to.Ptr("InstanceName"),
// 		},
// 	},
// 	                        }

Output:
Example (GetADnsEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetDnsEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "f4e74920-f2c0-4412-a45f-66d94fdf01f8", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.DNSEntity{
// 		Name: to.Ptr("f4e74920-f2c0-4412-a45f-66d94fdf01f8"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/f4e74920-f2c0-4412-a45f-66d94fdf01f8"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindDNSResolution),
// 		Properties: &armsecurityinsights.DNSEntityProperties{
// 			FriendlyName: to.Ptr("domain"),
// 			DomainName: to.Ptr("domain"),
// 			IPAddressEntityIDs: []*string{
// 				to.Ptr("475d3120-33e0-4841-9f1c-a8f15a801d19")},
// 			},
// 		},
// 		                        }

Output:
Example (GetAFileEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetFileEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "af378b21-b4aa-4fe7-bc70-13f8621a322f", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.FileEntity{
// 		Name: to.Ptr("af378b21-b4aa-4fe7-bc70-13f8621a322f"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindFile),
// 		Properties: &armsecurityinsights.FileEntityProperties{
// 			FriendlyName: to.Ptr("cmd.exe"),
// 			Directory: to.Ptr("C:\\Windows\\System32"),
// 			FileName: to.Ptr("cmd.exe"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAFileHashEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetFileHashEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "ea359fa6-c1e5-f878-e105-6344f3e399a1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.FileHashEntity{
// 		Name: to.Ptr("ea359fa6-c1e5-f878-e105-6344f3e399a1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/ea359fa6-c1e5-f878-e105-6344f3e399a1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindFileHash),
// 		Properties: &armsecurityinsights.FileHashEntityProperties{
// 			FriendlyName: to.Ptr("E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0(SHA256)"),
// 			Algorithm: to.Ptr(armsecurityinsights.FileHashAlgorithmSHA256),
// 			HashValue: to.Ptr("E923636F1093C414AAB39F846E9D7A372BEEFA7B628B28179197E539C56AA0F0"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAHostEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetHostEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.HostEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindHost),
// 		Properties: &armsecurityinsights.HostEntityProperties{
// 			FriendlyName: to.Ptr("vm1"),
// 			AzureID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1"),
// 			DNSDomain: to.Ptr("contoso"),
// 			HostName: to.Ptr("vm1"),
// 			IsDomainJoined: to.Ptr(true),
// 			NetBiosName: to.Ptr("contoso"),
// 			NtDomain: to.Ptr("domain"),
// 			OmsAgentID: to.Ptr("70fbdad0-7441-4564-b2b5-2b8862d0fee0"),
// 			OSFamily: to.Ptr(armsecurityinsights.OSFamilyWindows),
// 			OSVersion: to.Ptr("1.0"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAMailClusterEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetMailClusterEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.MailClusterEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindMailCluster),
// 		Properties: &armsecurityinsights.MailClusterEntityProperties{
// 			FriendlyName: to.Ptr("ClusterSourceIdentifier"),
// 			ClusterGroup: to.Ptr("cluster group"),
// 			ClusterSourceIdentifier: to.Ptr("cluster source identifier"),
// 			ClusterSourceType: to.Ptr("Similarity"),
// 			CountByDeliveryStatus: map[string]any{
// 				"deliveryStatus": float64(5),
// 			},
// 			CountByProtectionStatus: map[string]any{
// 				"protectionStatus": float64(65),
// 			},
// 			CountByThreatType: map[string]any{
// 				"threatType": float64(6),
// 			},
// 			NetworkMessageIDs: []*string{
// 				to.Ptr("ccfce855-e02f-491b-a1cc-5bafb371ad0c")},
// 				Query: to.Ptr("kqlFilter"),
// 				QueryTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T01:42:01.6026755Z"); return t}()),
// 				Source: to.Ptr("ClusterSourceIdentifier"),
// 				Threats: []*string{
// 					to.Ptr("thrreat1"),
// 					to.Ptr("thread2")},
// 				},
// 			},
// 			                        }

Output:
Example (GetAMailMessageEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetMailMessageEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.MailMessageEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindMailMessage),
// 		Properties: &armsecurityinsights.MailMessageEntityProperties{
// 			FriendlyName: to.Ptr("cmd.exe"),
// 			DeliveryAction: to.Ptr(armsecurityinsights.DeliveryActionBlocked),
// 			FileEntityIDs: []*string{
// 				to.Ptr("ccfce855-e02f-491b-a1cc-5bafb371ad0c")},
// 				InternetMessageID: to.Ptr("message id"),
// 				P1Sender: to.Ptr("email@fake.com"),
// 				P1SenderDisplayName: to.Ptr("p1 sender display name"),
// 				P1SenderDomain: to.Ptr("p1 sender domain"),
// 				P2Sender: to.Ptr("the sender"),
// 				P2SenderDisplayName: to.Ptr("p2 sender display name"),
// 				P2SenderDomain: to.Ptr("p2 Sender Domain"),
// 				Recipient: to.Ptr("recipient"),
// 				SenderIP: to.Ptr("1.23.34.43"),
// 				Subject: to.Ptr("subject"),
// 				ThreatDetectionMethods: []*string{
// 					to.Ptr("thrreat1"),
// 					to.Ptr("thread2")},
// 					Threats: []*string{
// 						to.Ptr("thrreat1"),
// 						to.Ptr("thread2")},
// 						Urls: []*string{
// 							to.Ptr("http://moqbrarcwmnk.banxhdcojlg.biz")},
// 							Language: to.Ptr("language"),
// 						},
// 					},
// 					                        }

Output:
Example (GetAMailboxEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetMailboxEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.MailboxEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindMailbox),
// 		Properties: &armsecurityinsights.MailboxEntityProperties{
// 			FriendlyName: to.Ptr("emailAddress1"),
// 			DisplayName: to.Ptr("display name"),
// 			ExternalDirectoryObjectID: to.Ptr("18cc8fdc-e169-4451-983a-bd027db286eb"),
// 			MailboxPrimaryAddress: to.Ptr("emailAddress1"),
// 			Upn: to.Ptr("upn1"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAMalwareEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetMalwareEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "af378b21-b4aa-4fe7-bc70-13f8621a322f", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.MalwareEntity{
// 		Name: to.Ptr("af378b21-b4aa-4fe7-bc70-13f8621a322f"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindMalware),
// 		Properties: &armsecurityinsights.MalwareEntityProperties{
// 			FriendlyName: to.Ptr("Win32/Toga!rfn"),
// 			Category: to.Ptr("Trojan"),
// 			MalwareName: to.Ptr("Win32/Toga!rfn"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAProcessEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetProcessEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "7264685c-038c-42c6-948c-38e14ef1fb98", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.ProcessEntity{
// 		Name: to.Ptr("7264685c-038c-42c6-948c-38e14ef1fb98"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/7264685c-038c-42c6-948c-38e14ef1fb98"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindProcess),
// 		Properties: &armsecurityinsights.ProcessEntityProperties{
// 			FriendlyName: to.Ptr("cmd.exe"),
// 			CommandLine: to.Ptr("\"cmd\""),
// 			ImageFileEntityID: to.Ptr("bba7b47b-c1c1-4021-b568-5b07b9292f5e"),
// 			ProcessID: to.Ptr("0x2aa48"),
// 		},
// 	},
// 	                        }

Output:
Example (GetARegistryKeyEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetRegistryKeyEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.RegistryKeyEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindRegistryKey),
// 		Properties: &armsecurityinsights.RegistryKeyEntityProperties{
// 			FriendlyName: to.Ptr("SOFTWARE"),
// 			Hive: to.Ptr(armsecurityinsights.RegistryHiveHKEYLOCALMACHINE),
// 			Key: to.Ptr("SOFTWARE"),
// 		},
// 	},
// 	                        }

Output:
Example (GetARegistryValueEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetRegistryValueEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "dc44bd11-b348-4d76-ad29-37bf7aa41356", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.RegistryValueEntity{
// 		Name: to.Ptr("dc44bd11-b348-4d76-ad29-37bf7aa41356"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/dc44bd11-b348-4d76-ad29-37bf7aa41356"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindRegistryValue),
// 		Properties: &armsecurityinsights.RegistryValueEntityProperties{
// 			FriendlyName: to.Ptr("Data"),
// 			KeyEntityID: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 			ValueData: to.Ptr("Data"),
// 			ValueName: to.Ptr("Name"),
// 			ValueType: to.Ptr(armsecurityinsights.RegistryValueKindString),
// 		},
// 	},
// 	                        }

Output:
Example (GetASecurityAlertEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetSecurityAlertEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "4aa486e0-6f85-41af-99ea-7acdce7be6c8", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.SecurityAlert{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/4aa486e0-6f85-41af-99ea-7acdce7be6c8"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindSecurityAlert),
// 		Properties: &armsecurityinsights.SecurityAlertProperties{
// 			AdditionalData: map[string]any{
// 				"Query": "Heartbeat \n| extend AccountCustomEntity = \"administrator\"",
// 				"Query Period": "05:00:00",
// 				"Search Query Results Overall Count": "203",
// 				"Total Account Entities": "1",
// 				"Trigger Operator": "GreaterThan",
// 				"Trigger Threshold": "200",
// 			},
// 			FriendlyName: to.Ptr("Suspicious account detected"),
// 			Description: to.Ptr(""),
// 			AlertDisplayName: to.Ptr("Suspicious account detected"),
// 			AlertLink: to.Ptr("https://portal.azure.com/#blade/Microsoft_Azure_Security/AlertBlade/alertId/2518119885989999999_4aa486e0-6f85-41af-99ea-7acdce7be6c8/subscriptionId/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/myRg/myWorkspace/referencedFrom/alertDeepLink/location/centralus"),
// 			AlertType: to.Ptr("c8c99641-985d-4e4e-8e91-fb3466cd0e5b_46c7b6c0-ff43-44dd-8b4d-ceffff7aa7df"),
// 			ConfidenceLevel: to.Ptr(armsecurityinsights.ConfidenceLevelUnknown),
// 			EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:21:45.926185Z"); return t}()),
// 			Intent: to.Ptr(armsecurityinsights.KillChainIntentUnknown),
// 			ProcessingEndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-06T13:56:53.5392366Z"); return t}()),
// 			ProductComponentName: to.Ptr("Scheduled Alerts"),
// 			ProductName: to.Ptr("Azure Sentinel"),
// 			ProviderAlertID: to.Ptr("c2bafff9-fb31-41d0-a177-ecbff7a02ffe"),
// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 			StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T08:21:45.926185Z"); return t}()),
// 			Status: to.Ptr(armsecurityinsights.AlertStatusNew),
// 			SystemAlertID: to.Ptr("4aa486e0-6f85-41af-99ea-7acdce7be6c8"),
// 			Tactics: []*armsecurityinsights.AttackTactic{
// 				to.Ptr(armsecurityinsights.AttackTacticPersistence),
// 				to.Ptr(armsecurityinsights.AttackTacticLateralMovement)},
// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T13:56:53.5392366Z"); return t}()),
// 				VendorName: to.Ptr("Microsoft"),
// 			},
// 		},
// 		                        }

Output:
Example (GetASecurityGroupEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetSecurityGroupEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.SecurityGroupEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindSecurityGroup),
// 		Properties: &armsecurityinsights.SecurityGroupEntityProperties{
// 			FriendlyName: to.Ptr("Name"),
// 			DistinguishedName: to.Ptr("Name"),
// 			ObjectGUID: to.Ptr("fb1b8e04-d944-4986-b39a-1ce9adedcd98"),
// 			Sid: to.Ptr("Sid"),
// 		},
// 	},
// 	                        }

Output:
Example (GetASubmissionMailEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetSubmissionMailEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.SubmissionMailEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindSubmissionMail),
// 		Properties: &armsecurityinsights.SubmissionMailEntityProperties{
// 			FriendlyName: to.Ptr("recipient"),
// 			Recipient: to.Ptr("recipient"),
// 			ReportType: to.Ptr("report type"),
// 			Sender: to.Ptr("sender"),
// 			SenderIP: to.Ptr("1.4.35.34"),
// 			Subject: to.Ptr("subject"),
// 			SubmissionID: to.Ptr("5bb3d8fe-54bc-499c-bc21-86fe8df2a184"),
// 			Submitter: to.Ptr("submitter"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAUrlEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetUrlEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.URLEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindURL),
// 		Properties: &armsecurityinsights.URLEntityProperties{
// 			FriendlyName: to.Ptr("https://bing.com"),
// 			URL: to.Ptr("https://bing.com"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAnAccountEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetAccountEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.AccountEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindAccount),
// 		Properties: &armsecurityinsights.AccountEntityProperties{
// 			FriendlyName: to.Ptr("administrator"),
// 			AADTenantID: to.Ptr("70fbdad0-7441-4564-b2b5-2b8862d0fee0"),
// 			AADUserID: to.Ptr("f7033626-2572-46b1-bba0-06646f4f95b3"),
// 			AccountName: to.Ptr("administrator"),
// 			DNSDomain: to.Ptr("contoso.com"),
// 			IsDomainJoined: to.Ptr(true),
// 			NtDomain: to.Ptr("domain"),
// 			ObjectGUID: to.Ptr("11227b78-3c6e-436e-a2a2-02fc7662eca0"),
// 			Puid: to.Ptr("ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d"),
// 			Sid: to.Ptr("S-1-5-18"),
// 			UpnSuffix: to.Ptr("contoso"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAnAzureResourceEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetAzureResourceEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.AzureResourceEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindAzureResource),
// 		Properties: &armsecurityinsights.AzureResourceEntityProperties{
// 			FriendlyName: to.Ptr("vm1"),
// 			ResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1"),
// 			SubscriptionID: to.Ptr("d0cfe6b2-9ac0-4464-9919-dccaee2e48c0"),
// 		},
// 	},
// 	                        }

Output:
Example (GetAnIoTDeviceEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetIoTDeviceEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.IoTDeviceEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindIoTDevice),
// 		Properties: &armsecurityinsights.IoTDeviceEntityProperties{
// 			FriendlyName: to.Ptr("device1"),
// 			DeviceID: to.Ptr("device1"),
// 			DeviceName: to.Ptr("device1"),
// 			DeviceType: to.Ptr("Industrial"),
// 			FirmwareVersion: to.Ptr("20.11"),
// 			Importance: to.Ptr(armsecurityinsights.DeviceImportanceNormal),
// 			IotHubEntityID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/8b2d9401-f953-e89d-2583-be9b4975870c"),
// 			IsAuthorized: to.Ptr(true),
// 			IsProgramming: to.Ptr(false),
// 			IsScanner: to.Ptr(false),
// 			Model: to.Ptr("demo-model"),
// 			NicEntityIDs: []*string{
// 				to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/6ee379bd-ace8-44cf-ab10-ee669a1b71e2")},
// 				OperatingSystem: to.Ptr("Windows"),
// 				Protocols: []*string{
// 					to.Ptr("CIP"),
// 					to.Ptr("EtherNet/IP")},
// 					PurdueLayer: to.Ptr("ProcessControl"),
// 					Sensor: to.Ptr("demo-sensor"),
// 					Site: to.Ptr("demo-site"),
// 					Vendor: to.Ptr("demo-vendor"),
// 					Zone: to.Ptr("zone"),
// 				},
// 			},
// 			                        }

Output:
Example (GetAnIpEntity)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetIpEntityById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Get(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntitiesClientGetResponse{
// 	                            EntityClassification: &armsecurityinsights.IPEntity{
// 		Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entities"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 		Kind: to.Ptr(armsecurityinsights.EntityKindIP),
// 		Properties: &armsecurityinsights.IPEntityProperties{
// 			FriendlyName: to.Ptr("10.3.2.8"),
// 			Address: to.Ptr("10.3.2.8"),
// 		},
// 	},
// 	                        }

Output:

func (*EntitiesClient) GetInsights 

func (client *EntitiesClient) GetInsights(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityGetInsightsParameters, options *EntitiesClientGetInsightsOptions) (EntitiesClientGetInsightsResponse, error)

GetInsights - Execute Insights for an entity. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityID - entity ID
  • parameters - The parameters required to execute insights on the given entity.
  • options - EntitiesClientGetInsightsOptions contains the optional parameters for the EntitiesClient.GetInsights method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/insights/PostGetInsights.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().GetInsights(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", armsecurityinsights.EntityGetInsightsParameters{
	AddDefaultExtendedTimeRange: to.Ptr(false),
	EndTime:                     to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-01T00:00:00.000Z"); return t }()),
	InsightQueryIDs: []*string{
		to.Ptr("cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4")},
	StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T00:00:00.000Z"); return t }()),
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.EntityGetInsightsResponse = armsecurityinsights.EntityGetInsightsResponse{
// 	MetaData: &armsecurityinsights.GetInsightsResultsMetadata{
// 		Errors: []*armsecurityinsights.GetInsightsErrorKind{
// 			{
// 				ErrorMessage: to.Ptr("Internal server error"),
// 				Kind: to.Ptr(armsecurityinsights.GetInsightsErrorInsight),
// 				QueryID: to.Ptr("4a70a63d-25c4-6312-b73e-4f302a90c06a"),
// 		}},
// 		TotalCount: to.Ptr[int32](7),
// 	},
// 	Value: []*armsecurityinsights.EntityInsightItem{
// 		{
// 			ChartQueryResults: []*armsecurityinsights.InsightsTableResult{
// 				{
// 					Columns: []*armsecurityinsights.InsightsTableResultColumnsItem{
// 						{
// 							Name: to.Ptr("TimeGenerated"),
// 							Type: to.Ptr("datetime"),
// 						},
// 						{
// 							Name: to.Ptr("Count"),
// 							Type: to.Ptr("long"),
// 						},
// 						{
// 							Name: to.Ptr("Legend"),
// 							Type: to.Ptr("string"),
// 					}},
// 					Rows: [][]*string{
// 						[]*string{
// 							to.Ptr("2021-09-01T00:00:00.000Z"),
// 							to.Ptr("55"),
// 							to.Ptr("SomeLegend")}},
// 					}},
// 					QueryID: to.Ptr("e29ee1ef-7445-455e-85f1-269f2d536d61"),
// 					QueryTimeInterval: &armsecurityinsights.EntityInsightItemQueryTimeInterval{
// 						EndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:35:20Z"); return t}()),
// 						StartTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:35:20Z"); return t}()),
// 					},
// 					TableQueryResults: &armsecurityinsights.InsightsTableResult{
// 						Columns: []*armsecurityinsights.InsightsTableResultColumnsItem{
// 							{
// 								Name: to.Ptr("Title"),
// 								Type: to.Ptr("string"),
// 							},
// 							{
// 								Name: to.Ptr("NameCount"),
// 								Type: to.Ptr("long"),
// 							},
// 							{
// 								Name: to.Ptr("SIDCount"),
// 								Type: to.Ptr("long"),
// 							},
// 							{
// 								Name: to.Ptr("InternalOrder"),
// 								Type: to.Ptr("long"),
// 							},
// 							{
// 								Name: to.Ptr("Index"),
// 								Type: to.Ptr("long"),
// 						}},
// 						Rows: [][]*string{
// 							[]*string{
// 								to.Ptr("MyTitle"),
// 								to.Ptr("15"),
// 								to.Ptr("SID"),
// 								to.Ptr("1"),
// 								to.Ptr("1")}},
// 							},
// 					}},
// 				}

Output:

func (*EntitiesClient) NewListPager 

func (client *EntitiesClient) NewListPager(resourceGroupName string, workspaceName string, options *EntitiesClientListOptions) *runtime.Pager[EntitiesClientListResponse]

NewListPager - Gets all entities.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - EntitiesClientListOptions contains the optional parameters for the EntitiesClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetEntities.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewEntitiesClient().NewListPager("myRg", "myWorkspace", nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.EntityList = armsecurityinsights.EntityList{
	// 	Value: []armsecurityinsights.EntityClassification{
	// 		&armsecurityinsights.AccountEntity{
	// 			Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/entities"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
	// 			Kind: to.Ptr(armsecurityinsights.EntityKindAccount),
	// 			Properties: &armsecurityinsights.AccountEntityProperties{
	// 				FriendlyName: to.Ptr("administrator"),
	// 				AADTenantID: to.Ptr("70fbdad0-7441-4564-b2b5-2b8862d0fee0"),
	// 				AADUserID: to.Ptr("f7033626-2572-46b1-bba0-06646f4f95b3"),
	// 				AccountName: to.Ptr("administrator"),
	// 				IsDomainJoined: to.Ptr(true),
	// 				NtDomain: to.Ptr("domain"),
	// 				ObjectGUID: to.Ptr("11227b78-3c6e-436e-a2a2-02fc7662eca0"),
	// 				Puid: to.Ptr("ee3cb2d8-14ba-45ef-8009-d6f1cacfa04d"),
	// 				Sid: to.Ptr("S-1-5-18"),
	// 				UpnSuffix: to.Ptr("contoso"),
	// 			},
	// 		},
	// 		&armsecurityinsights.HostEntity{
	// 			Name: to.Ptr("fed9fe89-dce8-40f2-bf44-70f23fe93b3c"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/entities"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/fed9fe89-dce8-40f2-bf44-70f23fe93b3c"),
	// 			Kind: to.Ptr(armsecurityinsights.EntityKindHost),
	// 			Properties: &armsecurityinsights.HostEntityProperties{
	// 				FriendlyName: to.Ptr("vm1"),
	// 				AzureID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1"),
	// 				DNSDomain: to.Ptr("contoso"),
	// 				HostName: to.Ptr("vm1"),
	// 				IsDomainJoined: to.Ptr(true),
	// 				NetBiosName: to.Ptr("contoso"),
	// 				NtDomain: to.Ptr("domain"),
	// 				OmsAgentID: to.Ptr("70fbdad0-7441-4564-b2b5-2b8862d0fee0"),
	// 				OSFamily: to.Ptr(armsecurityinsights.OSFamilyWindows),
	// 				OSVersion: to.Ptr("1.0"),
	// 			},
	// 		},
	// 		&armsecurityinsights.FileEntity{
	// 			Name: to.Ptr("af378b21-b4aa-4fe7-bc70-13f8621a322f"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/entities"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/af378b21-b4aa-4fe7-bc70-13f8621a322f"),
	// 			Kind: to.Ptr(armsecurityinsights.EntityKindFile),
	// 			Properties: &armsecurityinsights.FileEntityProperties{
	// 				FriendlyName: to.Ptr("cmd.exe"),
	// 				Directory: to.Ptr("C:\\Windows\\System32"),
	// 				FileName: to.Ptr("cmd.exe"),
	// 			},
	// 	}},
	// }
}

Output:

func (*EntitiesClient) Queries 

func (client *EntitiesClient) Queries(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, kind EntityItemQueryKind, options *EntitiesClientQueriesOptions) (EntitiesClientQueriesResponse, error)

Queries - Get Insights and Activities for an entity. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityID - entity ID
  • kind - The Kind parameter for queries
  • options - EntitiesClientQueriesOptions contains the optional parameters for the EntitiesClient.Queries method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/GetQueries.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesClient().Queries(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", armsecurityinsights.EntityItemQueryKindInsight, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GetQueriesResponse = armsecurityinsights.GetQueriesResponse{
// 	Value: []armsecurityinsights.EntityQueryItemClassification{
// 		&armsecurityinsights.InsightQueryItem{
// 			Name: to.Ptr("6db7f5d1-f41e-46c2-b935-230b36a569e6"),
// 			Type: to.Ptr("Microsoft.SecurityInsights/entities/queries"),
// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/6db7f5d1-f41e-46c2-b935-230b36a569e6"),
// 			Kind: to.Ptr(armsecurityinsights.EntityQueryKindInsight),
// 			Properties: &armsecurityinsights.InsightQueryItemProperties{
// 				DataTypes: []*armsecurityinsights.EntityQueryItemPropertiesDataTypesItem{
// 					{
// 						DataType: to.Ptr("AuditLogs"),
// 					},
// 					{
// 						DataType: to.Ptr("SecurityEvent"),
// 				}},
// 				EntitiesFilter: map[string]any{
// 				},
// 				InputEntityType: to.Ptr(armsecurityinsights.EntityTypeAccount),
// 				RequiredInputFieldsSets: [][]*string{
// 					[]*string{
// 						to.Ptr("Account_Name"),
// 						to.Ptr("Account_NTDomain")},
// 						[]*string{
// 							to.Ptr("Account_Name"),
// 							to.Ptr("Account_UPNSuffix")},
// 							[]*string{
// 								to.Ptr("Account_AADUserId")},
// 								[]*string{
// 									to.Ptr("Account_SID")}},
// 									Description: to.Ptr("Summary of actions taken on the specified account, grouped by action: password resets and changes, account lockouts (policy or admin), account creation and deletion, account enabled and disabled\n"),
// 									AdditionalQuery: &armsecurityinsights.InsightQueryItemPropertiesAdditionalQuery{
// 										Query: to.Ptr("project TimeGenerated, UserPrincipalName, Account_Name, OperationName, Activity, DisableUser, TargetSid, AADUserId, InitiatedBy, AADTenantId, AccountType, Computer, SubjectAccount, SubjectUserSid, EventData"),
// 										Text: to.Ptr("See all account activity"),
// 									},
// 									BaseQuery: to.Ptr("let GetAccountActions = (v_Account_Name:string, v_Account_NTDomain:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string, v_Account_SID:string){\nAuditLogs\n| where OperationName in~ ('Delete user', 'Change user password', 'Reset user password', 'Change password (self-service)',  'Reset password (by admin)', 'Reset password (self-service)', 'Update user')\n| extend UserPrincipalName = tostring(TargetResources[0].userPrincipalName)\n| extend Account_Name = tostring(split(UserPrincipalName, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserPrincipalName, '@')[1])\n| extend Action = tostring(parse_json(tostring(parse_json(tostring(TargetResources[0].modifiedProperties))[0])))\n| extend ModifiedProperty = parse_json(Action).displayName\n| extend ModifiedValue = parse_json(Action).newValue\n| extend Account_AADUserId = tostring(TargetResources[0].id)\n| extend DisableUser = iif(ModifiedProperty =~ 'AccountEnabled' and ModifiedValue =~ '[false]', 'True', 'False')\n| union isfuzzy=true (\nSecurityEvent\n| where EventID in (4720, 4722, 4723, 4724, 4725, 4726, 4740)\n| extend OperationName = tostring(EventID)\n| where AccountType =~ \"user\" or isempty(AccountType)\n| extend Account_Name = TargetUserName, Account_NTDomain = TargetDomainName, Account_SID = TargetSid\n)\n| where (Account_Name =~ v_Account_Name and (Account_UPNSuffix =~ v_Account_UPNSuffix or Account_NTDomain =~ v_Account_NTDomain)) or Account_AADUserId =~ v_Account_AADUserId or Account_SID =~ v_Account_SID\n};\nGetAccountActions('CTFFUser4', '', 'seccxp.ninja', '', '')\n"),
// 									ChartQuery: map[string]any{
// 										"type": "BarChart",
// 										"dataSets":[]any{
// 											map[string]any{
// 												"legendColumnName": "OperationName",
// 												"query": "summarize Count = count() by bin(TimeGenerated, 1h), OperationName",
// 												"xColumnName": "TimeGenerated",
// 												"yColumnName": "Count",
// 											},
// 										},
// 										"title": "Actions by type",
// 									},
// 									DefaultTimeRange: &armsecurityinsights.InsightQueryItemPropertiesDefaultTimeRange{
// 										AfterRange: to.Ptr("12h"),
// 										BeforeRange: to.Ptr("12h"),
// 									},
// 									DisplayName: to.Ptr("Actions on account"),
// 									TableQuery: &armsecurityinsights.InsightQueryItemPropertiesTableQuery{
// 										ColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem{
// 											{
// 												Header: to.Ptr("Action"),
// 												OutputType: to.Ptr(armsecurityinsights.OutputTypeString),
// 												SupportDeepLink: to.Ptr(false),
// 											},
// 											{
// 												Header: to.Ptr("Most Recent"),
// 												OutputType: to.Ptr(armsecurityinsights.OutputTypeDate),
// 												SupportDeepLink: to.Ptr(false),
// 											},
// 											{
// 												Header: to.Ptr("Count"),
// 												OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber),
// 												SupportDeepLink: to.Ptr(true),
// 										}},
// 										QueriesDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem{
// 											{
// 												Filter: to.Ptr("where OperationName in~ ('Change user password', 'Reset user password', 'Change password (self-service)',  'Reset password (by admin)', 'Reset password (self-service)', '4724', '4723')"),
// 												LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 													{
// 														Query: to.Ptr("{{BaseQuery}} | "),
// 														ProjectedName: to.Ptr("Count"),
// 												}},
// 												Project: to.Ptr("project Title = OperationName, MostRecent, Count"),
// 												Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"),
// 											},
// 											{
// 												Filter: to.Ptr("where OperationName in~ ('Blocked from self-service password reset', '4740')"),
// 												LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 													{
// 														Query: to.Ptr("{{BaseQuery}} | "),
// 														ProjectedName: to.Ptr("Count"),
// 												}},
// 												Project: to.Ptr("project Title = OperationName, MostRecent, Count"),
// 												Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"),
// 											},
// 											{
// 												Filter: to.Ptr("where OperationName  == '4725' or (OperationName  =~ 'Update user' and DisableUser =~ 'True')"),
// 												LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 													{
// 														Query: to.Ptr("{{BaseQuery}} | "),
// 														ProjectedName: to.Ptr("Count"),
// 												}},
// 												Project: to.Ptr("project Title = OperationName, MostRecent, Count"),
// 												Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"),
// 											},
// 											{
// 												Filter: to.Ptr("where OperationName in~ ('Add user', '4720')"),
// 												LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 													{
// 														Query: to.Ptr("{{BaseQuery}} | "),
// 														ProjectedName: to.Ptr("Count"),
// 												}},
// 												Project: to.Ptr("project Title = OperationName, MostRecent, Count"),
// 												Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"),
// 											},
// 											{
// 												Filter: to.Ptr("where OperationName in~ ('Delete user', '4726')"),
// 												LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 													{
// 														Query: to.Ptr("{{BaseQuery}} | "),
// 														ProjectedName: to.Ptr("Count"),
// 												}},
// 												Project: to.Ptr("project Title = OperationName, MostRecent, Count"),
// 												Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"),
// 											},
// 											{
// 												Filter: to.Ptr("where OperationName in~ ('4725', 'Blocked from self-service password reset', '4740') or (OperationName  =~ 'Update user' and DisableUser =~ 'True')"),
// 												LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 													{
// 														Query: to.Ptr("{{BaseQuery}} | "),
// 														ProjectedName: to.Ptr("Count"),
// 												}},
// 												Project: to.Ptr("project Title = OperationName, MostRecent, Count"),
// 												Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"),
// 											},
// 											{
// 												Filter: to.Ptr("where OperationName in~ ('4722', '4767') or (OperationName  =~ 'Update user' and DisableUser =~ 'False')"),
// 												LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 													{
// 														Query: to.Ptr("{{BaseQuery}} | "),
// 														ProjectedName: to.Ptr("Count"),
// 												}},
// 												Project: to.Ptr("project Title = OperationName, MostRecent, Count"),
// 												Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"),
// 											},
// 											{
// 												Filter: to.Ptr("where OperationName in~ ('Update user','4738')"),
// 												LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 													{
// 														Query: to.Ptr("{{BaseQuery}} | "),
// 														ProjectedName: to.Ptr("Count"),
// 												}},
// 												Project: to.Ptr("project Title = OperationName, MostRecent, Count"),
// 												Summarize: to.Ptr("summarize MostRecent = max(TimeGenerated), Count = count() by OperationName"),
// 										}},
// 									},
// 								},
// 							},
// 							&armsecurityinsights.InsightQueryItem{
// 								Name: to.Ptr("0a5d7b14-b485-450a-a0ac-4100c860ac32"),
// 								Type: to.Ptr("Microsoft.SecurityInsights/entities/queries"),
// 								ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/0a5d7b14-b485-450a-a0ac-4100c860ac32"),
// 								Kind: to.Ptr(armsecurityinsights.EntityQueryKindInsight),
// 								Properties: &armsecurityinsights.InsightQueryItemProperties{
// 									DataTypes: []*armsecurityinsights.EntityQueryItemPropertiesDataTypesItem{
// 										{
// 											DataType: to.Ptr("OfficeActivity"),
// 									}},
// 									EntitiesFilter: map[string]any{
// 									},
// 									InputEntityType: to.Ptr(armsecurityinsights.EntityTypeAccount),
// 									RequiredInputFieldsSets: [][]*string{
// 										[]*string{
// 											to.Ptr("Account_Name"),
// 											to.Ptr("Account_UPNSuffix")}},
// 											Description: to.Ptr("Highlight office operations of the user with anomalously high count compared to those observed in the preceding 14 days."),
// 											AdditionalQuery: &armsecurityinsights.InsightQueryItemPropertiesAdditionalQuery{
// 												Query: to.Ptr("make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply  count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh | order by maxAnomalyScorePost desc \n| project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n"),
// 												Text: to.Ptr("Query all anomalous operations"),
// 											},
// 											BaseQuery: to.Ptr("let AScoreThresh = 3; \nlet maxAnomalies = 3;\nlet BeforeRange = 12d; \nlet EndTime = todatetime('{{EndTimeUTC}}'); \nlet StartTime = todatetime('{{StartTimeUTC}}');\nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string) { \n  OfficeActivity \n  | extend splitUserId=split(UserId, '@')\n  | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n  | where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix }; \nuserData('CTFFUser4', 'seccxp.ninja')\n"),
// 											ChartQuery: map[string]any{
// 												"type": "LineChart",
// 												"dataSets":[]any{
// 													map[string]any{
// 														"legendColumnName": "Operation",
// 														"query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project Operation, TimeGenerated, count_\n| mvexpand TimeGenerated, count_ | project todatetime(TimeGenerated), toint(count_), Operation\n",
// 														"xColumnName": "TimeGenerated",
// 														"yColumnName": "count_",
// 													},
// 												},
// 												"title": "Anomalous operation timeline",
// 											},
// 											DefaultTimeRange: &armsecurityinsights.InsightQueryItemPropertiesDefaultTimeRange{
// 												AfterRange: to.Ptr("0d"),
// 												BeforeRange: to.Ptr("1d"),
// 											},
// 											DisplayName: to.Ptr("Anomalously high office operation count"),
// 											ReferenceTimeRange: &armsecurityinsights.InsightQueryItemPropertiesReferenceTimeRange{
// 												BeforeRange: to.Ptr("12d"),
// 											},
// 											TableQuery: &armsecurityinsights.InsightQueryItemPropertiesTableQuery{
// 												ColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem{
// 													{
// 														Header: to.Ptr("Operation"),
// 														OutputType: to.Ptr(armsecurityinsights.OutputTypeString),
// 														SupportDeepLink: to.Ptr(true),
// 													},
// 													{
// 														Header: to.Ptr("Expected Count"),
// 														OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber),
// 														SupportDeepLink: to.Ptr(false),
// 													},
// 													{
// 														Header: to.Ptr("Actual Count"),
// 														OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber),
// 														SupportDeepLink: to.Ptr(false),
// 												}},
// 												QueriesDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem{
// 													{
// 														Filter: to.Ptr("make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by Operation \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost=maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore-maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n"),
// 														LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 															{
// 																Query: to.Ptr("{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where Operation == ''\n"),
// 																ProjectedName: to.Ptr("Operation"),
// 														}},
// 														Project: to.Ptr("project Operation, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)"),
// 														Summarize: to.Ptr("take 1"),
// 												}},
// 											},
// 										},
// 									},
// 									&armsecurityinsights.InsightQueryItem{
// 										Name: to.Ptr("e6cf68e6-1eca-4fbb-9fad-6280f2a9476e"),
// 										Type: to.Ptr("Microsoft.SecurityInsights/entities/queries"),
// 										ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/e6cf68e6-1eca-4fbb-9fad-6280f2a9476e"),
// 										Kind: to.Ptr(armsecurityinsights.EntityQueryKindInsight),
// 										Properties: &armsecurityinsights.InsightQueryItemProperties{
// 											DataTypes: []*armsecurityinsights.EntityQueryItemPropertiesDataTypesItem{
// 												{
// 													DataType: to.Ptr("OfficeActivity"),
// 											}},
// 											EntitiesFilter: map[string]any{
// 											},
// 											InputEntityType: to.Ptr(armsecurityinsights.EntityTypeAccount),
// 											RequiredInputFieldsSets: [][]*string{
// 												[]*string{
// 													to.Ptr("Account_Name"),
// 													to.Ptr("Account_UPNSuffix")},
// 													[]*string{
// 														to.Ptr("Account_AADUserId")}},
// 														Description: to.Ptr("Provides the count and distinct resource accesses by a given user account\n"),
// 														AdditionalQuery: &armsecurityinsights.InsightQueryItemPropertiesAdditionalQuery{
// 															Query: to.Ptr("where Operation in~ (Operations)"),
// 															Text: to.Ptr("See all resource activity"),
// 														},
// 														BaseQuery: to.Ptr("let Operations = dynamic([\"FileDownloaded\", \"FileUploaded\"]);\nlet UserOperationToSharePoint =  (v_Account_Name:string, v_Account_UPNSuffix:string) {\nOfficeActivity\n// Select sharepoint activity that is relevant\n| where RecordType in~ ('SharePointFileOperation')\n| where Operation in~ (Operations)\n| extend Account_Name = tostring(split(UserId, '@')[0])\n| extend Account_UPNSuffix = tostring(split(UserId, '@')[1])\n| where Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix\n| project TimeGenerated, Account_Name, Account_UPNSuffix, UserId, OfficeId, RecordType, Operation, OrganizationId, UserType, UserKey, OfficeWorkload, OfficeObjectId, ClientIP, ItemType, UserAgent, Site_Url, SourceRelativeUrl, SourceFileName, SourceFileExtension , Start_Time , ElevationTime , TenantId, SourceSystem , Type\n};\nUserOperationToSharePoint ('CTFFUser4','seccxp.ninja')\n"),
// 														ChartQuery: map[string]any{
// 															"type": "LineChart",
// 															"dataSets":[]any{
// 																map[string]any{
// 																	"legendColumnName": "Legend",
// 																	"query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileUploaded'), TotalResources = countif(Operation =~ 'FileUploaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Uploads'",
// 																	"xColumnName": "TimeGenerated",
// 																	"yColumnName": "TotalResources",
// 																},
// 																map[string]any{
// 																	"legendColumnName": "Legend",
// 																	"query": "summarize DistinctResources = dcountif(Operation, Operation =~ 'FileDownloaded'), TotalResources = countif(Operation =~ 'FileDownloaded') by bin(TimeGenerated, 1h) | extend Legend = 'File Downloads'",
// 																	"xColumnName": "TimeGenerated",
// 																	"yColumnName": "TotalResources",
// 																},
// 															},
// 															"title": "Resource access over time",
// 														},
// 														DefaultTimeRange: &armsecurityinsights.InsightQueryItemPropertiesDefaultTimeRange{
// 															AfterRange: to.Ptr("12h"),
// 															BeforeRange: to.Ptr("12h"),
// 														},
// 														DisplayName: to.Ptr("Resource access"),
// 														TableQuery: &armsecurityinsights.InsightQueryItemPropertiesTableQuery{
// 															ColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem{
// 																{
// 																	Header: to.Ptr("Resource Type"),
// 																	OutputType: to.Ptr(armsecurityinsights.OutputTypeString),
// 																	SupportDeepLink: to.Ptr(false),
// 																},
// 																{
// 																	Header: to.Ptr("Distinct Resources"),
// 																	OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber),
// 																	SupportDeepLink: to.Ptr(true),
// 																},
// 																{
// 																	Header: to.Ptr("Total Resources"),
// 																	OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber),
// 																	SupportDeepLink: to.Ptr(true),
// 																},
// 																{
// 																	Header: to.Ptr("IPAddress(es)"),
// 																	OutputType: to.Ptr(armsecurityinsights.OutputTypeString),
// 																	SupportDeepLink: to.Ptr(false),
// 															}},
// 															QueriesDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem{
// 																{
// 																	Filter: to.Ptr("where Operation =~ 'FileUploaded'"),
// 																	LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 																		{
// 																			Query: to.Ptr("{{BaseQuery}} | "),
// 																			ProjectedName: to.Ptr("DistinctResources"),
// 																		},
// 																		{
// 																			Query: to.Ptr("{{BaseQuery}} | "),
// 																			ProjectedName: to.Ptr("TotalResources"),
// 																	}},
// 																	Project: to.Ptr("project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')"),
// 																	Summarize: to.Ptr("summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation"),
// 																},
// 																{
// 																	Filter: to.Ptr("where Operation =~ 'FileDownloaded'"),
// 																	LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 																		{
// 																			Query: to.Ptr("{{BaseQuery}} | "),
// 																			ProjectedName: to.Ptr("DistinctResources"),
// 																		},
// 																		{
// 																			Query: to.Ptr("{{BaseQuery}} | "),
// 																			ProjectedName: to.Ptr("TotalResources"),
// 																	}},
// 																	Project: to.Ptr("project Title = Operation, DistinctResources, TotalResources, IPAddresses = case(array_length(IPAddresses) == 1, tostring(IPAddresses[0]), array_length(IPAddresses) > 1, 'Many', 'None')"),
// 																	Summarize: to.Ptr("summarize DistinctResources = dcount(SourceFileName), TotalResources = count(SourceFileName), IPAddresses = make_set(ClientIP) by Operation"),
// 															}},
// 														},
// 													},
// 												},
// 												&armsecurityinsights.InsightQueryItem{
// 													Name: to.Ptr("cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4"),
// 													Type: to.Ptr("Microsoft.SecurityInsights/entities/queries"),
// 													ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/e1d3d618-e11f-478b-98e3-bb381539a8e1/queries/cae8d0aa-aa45-4d53-8d88-17dd64ffd4e4"),
// 													Kind: to.Ptr(armsecurityinsights.EntityQueryKindInsight),
// 													Properties: &armsecurityinsights.InsightQueryItemProperties{
// 														DataTypes: []*armsecurityinsights.EntityQueryItemPropertiesDataTypesItem{
// 															{
// 																DataType: to.Ptr("SigninLogs"),
// 														}},
// 														EntitiesFilter: map[string]any{
// 														},
// 														InputEntityType: to.Ptr(armsecurityinsights.EntityTypeAccount),
// 														RequiredInputFieldsSets: [][]*string{
// 															[]*string{
// 																to.Ptr("Account_Name"),
// 																to.Ptr("Account_UPNSuffix")},
// 																[]*string{
// 																	to.Ptr("Account_AADUserId")}},
// 																	Description: to.Ptr("Highlight Azure sign-in results by the user principal with anomalously high count compared to those observed in the preceding 14 days."),
// 																	AdditionalQuery: &armsecurityinsights.InsightQueryItemPropertiesAdditionalQuery{
// 																		Query: to.Ptr("make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_\n| mv-apply  count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies\n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)\n"),
// 																		Text: to.Ptr("Query all anomalous sign-in results"),
// 																	},
// 																	BaseQuery: to.Ptr("let AScoreThresh=3; \nlet maxAnomalies=3; \nlet BeforeRange = 12d; \nlet EndTime=todatetime('{{EndTimeUTC}}');\nlet StartTime = todatetime('{{StartTimeUTC}}'); \nlet numDays = tolong((EndTime-StartTime)/1d); \nlet userData = (v_Account_Name:string, v_Account_UPNSuffix:string, v_Account_AADUserId:string) { \n   SigninLogs \n   | where TimeGenerated between ((StartTime-BeforeRange) .. EndTime)\n   | extend splitUserId=split(UserPrincipalName, '@')\n   | extend Account_Name = tostring(splitUserId[0]), Account_UPNSuffix = tostring(splitUserId[1])\n   | where (Account_Name =~ v_Account_Name and Account_UPNSuffix =~ v_Account_UPNSuffix) or UserId =~ v_Account_AADUserId };\nuserData('CTFFUser4', 'seccxp.ninja', '')\n"),
// 																	ChartQuery: map[string]any{
// 																		"type": "LineChart",
// 																		"dataSets":[]any{
// 																			map[string]any{
// 																				"legendColumnName": "ResultDescription",
// 																				"query": "make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply  count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,round(postExpectedCount,2)) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc \n| take 1 \n| project ResultDescription, TimeGenerated, count_ \n| mvexpand TimeGenerated, count_ \n| project todatetime(TimeGenerated), toint(count_), ResultDescription \n",
// 																				"xColumnName": "TimeGenerated",
// 																				"yColumnName": "count_",
// 																			},
// 																		},
// 																		"title": "Anomalous sign-in result timeline",
// 																	},
// 																	DefaultTimeRange: &armsecurityinsights.InsightQueryItemPropertiesDefaultTimeRange{
// 																		AfterRange: to.Ptr("0d"),
// 																		BeforeRange: to.Ptr("1d"),
// 																	},
// 																	DisplayName: to.Ptr("Anomalously high Azure sign-in result count"),
// 																	ReferenceTimeRange: &armsecurityinsights.InsightQueryItemPropertiesReferenceTimeRange{
// 																		BeforeRange: to.Ptr("12d"),
// 																	},
// 																	TableQuery: &armsecurityinsights.InsightQueryItemPropertiesTableQuery{
// 																		ColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem{
// 																			{
// 																				Header: to.Ptr("Result Description"),
// 																				OutputType: to.Ptr(armsecurityinsights.OutputTypeString),
// 																				SupportDeepLink: to.Ptr(true),
// 																			},
// 																			{
// 																				Header: to.Ptr("Expected Count"),
// 																				OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber),
// 																				SupportDeepLink: to.Ptr(false),
// 																			},
// 																			{
// 																				Header: to.Ptr("Actual Count"),
// 																				OutputType: to.Ptr(armsecurityinsights.OutputTypeNumber),
// 																				SupportDeepLink: to.Ptr(false),
// 																		}},
// 																		QueriesDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem{
// 																			{
// 																				Filter: to.Ptr("make-series count() default=0 on TimeGenerated from (StartTime - BeforeRange) to EndTime step 1d by ResultDescription \n| extend (anomalies,anomalyScore, expectedCount)=series_decompose_anomalies(count_,AScoreThresh,7,'linefit',numDays, 'ctukey') \n| extend count1=count_, TimeGenerated1=TimeGenerated, anomalyScore1=anomalyScore\n| mv-apply count1 to typeof(long), TimeGenerated1 to typeof(datetime), anomalyScore1 to typeof(double), anomalies to typeof(long) on (summarize totAnomalies=sumif(abs(anomalies), TimeGenerated1 < StartTime), baseStd=stdevif(count1, TimeGenerated1 < StartTime), baseAvg=avgif(count1, TimeGenerated1 < StartTime), maxCountPost=maxif(count1,TimeGenerated1 >= StartTime), maxAnomalyScorePost = maxif(anomalyScore1, TimeGenerated1 >= StartTime)) \n| extend count1=count_ \n| mv-apply  count1 to typeof(long), anomalyScore to typeof(double), expectedCount to typeof(double) on ( summarize (dummy, postExpectedCount, postActualCount)=arg_min(abs(anomalyScore - maxAnomalyScorePost), expectedCount, count1) ) \n| where totAnomalies < maxAnomalies \n| extend postAnomalyScore=iff(baseStd == 0 and maxCountPost > tolong(count_[0]),1000.0,maxAnomalyScorePost), postExpectedCount=iff(postExpectedCount < 0,0.0,postExpectedCount) \n| where maxAnomalyScorePost > AScoreThresh \n| order by maxAnomalyScorePost desc\n"),
// 																				LinkColumnsDefinitions: []*armsecurityinsights.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem{
// 																					{
// 																						Query: to.Ptr("{{BaseQuery}} \n| where TimeGenerated between (StartTime .. EndTime) \n| where ResultDescription == ''\n"),
// 																						ProjectedName: to.Ptr("ResultDescription"),
// 																				}},
// 																				Project: to.Ptr("project ResultDescription, expectedCount=round(postExpectedCount,2), actualCount=postActualCount, anomalyScore=round(postAnomalyScore,2)"),
// 																				Summarize: to.Ptr("take 1"),
// 																		}},
// 																	},
// 																},
// 														}},
// 													}

Output:

type EntitiesClientExpandOptions 

type EntitiesClientExpandOptions struct {
}

EntitiesClientExpandOptions contains the optional parameters for the EntitiesClient.Expand method.

type EntitiesClientExpandResponse 

type EntitiesClientExpandResponse struct {
	EntityExpandResponse
}

EntitiesClientExpandResponse contains the response from method EntitiesClient.Expand.

type EntitiesClientGetInsightsOptions 

type EntitiesClientGetInsightsOptions struct {
}

EntitiesClientGetInsightsOptions contains the optional parameters for the EntitiesClient.GetInsights method.

type EntitiesClientGetInsightsResponse 

type EntitiesClientGetInsightsResponse struct {
	EntityGetInsightsResponse
}

EntitiesClientGetInsightsResponse contains the response from method EntitiesClient.GetInsights.

type EntitiesClientGetOptions 

type EntitiesClientGetOptions struct {
}

EntitiesClientGetOptions contains the optional parameters for the EntitiesClient.Get method.

type EntitiesClientGetResponse 

type EntitiesClientGetResponse struct {
	EntityClassification
}

EntitiesClientGetResponse contains the response from method EntitiesClient.Get.

func (*EntitiesClientGetResponse) UnmarshalJSON 

func (e *EntitiesClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntitiesClientGetResponse.

type EntitiesClientListOptions 

type EntitiesClientListOptions struct {
}

EntitiesClientListOptions contains the optional parameters for the EntitiesClient.NewListPager method.

type EntitiesClientListResponse 

type EntitiesClientListResponse struct {
	EntityList
}

EntitiesClientListResponse contains the response from method EntitiesClient.NewListPager.

type EntitiesClientQueriesOptions 

type EntitiesClientQueriesOptions struct {
}

EntitiesClientQueriesOptions contains the optional parameters for the EntitiesClient.Queries method.

type EntitiesClientQueriesResponse 

type EntitiesClientQueriesResponse struct {
	GetQueriesResponse
}

EntitiesClientQueriesResponse contains the response from method EntitiesClient.Queries.

type EntitiesGetTimelineClient 

type EntitiesGetTimelineClient struct {
	// contains filtered or unexported fields
}

EntitiesGetTimelineClient contains the methods for the EntitiesGetTimeline group. Don't use this type directly, use NewEntitiesGetTimelineClient() instead.

func NewEntitiesGetTimelineClient 

func NewEntitiesGetTimelineClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntitiesGetTimelineClient, error)

NewEntitiesGetTimelineClient creates a new instance of EntitiesGetTimelineClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*EntitiesGetTimelineClient) List 

func (client *EntitiesGetTimelineClient) List(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, parameters EntityTimelineParameters, options *EntitiesGetTimelineClientListOptions) (EntitiesGetTimelineClientListResponse, error)

List - Timeline for an entity. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityID - entity ID
  • parameters - The parameters required to execute an timeline operation on the given entity.
  • options - EntitiesGetTimelineClientListOptions contains the optional parameters for the EntitiesGetTimelineClient.List method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/timeline/PostTimelineEntity.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntitiesGetTimelineClient().List(ctx, "myRg", "myWorkspace", "e1d3d618-e11f-478b-98e3-bb381539a8e1", armsecurityinsights.EntityTimelineParameters{
	EndTime:        to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-01T00:00:00.000Z"); return t }()),
	NumberOfBucket: to.Ptr[int32](4),
	StartTime:      to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T00:00:00.000Z"); return t }()),
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.EntityTimelineResponse = armsecurityinsights.EntityTimelineResponse{
// 	MetaData: &armsecurityinsights.TimelineResultsMetadata{
// 		Aggregations: []*armsecurityinsights.TimelineAggregation{
// 			{
// 				Count: to.Ptr[int32](4),
// 				Kind: to.Ptr(armsecurityinsights.EntityTimelineKindActivity),
// 			},
// 			{
// 				Count: to.Ptr[int32](2),
// 				Kind: to.Ptr(armsecurityinsights.EntityTimelineKindSecurityAlert),
// 			},
// 			{
// 				Count: to.Ptr[int32](1),
// 				Kind: to.Ptr(armsecurityinsights.EntityTimelineKindAnomaly),
// 		}},
// 		Errors: []*armsecurityinsights.TimelineError{
// 			{
// 				ErrorMessage: to.Ptr("syntax error"),
// 				Kind: to.Ptr(armsecurityinsights.EntityTimelineKindActivity),
// 				QueryID: to.Ptr("11067f9f-d6a7-4488-887f-0ba564268879"),
// 			},
// 			{
// 				ErrorMessage: to.Ptr("internal server error"),
// 				Kind: to.Ptr(armsecurityinsights.EntityTimelineKindSecurityAlert),
// 		}},
// 		TotalCount: to.Ptr[int32](6),
// 	},
// 	Value: []armsecurityinsights.EntityTimelineItemClassification{
// 		&armsecurityinsights.SecurityAlertTimelineItem{
// 			Kind: to.Ptr(armsecurityinsights.EntityTimelineKindSecurityAlert),
// 			Description: to.Ptr("The alert description"),
// 			AlertType: to.Ptr("4467341f-fb73-4f99-a9b3-29473532cf5a_c93bf33e-055e-4972-9e7d-f84fe3fb61ae"),
// 			AzureResourceID: to.Ptr("4467341f-fb73-4f99-a9b3-29473532cf5a_bf7c3a2f-b743-6410-3ff0-ec64b5995d50"),
// 			DisplayName: to.Ptr("Alert display name"),
// 			EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:31:28.02Z"); return t}()),
// 			ProductName: to.Ptr("Azure Sentinel"),
// 			Severity: to.Ptr(armsecurityinsights.AlertSeverityMedium),
// 			StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:32:28.01Z"); return t}()),
// 			TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:37:25.8136594Z"); return t}()),
// 		},
// 		&armsecurityinsights.ActivityTimelineItem{
// 			Kind: to.Ptr(armsecurityinsights.EntityTimelineKindActivity),
// 			BucketEndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:31:28.02Z"); return t}()),
// 			BucketStartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T21:31:28.02Z"); return t}()),
// 			Content: to.Ptr("he user has deleted the account 3 time(s)"),
// 			FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T21:35:28.02Z"); return t}()),
// 			LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T21:35:28.02Z"); return t}()),
// 			QueryID: to.Ptr("e0459780-ac9d-4b72-8bd4-fecf6b46a0a1"),
// 			Title: to.Ptr("The user has deleted an account"),
// 		},
// 		&armsecurityinsights.AnomalyTimelineItem{
// 			Kind: to.Ptr(armsecurityinsights.EntityTimelineKindAnomaly),
// 			Description: to.Ptr("Anomalous private to public port scanning activity with high destination port count along with low port ratio. The ratios are normalized by multiplying them by 10,000 to get them to a more usable value between 0.0 and 1.0."),
// 			AzureResourceID: to.Ptr("4467341f-fb73-4f99-a9b3-29473532cf5a_d56430ef-f421-2c9c-0b7d-d082285843c6"),
// 			DisplayName: to.Ptr("(Preview) Anomalous scanning activity"),
// 			EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:31:28.02Z"); return t}()),
// 			Intent: to.Ptr("Discovery"),
// 			ProductName: to.Ptr("Azure Sentinel"),
// 			Reasons: []*string{
// 				to.Ptr("High destination port count"),
// 				to.Ptr("Low port ratio")},
// 				StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:32:28.01Z"); return t}()),
// 				Techniques: []*string{
// 					to.Ptr("T1046")},
// 					TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-09-01T23:37:25.8136594Z"); return t}()),
// 					Vendor: to.Ptr("Microsoft"),
// 			}},
// 		}

Output:

type EntitiesGetTimelineClientListOptions 

type EntitiesGetTimelineClientListOptions struct {
}

EntitiesGetTimelineClientListOptions contains the optional parameters for the EntitiesGetTimelineClient.List method.

type EntitiesGetTimelineClientListResponse 

type EntitiesGetTimelineClientListResponse struct {
	EntityTimelineResponse
}

EntitiesGetTimelineClientListResponse contains the response from method EntitiesGetTimelineClient.List.

type EntitiesRelationsClient 

type EntitiesRelationsClient struct {
	// contains filtered or unexported fields
}

EntitiesRelationsClient contains the methods for the EntitiesRelations group. Don't use this type directly, use NewEntitiesRelationsClient() instead.

func NewEntitiesRelationsClient 

func NewEntitiesRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntitiesRelationsClient, error)

NewEntitiesRelationsClient creates a new instance of EntitiesRelationsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*EntitiesRelationsClient) NewListPager 

func (client *EntitiesRelationsClient) NewListPager(resourceGroupName string, workspaceName string, entityID string, options *EntitiesRelationsClientListOptions) *runtime.Pager[EntitiesRelationsClientListResponse]

NewListPager - Gets all relations of an entity.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityID - entity ID
  • options - EntitiesRelationsClientListOptions contains the optional parameters for the EntitiesRelationsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/relations/GetAllEntityRelations.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewEntitiesRelationsClient().NewListPager("myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", &armsecurityinsights.EntitiesRelationsClientListOptions{Filter: nil,
	Orderby:   nil,
	Top:       nil,
	SkipToken: nil,
})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.RelationList = armsecurityinsights.RelationList{
	// 	Value: []*armsecurityinsights.Relation{
	// 		{
	// 			Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/entities/relations"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 			Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
	// 			Properties: &armsecurityinsights.RelationProperties{
	// 				RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096"),
	// 				RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"),
	// 				RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/incidents"),
	// 			},
	// 	}},
	// }
}

Output:

type EntitiesRelationsClientListOptions 

type EntitiesRelationsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

EntitiesRelationsClientListOptions contains the optional parameters for the EntitiesRelationsClient.NewListPager method.

type EntitiesRelationsClientListResponse 

type EntitiesRelationsClientListResponse struct {
	RelationList
}

EntitiesRelationsClientListResponse contains the response from method EntitiesRelationsClient.NewListPager.

type Entity 

type Entity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Entity - Specific entity.

func (*Entity) GetEntity 

func (e *Entity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type Entity.

func (Entity) MarshalJSON 

func (e Entity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Entity.

func (*Entity) UnmarshalJSON 

func (e *Entity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Entity.

type EntityAnalytics 

type EntityAnalytics struct {
	// REQUIRED; The kind of the setting
	Kind *SettingKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// EntityAnalytics properties
	Properties *EntityAnalyticsProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

EntityAnalytics - Settings with single toggle.

func (*EntityAnalytics) GetSettings 

func (e *EntityAnalytics) GetSettings() *Settings

GetSettings implements the SettingsClassification interface for type EntityAnalytics.

func (EntityAnalytics) MarshalJSON 

func (e EntityAnalytics) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityAnalytics.

func (*EntityAnalytics) UnmarshalJSON 

func (e *EntityAnalytics) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityAnalytics.

type EntityAnalyticsProperties 

type EntityAnalyticsProperties struct {
	// The relevant entity providers that are synced
	EntityProviders []*EntityProviders `json:"entityProviders,omitempty"`
}

EntityAnalyticsProperties - EntityAnalytics property bag.

func (EntityAnalyticsProperties) MarshalJSON 

func (e EntityAnalyticsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityAnalyticsProperties.

func (*EntityAnalyticsProperties) UnmarshalJSON 

func (e *EntityAnalyticsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityAnalyticsProperties.

type EntityClassification 

type EntityClassification interface {
	// GetEntity returns the Entity content of the underlying type.
	GetEntity() *Entity
}

EntityClassification provides polymorphic access to related types. Call the interface's GetEntity() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AccountEntity, *AzureResourceEntity, *CloudApplicationEntity, *DNSEntity, *Entity, *FileEntity, *FileHashEntity, *HostEntity, - *HuntingBookmark, *IPEntity, *IoTDeviceEntity, *MailClusterEntity, *MailMessageEntity, *MailboxEntity, *MalwareEntity, - *NicEntity, *ProcessEntity, *RegistryKeyEntity, *RegistryValueEntity, *SecurityAlert, *SecurityGroupEntity, *SubmissionMailEntity, - *URLEntity

type EntityEdges 

type EntityEdges struct {
	// A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty"`

	// The target entity Id.
	TargetEntityID *string `json:"targetEntityId,omitempty"`
}

EntityEdges - The edge that connects the entity to the other entity.

func (EntityEdges) MarshalJSON 

func (e EntityEdges) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityEdges.

func (*EntityEdges) UnmarshalJSON 

func (e *EntityEdges) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityEdges.

type EntityExpandParameters 

type EntityExpandParameters struct {
	// The end date filter, so the only expansion results returned are before this date.
	EndTime *time.Time `json:"endTime,omitempty"`

	// The Id of the expansion to perform.
	ExpansionID *string `json:"expansionId,omitempty"`

	// The start date filter, so the only expansion results returned are after this date.
	StartTime *time.Time `json:"startTime,omitempty"`
}

EntityExpandParameters - The parameters required to execute an expand operation on the given entity.

func (EntityExpandParameters) MarshalJSON 

func (e EntityExpandParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityExpandParameters.

func (*EntityExpandParameters) UnmarshalJSON 

func (e *EntityExpandParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandParameters.

type EntityExpandResponse 

type EntityExpandResponse struct {
	// The metadata from the expansion operation results.
	MetaData *ExpansionResultsMetadata `json:"metaData,omitempty"`

	// The expansion result values.
	Value *EntityExpandResponseValue `json:"value,omitempty"`
}

EntityExpandResponse - The entity expansion result operation response.

func (EntityExpandResponse) MarshalJSON 

func (e EntityExpandResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityExpandResponse.

func (*EntityExpandResponse) UnmarshalJSON 

func (e *EntityExpandResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandResponse.

type EntityExpandResponseValue 

type EntityExpandResponseValue struct {
	// Array of edges that connects the entity to the list of entities.
	Edges []*EntityEdges `json:"edges,omitempty"`

	// Array of the expansion result entities.
	Entities []EntityClassification `json:"entities,omitempty"`
}

EntityExpandResponseValue - The expansion result values.

func (EntityExpandResponseValue) MarshalJSON 

func (e EntityExpandResponseValue) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityExpandResponseValue.

func (*EntityExpandResponseValue) UnmarshalJSON 

func (e *EntityExpandResponseValue) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityExpandResponseValue.

type EntityFieldMapping 

type EntityFieldMapping struct {
	// Alert V3 identifier
	Identifier *string `json:"identifier,omitempty"`

	// The value of the identifier
	Value *string `json:"value,omitempty"`
}

EntityFieldMapping - Map identifiers of a single entity

func (EntityFieldMapping) MarshalJSON 

func (e EntityFieldMapping) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityFieldMapping.

func (*EntityFieldMapping) UnmarshalJSON 

func (e *EntityFieldMapping) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityFieldMapping.

type EntityGetInsightsParameters 

type EntityGetInsightsParameters struct {
	// REQUIRED; The end timeline date, so the results returned are before this date.
	EndTime *time.Time `json:"endTime,omitempty"`

	// REQUIRED; The start timeline date, so the results returned are after this date.
	StartTime *time.Time `json:"startTime,omitempty"`

	// Indicates if query time range should be extended with default time range of the query. Default value is false
	AddDefaultExtendedTimeRange *bool `json:"addDefaultExtendedTimeRange,omitempty"`

	// List of Insights Query Id. If empty, default value is all insights of this entity
	InsightQueryIDs []*string `json:"insightQueryIds,omitempty"`
}

EntityGetInsightsParameters - The parameters required to execute insights operation on the given entity.

func (EntityGetInsightsParameters) MarshalJSON 

func (e EntityGetInsightsParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityGetInsightsParameters.

func (*EntityGetInsightsParameters) UnmarshalJSON 

func (e *EntityGetInsightsParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityGetInsightsParameters.

type EntityGetInsightsResponse 

type EntityGetInsightsResponse struct {
	// The metadata from the get insights operation results.
	MetaData *GetInsightsResultsMetadata `json:"metaData,omitempty"`

	// The insights result values.
	Value []*EntityInsightItem `json:"value,omitempty"`
}

EntityGetInsightsResponse - The Get Insights result operation response.

func (EntityGetInsightsResponse) MarshalJSON 

func (e EntityGetInsightsResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityGetInsightsResponse.

func (*EntityGetInsightsResponse) UnmarshalJSON 

func (e *EntityGetInsightsResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityGetInsightsResponse.

type EntityInsightItem 

type EntityInsightItem struct {
	// Query results for table insights query.
	ChartQueryResults []*InsightsTableResult `json:"chartQueryResults,omitempty"`

	// The query id of the insight
	QueryID *string `json:"queryId,omitempty"`

	// The Time interval that the query actually executed on.
	QueryTimeInterval *EntityInsightItemQueryTimeInterval `json:"queryTimeInterval,omitempty"`

	// Query results for table insights query.
	TableQueryResults *InsightsTableResult `json:"tableQueryResults,omitempty"`
}

EntityInsightItem - Entity insight Item.

func (EntityInsightItem) MarshalJSON 

func (e EntityInsightItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityInsightItem.

func (*EntityInsightItem) UnmarshalJSON 

func (e *EntityInsightItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityInsightItem.

type EntityInsightItemQueryTimeInterval 

type EntityInsightItemQueryTimeInterval struct {
	// Insight query end time
	EndTime *time.Time `json:"endTime,omitempty"`

	// Insight query start time
	StartTime *time.Time `json:"startTime,omitempty"`
}

EntityInsightItemQueryTimeInterval - The Time interval that the query actually executed on.

func (EntityInsightItemQueryTimeInterval) MarshalJSON 

func (e EntityInsightItemQueryTimeInterval) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityInsightItemQueryTimeInterval.

func (*EntityInsightItemQueryTimeInterval) UnmarshalJSON 

func (e *EntityInsightItemQueryTimeInterval) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityInsightItemQueryTimeInterval.

type EntityItemQueryKind 

type EntityItemQueryKind string
const (
	// EntityItemQueryKindInsight - insight
	EntityItemQueryKindInsight EntityItemQueryKind = "Insight"
)

func PossibleEntityItemQueryKindValues 

func PossibleEntityItemQueryKindValues() []EntityItemQueryKind

PossibleEntityItemQueryKindValues returns the possible values for the EntityItemQueryKind const type.

type EntityKind 

type EntityKind string

EntityKind - The kind of the entity 

const (
	// EntityKindAccount - Entity represents account in the system.
	EntityKindAccount EntityKind = "Account"
	// EntityKindAzureResource - Entity represents azure resource in the system.
	EntityKindAzureResource EntityKind = "AzureResource"
	// EntityKindBookmark - Entity represents bookmark in the system.
	EntityKindBookmark EntityKind = "Bookmark"
	// EntityKindCloudApplication - Entity represents cloud application in the system.
	EntityKindCloudApplication EntityKind = "CloudApplication"
	// EntityKindDNSResolution - Entity represents dns resolution in the system.
	EntityKindDNSResolution EntityKind = "DnsResolution"
	// EntityKindFile - Entity represents file in the system.
	EntityKindFile EntityKind = "File"
	// EntityKindFileHash - Entity represents file hash in the system.
	EntityKindFileHash EntityKind = "FileHash"
	// EntityKindHost - Entity represents host in the system.
	EntityKindHost EntityKind = "Host"
	// EntityKindIP - Entity represents ip in the system.
	EntityKindIP EntityKind = "Ip"
	// EntityKindIoTDevice - Entity represents IoT device in the system.
	EntityKindIoTDevice EntityKind = "IoTDevice"
	// EntityKindMailCluster - Entity represents mail cluster in the system.
	EntityKindMailCluster EntityKind = "MailCluster"
	// EntityKindMailMessage - Entity represents mail message in the system.
	EntityKindMailMessage EntityKind = "MailMessage"
	// EntityKindMailbox - Entity represents mailbox in the system.
	EntityKindMailbox EntityKind = "Mailbox"
	// EntityKindMalware - Entity represents malware in the system.
	EntityKindMalware EntityKind = "Malware"
	// EntityKindNic - Entity represents network interface in the system.
	EntityKindNic EntityKind = "Nic"
	// EntityKindProcess - Entity represents process in the system.
	EntityKindProcess EntityKind = "Process"
	// EntityKindRegistryKey - Entity represents registry key in the system.
	EntityKindRegistryKey EntityKind = "RegistryKey"
	// EntityKindRegistryValue - Entity represents registry value in the system.
	EntityKindRegistryValue EntityKind = "RegistryValue"
	// EntityKindSecurityAlert - Entity represents security alert in the system.
	EntityKindSecurityAlert EntityKind = "SecurityAlert"
	// EntityKindSecurityGroup - Entity represents security group in the system.
	EntityKindSecurityGroup EntityKind = "SecurityGroup"
	// EntityKindSubmissionMail - Entity represents submission mail in the system.
	EntityKindSubmissionMail EntityKind = "SubmissionMail"
	// EntityKindURL - Entity represents url in the system.
	EntityKindURL EntityKind = "Url"
)

func PossibleEntityKindValues 

func PossibleEntityKindValues() []EntityKind

PossibleEntityKindValues returns the possible values for the EntityKind const type.

type EntityList 

type EntityList struct {
	// REQUIRED; Array of entities.
	Value []EntityClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of entities.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

EntityList - List of all the entities.

func (EntityList) MarshalJSON 

func (e EntityList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityList.

func (*EntityList) UnmarshalJSON 

func (e *EntityList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityList.

type EntityMapping 

type EntityMapping struct {
	// The V3 type of the mapped entity
	EntityType *EntityMappingType `json:"entityType,omitempty"`

	// array of field mappings for the given entity mapping
	FieldMappings []*FieldMapping `json:"fieldMappings,omitempty"`
}

EntityMapping - Single entity mapping for the alert rule

func (EntityMapping) MarshalJSON 

func (e EntityMapping) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityMapping.

func (*EntityMapping) UnmarshalJSON 

func (e *EntityMapping) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityMapping.

type EntityMappingType 

type EntityMappingType string

EntityMappingType - The V3 type of the mapped entity 

const (
	// EntityMappingTypeAccount - User account entity type
	EntityMappingTypeAccount EntityMappingType = "Account"
	// EntityMappingTypeAzureResource - Azure resource entity type
	EntityMappingTypeAzureResource EntityMappingType = "AzureResource"
	// EntityMappingTypeCloudApplication - Cloud app entity type
	EntityMappingTypeCloudApplication EntityMappingType = "CloudApplication"
	// EntityMappingTypeDNS - DNS entity type
	EntityMappingTypeDNS EntityMappingType = "DNS"
	// EntityMappingTypeFile - System file entity type
	EntityMappingTypeFile EntityMappingType = "File"
	// EntityMappingTypeFileHash - File-hash entity type
	EntityMappingTypeFileHash EntityMappingType = "FileHash"
	// EntityMappingTypeHost - Host entity type
	EntityMappingTypeHost EntityMappingType = "Host"
	// EntityMappingTypeIP - IP address entity type
	EntityMappingTypeIP EntityMappingType = "IP"
	// EntityMappingTypeMailCluster - Mail cluster entity type
	EntityMappingTypeMailCluster EntityMappingType = "MailCluster"
	// EntityMappingTypeMailMessage - Mail message entity type
	EntityMappingTypeMailMessage EntityMappingType = "MailMessage"
	// EntityMappingTypeMailbox - Mailbox entity type
	EntityMappingTypeMailbox EntityMappingType = "Mailbox"
	// EntityMappingTypeMalware - Malware entity type
	EntityMappingTypeMalware EntityMappingType = "Malware"
	// EntityMappingTypeProcess - Process entity type
	EntityMappingTypeProcess EntityMappingType = "Process"
	// EntityMappingTypeRegistryKey - Registry key entity type
	EntityMappingTypeRegistryKey EntityMappingType = "RegistryKey"
	// EntityMappingTypeRegistryValue - Registry value entity type
	EntityMappingTypeRegistryValue EntityMappingType = "RegistryValue"
	// EntityMappingTypeSecurityGroup - Security group entity type
	EntityMappingTypeSecurityGroup EntityMappingType = "SecurityGroup"
	// EntityMappingTypeSubmissionMail - Submission mail entity type
	EntityMappingTypeSubmissionMail EntityMappingType = "SubmissionMail"
	// EntityMappingTypeURL - URL entity type
	EntityMappingTypeURL EntityMappingType = "URL"
)

func PossibleEntityMappingTypeValues 

func PossibleEntityMappingTypeValues() []EntityMappingType

PossibleEntityMappingTypeValues returns the possible values for the EntityMappingType const type.

type EntityProviders 

type EntityProviders string

EntityProviders - The entity provider that is synced. 

const (
	EntityProvidersActiveDirectory      EntityProviders = "ActiveDirectory"
	EntityProvidersAzureActiveDirectory EntityProviders = "AzureActiveDirectory"
)

func PossibleEntityProvidersValues 

func PossibleEntityProvidersValues() []EntityProviders

PossibleEntityProvidersValues returns the possible values for the EntityProviders const type.

type EntityQueriesClient 

type EntityQueriesClient struct {
	// contains filtered or unexported fields
}

EntityQueriesClient contains the methods for the EntityQueries group. Don't use this type directly, use NewEntityQueriesClient() instead.

func NewEntityQueriesClient 

func NewEntityQueriesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntityQueriesClient, error)

NewEntityQueriesClient creates a new instance of EntityQueriesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*EntityQueriesClient) CreateOrUpdate 

func (client *EntityQueriesClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, entityQuery CustomEntityQueryClassification, options *EntityQueriesClientCreateOrUpdateOptions) (EntityQueriesClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the entity query. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityQueryID - entity query ID
  • entityQuery - The entity query we want to create or update
  • options - EntityQueriesClientCreateOrUpdateOptions contains the optional parameters for the EntityQueriesClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueries/CreateEntityQueryActivity.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntityQueriesClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "07da3cc8-c8ad-4710-a44e-334cdcb7882b", &armsecurityinsights.ActivityCustomEntityQuery{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Kind: to.Ptr(armsecurityinsights.CustomEntityQueryKindActivity),
	Properties: &armsecurityinsights.ActivityEntityQueriesProperties{
		Description: to.Ptr("Account deleted on host"),
		Content:     to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"),
		Enabled:     to.Ptr(true),
		EntitiesFilter: map[string][]*string{
			"Host_OsFamily": {
				to.Ptr("Windows")},
		},
		InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost),
		QueryDefinitions: &armsecurityinsights.ActivityEntityQueriesPropertiesQueryDefinitions{
			Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "),
		},
		RequiredInputFieldsSets: [][]*string{
			{
				to.Ptr("Host_HostName"),
				to.Ptr("Host_NTDomain")},
			{
				to.Ptr("Host_HostName"),
				to.Ptr("Host_DnsDomain")},
			{
				to.Ptr("Host_AzureID")},
			{
				to.Ptr("Host_OMSAgentID")}},
		Title: to.Ptr("An account was deleted on this host"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntityQueriesClientCreateOrUpdateResponse{
// 	                            EntityQueryClassification: &armsecurityinsights.ActivityEntityQuery{
// 		Name: to.Ptr("07da3cc8-c8ad-4710-a44e-334cdcb7882b"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entityQueries"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.EntityQueryKindActivity),
// 		Properties: &armsecurityinsights.ActivityEntityQueriesProperties{
// 			Description: to.Ptr("Account deleted on host"),
// 			Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"),
// 			CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 			Enabled: to.Ptr(true),
// 			EntitiesFilter: map[string][]*string{
// 				"Host_OsFamily": []*string{
// 					to.Ptr("Windows")},
// 				},
// 				InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost),
// 				LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 				QueryDefinitions: &armsecurityinsights.ActivityEntityQueriesPropertiesQueryDefinitions{
// 					Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "),
// 				},
// 				RequiredInputFieldsSets: [][]*string{
// 					[]*string{
// 						to.Ptr("Host_HostName"),
// 						to.Ptr("Host_NTDomain")},
// 						[]*string{
// 							to.Ptr("Host_HostName"),
// 							to.Ptr("Host_DnsDomain")},
// 							[]*string{
// 								to.Ptr("Host_AzureID")},
// 								[]*string{
// 									to.Ptr("Host_OMSAgentID")}},
// 									Title: to.Ptr("An account was deleted on this host"),
// 								},
// 							},
// 							                        }

Output:

func (*EntityQueriesClient) Delete 

func (client *EntityQueriesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientDeleteOptions) (EntityQueriesClientDeleteResponse, error)

Delete - Delete the entity query. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityQueryID - entity query ID
  • options - EntityQueriesClientDeleteOptions contains the optional parameters for the EntityQueriesClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueries/DeleteEntityQuery.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewEntityQueriesClient().Delete(ctx, "myRg", "myWorkspace", "07da3cc8-c8ad-4710-a44e-334cdcb7882b", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*EntityQueriesClient) Get 

func (client *EntityQueriesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryID string, options *EntityQueriesClientGetOptions) (EntityQueriesClientGetResponse, error)

Get - Gets an entity query. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityQueryID - entity query ID
  • options - EntityQueriesClientGetOptions contains the optional parameters for the EntityQueriesClient.Get method.
Example (GetAnActivityEntityQuery)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueries/GetActivityEntityQueryById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntityQueriesClient().Get(ctx, "myRg", "myWorkspace", "07da3cc8-c8ad-4710-a44e-334cdcb7882b", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntityQueriesClientGetResponse{
// 	                            EntityQueryClassification: &armsecurityinsights.ActivityEntityQuery{
// 		Name: to.Ptr("07da3cc8-c8ad-4710-a44e-334cdcb7882b"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entityQueries"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b"),
// 		Kind: to.Ptr(armsecurityinsights.EntityQueryKindActivity),
// 		Properties: &armsecurityinsights.ActivityEntityQueriesProperties{
// 			Description: to.Ptr("Account deleted on host"),
// 			Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"),
// 			CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 			Enabled: to.Ptr(true),
// 			EntitiesFilter: map[string][]*string{
// 				"Host_OsFamily": []*string{
// 					to.Ptr("Windows")},
// 				},
// 				InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost),
// 				LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 				QueryDefinitions: &armsecurityinsights.ActivityEntityQueriesPropertiesQueryDefinitions{
// 					Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "),
// 				},
// 				RequiredInputFieldsSets: [][]*string{
// 					[]*string{
// 						to.Ptr("Host_HostName"),
// 						to.Ptr("Host_NTDomain")},
// 						[]*string{
// 							to.Ptr("Host_HostName"),
// 							to.Ptr("Host_DnsDomain")},
// 							[]*string{
// 								to.Ptr("Host_AzureID")},
// 								[]*string{
// 									to.Ptr("Host_OMSAgentID")}},
// 									Title: to.Ptr("An account was deleted on this host"),
// 								},
// 							},
// 							                        }

Output:
Example (GetAnExpansionEntityQuery)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueries/GetExpansionEntityQueryById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntityQueriesClient().Get(ctx, "myRg", "myWorkspace", "07da3cc8-c8ad-4710-a44e-334cdcb7882b", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntityQueriesClientGetResponse{
// 	                            EntityQueryClassification: &armsecurityinsights.ExpansionEntityQuery{
// 		Name: to.Ptr("07da3cc8-c8ad-4710-a44e-334cdcb7882b"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entityQueries"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/07da3cc8-c8ad-4710-a44e-334cdcb7882b"),
// 		Kind: to.Ptr(armsecurityinsights.EntityQueryKindExpansion),
// 		Properties: &armsecurityinsights.ExpansionEntityQueriesProperties{
// 			DataSources: []*string{
// 				to.Ptr("SecurityEvent")},
// 				DisplayName: to.Ptr("Parent processes running on host"),
// 				InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost),
// 				InputFields: []*string{
// 					to.Ptr("hostName")},
// 					OutputEntityTypes: []*armsecurityinsights.EntityType{
// 						to.Ptr(armsecurityinsights.EntityTypeProcess)},
// 						QueryTemplate: to.Ptr("let GetParentProcessesOnHost = (v_Host_HostName:string){\r\n                            SecurityEvent \r\n                            | where EventID == 4688 \r\n                            | where isnotempty(ParentProcessName)\r\n                            | where NewProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe' and ParentProcessName !contains ':\\\\Windows\\\\System32\\\\conhost.exe'\r\n                            and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\csc.exe'\r\n                            and NewProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe' and ParentProcessName !contains ':\\\\Windows\\\\Microsoft.NET\\\\Framework64\\\\v2.0.50727\\\\cvtres.exe'\r\n                            and NewProcessName!contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe' and ParentProcessName !contains ':\\\\Program Files\\\\Microsoft Monitoring Agent\\\\Agent\\\\MonitoringHost.exe'\r\n                            and ParentProcessName !contains ':\\\\Windows\\\\CCM\\\\CcmExec.exe'\r\n                            | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\svchost.exe' and (NewProcessName !contains ':\\\\Windows\\\\System32\\\\wbem\\\\WmiPrvSE.exe' or NewProcessName !contains ':\\\\Windows\\\\SysWOW64\\\\wbem\\\\WmiPrvSE.exe'))\r\n                            | where(ParentProcessName !contains ':\\\\Windows\\\\System32\\\\services.exe' and NewProcessName !contains ':\\\\Windows\\\\servicing\\\\TrustedInstaller.exe')\r\n                            | where toupper(Computer) contains v_Host_HostName or toupper(WorkstationName) contains v_Host_HostName\r\n                            | summarize min(TimeGenerated), max(TimeGenerated) by Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n                            | project min_TimeGenerated, max_TimeGenerated, Account, Computer, ParentProcessName, NewProcessName, CommandLine, ProcessId\r\n                            | project-rename Process_Host_UnstructuredName=Computer, Process_Account_UnstructuredName=Account, Process_CommandLine=CommandLine, Process_ProcessId=ProcessId, Process_ImageFile_FullPath=NewProcessName, Process_ParentProcess_ImageFile_FullPath=ParentProcessName\r\n                            | top 10 by min_TimeGenerated asc};\r\n                            GetParentProcessesOnHost(toupper('<hostName>'))"),
// 					},
// 				},
// 				                        }

Output:

func (*EntityQueriesClient) NewListPager 

func (client *EntityQueriesClient) NewListPager(resourceGroupName string, workspaceName string, options *EntityQueriesClientListOptions) *runtime.Pager[EntityQueriesClientListResponse]

NewListPager - Gets all entity queries.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - EntityQueriesClientListOptions contains the optional parameters for the EntityQueriesClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueries/GetEntityQueries.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewEntityQueriesClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.EntityQueriesClientListOptions{Kind: to.Ptr(armsecurityinsights.Enum13Expansion)})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.EntityQueryList = armsecurityinsights.EntityQueryList{
	// 	Value: []armsecurityinsights.EntityQueryClassification{
	// 		&armsecurityinsights.ExpansionEntityQuery{
	// 			Name: to.Ptr("37ca3555-c135-4a73-a65e-9c1d00323f5d"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/entityQueries"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/37ca3555-c135-4a73-a65e-9c1d00323f5d"),
	// 			Kind: to.Ptr(armsecurityinsights.EntityQueryKindExpansion),
	// 			Properties: &armsecurityinsights.ExpansionEntityQueriesProperties{
	// 				DataSources: []*string{
	// 					to.Ptr("AzureActivity")},
	// 					DisplayName: to.Ptr("Least active accounts on Azure from this IP"),
	// 					InputEntityType: to.Ptr(armsecurityinsights.EntityTypeIP),
	// 					InputFields: []*string{
	// 						to.Ptr("address")},
	// 						OutputEntityTypes: []*armsecurityinsights.EntityType{
	// 							to.Ptr(armsecurityinsights.EntityTypeAccount)},
	// 							QueryTemplate: to.Ptr("let AccountActivity_byIP = (v_IP_Address:string){\r\n                            AzureActivity\r\n                            | where Caller != '' and CallerIpAddress == v_IP_Address\r\n                            | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n                            | top 10 by Count asc nulls last \r\n                            | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n                            | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n                            | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n                            AccountActivity_byIP('<address>')"),
	// 						},
	// 					},
	// 					&armsecurityinsights.ExpansionEntityQuery{
	// 						Name: to.Ptr("97a1d515-abf2-4231-9a35-985f9de0bb91"),
	// 						Type: to.Ptr("Microsoft.SecurityInsights/entityQueries"),
	// 						ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueries/97a1d515-abf2-4231-9a35-985f9de0bb91"),
	// 						Kind: to.Ptr(armsecurityinsights.EntityQueryKindExpansion),
	// 						Properties: &armsecurityinsights.ExpansionEntityQueriesProperties{
	// 							DataSources: []*string{
	// 								to.Ptr("AzureActivity")},
	// 								DisplayName: to.Ptr("Most active accounts on Azure from this IP"),
	// 								InputEntityType: to.Ptr(armsecurityinsights.EntityTypeIP),
	// 								InputFields: []*string{
	// 									to.Ptr("address")},
	// 									OutputEntityTypes: []*armsecurityinsights.EntityType{
	// 										to.Ptr(armsecurityinsights.EntityTypeAccount)},
	// 										QueryTemplate: to.Ptr("let AccountActivity_byIP = (v_IP_Address:string){\r\n                            AzureActivity\r\n                            | where Caller != '' and CallerIpAddress == v_IP_Address\r\n                            | summarize Account_Aux_StartTime = min(TimeGenerated), Account_Aux_EndTime = max(TimeGenerated), Count = count() by Caller, TenantId\r\n                            | top 10 by Count desc nulls last \r\n                            | extend UPN = iff(Caller contains '@', Caller, ''), Account_AadUserId = iff(Caller !contains '@', Caller,'')\r\n                            | extend Account_Name = split(UPN,'@')[0] , Account_UPNSuffix = split(UPN,'@')[1]\r\n                            | project Account_Name, Account_UPNSuffix, Account_AadUserId, Account_AadTenantId=TenantId, Account_Aux_StartTime , Account_Aux_EndTime};\r\n                            AccountActivity_byIP('<address>')"),
	// 									},
	// 							}},
	// 						}
}

Output:

type EntityQueriesClientCreateOrUpdateOptions 

type EntityQueriesClientCreateOrUpdateOptions struct {
}

EntityQueriesClientCreateOrUpdateOptions contains the optional parameters for the EntityQueriesClient.CreateOrUpdate method.

type EntityQueriesClientCreateOrUpdateResponse 

type EntityQueriesClientCreateOrUpdateResponse struct {
	EntityQueryClassification
}

EntityQueriesClientCreateOrUpdateResponse contains the response from method EntityQueriesClient.CreateOrUpdate.

func (*EntityQueriesClientCreateOrUpdateResponse) UnmarshalJSON 

func (e *EntityQueriesClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueriesClientCreateOrUpdateResponse.

type EntityQueriesClientDeleteOptions 

type EntityQueriesClientDeleteOptions struct {
}

EntityQueriesClientDeleteOptions contains the optional parameters for the EntityQueriesClient.Delete method.

type EntityQueriesClientDeleteResponse 

type EntityQueriesClientDeleteResponse struct {
}

EntityQueriesClientDeleteResponse contains the response from method EntityQueriesClient.Delete.

type EntityQueriesClientGetOptions 

type EntityQueriesClientGetOptions struct {
}

EntityQueriesClientGetOptions contains the optional parameters for the EntityQueriesClient.Get method.

type EntityQueriesClientGetResponse 

type EntityQueriesClientGetResponse struct {
	EntityQueryClassification
}

EntityQueriesClientGetResponse contains the response from method EntityQueriesClient.Get.

func (*EntityQueriesClientGetResponse) UnmarshalJSON 

func (e *EntityQueriesClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueriesClientGetResponse.

type EntityQueriesClientListOptions 

type EntityQueriesClientListOptions struct {
	// The entity query kind we want to fetch
	Kind *Enum13
}

EntityQueriesClientListOptions contains the optional parameters for the EntityQueriesClient.NewListPager method.

type EntityQueriesClientListResponse 

type EntityQueriesClientListResponse struct {
	EntityQueryList
}

EntityQueriesClientListResponse contains the response from method EntityQueriesClient.NewListPager.

type EntityQuery 

type EntityQuery struct {
	// REQUIRED; the entity query kind
	Kind *EntityQueryKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

EntityQuery - Specific entity query.

func (*EntityQuery) GetEntityQuery 

func (e *EntityQuery) GetEntityQuery() *EntityQuery

GetEntityQuery implements the EntityQueryClassification interface for type EntityQuery.

func (EntityQuery) MarshalJSON 

func (e EntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityQuery.

func (*EntityQuery) UnmarshalJSON 

func (e *EntityQuery) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQuery.

type EntityQueryClassification 

type EntityQueryClassification interface {
	// GetEntityQuery returns the EntityQuery content of the underlying type.
	GetEntityQuery() *EntityQuery
}

EntityQueryClassification provides polymorphic access to related types. Call the interface's GetEntityQuery() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityEntityQuery, *EntityQuery, *ExpansionEntityQuery

type EntityQueryItem 

type EntityQueryItem struct {
	// REQUIRED; The kind of the entity query
	Kind *EntityQueryKind `json:"kind,omitempty"`

	// Query Template ARM Name
	Name *string `json:"name,omitempty"`

	// ARM Type
	Type *string `json:"type,omitempty"`

	// READ-ONLY; Query Template ARM ID
	ID *string `json:"id,omitempty" azure:"ro"`
}

EntityQueryItem - An abstract Query item for entity

func (*EntityQueryItem) GetEntityQueryItem 

func (e *EntityQueryItem) GetEntityQueryItem() *EntityQueryItem

GetEntityQueryItem implements the EntityQueryItemClassification interface for type EntityQueryItem.

func (EntityQueryItem) MarshalJSON 

func (e EntityQueryItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityQueryItem.

func (*EntityQueryItem) UnmarshalJSON 

func (e *EntityQueryItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryItem.

type EntityQueryItemClassification 

type EntityQueryItemClassification interface {
	// GetEntityQueryItem returns the EntityQueryItem content of the underlying type.
	GetEntityQueryItem() *EntityQueryItem
}

EntityQueryItemClassification provides polymorphic access to related types. Call the interface's GetEntityQueryItem() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *EntityQueryItem, *InsightQueryItem

type EntityQueryItemPropertiesDataTypesItem 

type EntityQueryItemPropertiesDataTypesItem struct {
	// Data type name
	DataType *string `json:"dataType,omitempty"`
}

func (EntityQueryItemPropertiesDataTypesItem) MarshalJSON 

func (e EntityQueryItemPropertiesDataTypesItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityQueryItemPropertiesDataTypesItem.

func (*EntityQueryItemPropertiesDataTypesItem) UnmarshalJSON 

func (e *EntityQueryItemPropertiesDataTypesItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryItemPropertiesDataTypesItem.

type EntityQueryKind 

type EntityQueryKind string

EntityQueryKind - The kind of the entity query 

const (
	EntityQueryKindActivity  EntityQueryKind = "Activity"
	EntityQueryKindExpansion EntityQueryKind = "Expansion"
	EntityQueryKindInsight   EntityQueryKind = "Insight"
)

func PossibleEntityQueryKindValues 

func PossibleEntityQueryKindValues() []EntityQueryKind

PossibleEntityQueryKindValues returns the possible values for the EntityQueryKind const type.

type EntityQueryList 

type EntityQueryList struct {
	// REQUIRED; Array of entity queries.
	Value []EntityQueryClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of entity queries.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

EntityQueryList - List of all the entity queries.

func (EntityQueryList) MarshalJSON 

func (e EntityQueryList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityQueryList.

func (*EntityQueryList) UnmarshalJSON 

func (e *EntityQueryList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryList.

type EntityQueryTemplate 

type EntityQueryTemplate struct {
	// REQUIRED; the entity query template kind
	Kind *EntityQueryTemplateKind `json:"kind,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

EntityQueryTemplate - Specific entity query template.

func (*EntityQueryTemplate) GetEntityQueryTemplate 

func (e *EntityQueryTemplate) GetEntityQueryTemplate() *EntityQueryTemplate

GetEntityQueryTemplate implements the EntityQueryTemplateClassification interface for type EntityQueryTemplate.

func (EntityQueryTemplate) MarshalJSON 

func (e EntityQueryTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityQueryTemplate.

func (*EntityQueryTemplate) UnmarshalJSON 

func (e *EntityQueryTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplate.

type EntityQueryTemplateClassification 

type EntityQueryTemplateClassification interface {
	// GetEntityQueryTemplate returns the EntityQueryTemplate content of the underlying type.
	GetEntityQueryTemplate() *EntityQueryTemplate
}

EntityQueryTemplateClassification provides polymorphic access to related types. Call the interface's GetEntityQueryTemplate() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityEntityQueryTemplate, *EntityQueryTemplate

type EntityQueryTemplateKind 

type EntityQueryTemplateKind string

EntityQueryTemplateKind - The kind of the entity query template. 

const (
	EntityQueryTemplateKindActivity EntityQueryTemplateKind = "Activity"
)

func PossibleEntityQueryTemplateKindValues 

func PossibleEntityQueryTemplateKindValues() []EntityQueryTemplateKind

PossibleEntityQueryTemplateKindValues returns the possible values for the EntityQueryTemplateKind const type.

type EntityQueryTemplateList 

type EntityQueryTemplateList struct {
	// REQUIRED; Array of entity query templates.
	Value []EntityQueryTemplateClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of entity query templates.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

EntityQueryTemplateList - List of all the entity query templates.

func (EntityQueryTemplateList) MarshalJSON 

func (e EntityQueryTemplateList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityQueryTemplateList.

func (*EntityQueryTemplateList) UnmarshalJSON 

func (e *EntityQueryTemplateList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplateList.

type EntityQueryTemplatesClient 

type EntityQueryTemplatesClient struct {
	// contains filtered or unexported fields
}

EntityQueryTemplatesClient contains the methods for the EntityQueryTemplates group. Don't use this type directly, use NewEntityQueryTemplatesClient() instead.

func NewEntityQueryTemplatesClient 

func NewEntityQueryTemplatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntityQueryTemplatesClient, error)

NewEntityQueryTemplatesClient creates a new instance of EntityQueryTemplatesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*EntityQueryTemplatesClient) Get 

func (client *EntityQueryTemplatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, entityQueryTemplateID string, options *EntityQueryTemplatesClientGetOptions) (EntityQueryTemplatesClientGetResponse, error)

Get - Gets an entity query. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityQueryTemplateID - entity query template ID
  • options - EntityQueryTemplatesClientGetOptions contains the optional parameters for the EntityQueryTemplatesClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueryTemplates/GetActivityEntityQueryTemplateById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntityQueryTemplatesClient().Get(ctx, "myRg", "myWorkspace", "07da3cc8-c8ad-4710-a44e-334cdcb7882b", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.EntityQueryTemplatesClientGetResponse{
// 	                            EntityQueryTemplateClassification: &armsecurityinsights.ActivityEntityQueryTemplate{
// 		Name: to.Ptr("07da3cc8-c8ad-4710-a44e-334cdcb7882b"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/entityQueryTemplate"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/07da3cc8-c8ad-4710-a44e-334cdcb7882b"),
// 		Kind: to.Ptr(armsecurityinsights.EntityQueryTemplateKindActivity),
// 		Properties: &armsecurityinsights.ActivityEntityQueryTemplateProperties{
// 			Description: to.Ptr("Account deleted on host"),
// 			Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"),
// 			DataTypes: []*armsecurityinsights.DataTypeDefinitions{
// 				{
// 					DataType: to.Ptr("AuditLogs"),
// 				},
// 				{
// 					DataType: to.Ptr("SecurityEvent"),
// 			}},
// 			EntitiesFilter: map[string][]*string{
// 				"Host_OsFamily": []*string{
// 					to.Ptr("Windows")},
// 				},
// 				InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost),
// 				QueryDefinitions: &armsecurityinsights.ActivityEntityQueryTemplatePropertiesQueryDefinitions{
// 					Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "),
// 				},
// 				RequiredInputFieldsSets: [][]*string{
// 					[]*string{
// 						to.Ptr("Host_HostName"),
// 						to.Ptr("Host_NTDomain")},
// 						[]*string{
// 							to.Ptr("Host_HostName"),
// 							to.Ptr("Host_DnsDomain")},
// 							[]*string{
// 								to.Ptr("Host_AzureID")},
// 								[]*string{
// 									to.Ptr("Host_OMSAgentID")}},
// 									Title: to.Ptr("An account was deleted on this host"),
// 								},
// 							},
// 							                        }

Output:

func (*EntityQueryTemplatesClient) NewListPager 

func (client *EntityQueryTemplatesClient) NewListPager(resourceGroupName string, workspaceName string, options *EntityQueryTemplatesClientListOptions) *runtime.Pager[EntityQueryTemplatesClientListResponse]

NewListPager - Gets all entity query templates.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - EntityQueryTemplatesClientListOptions contains the optional parameters for the EntityQueryTemplatesClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entityQueryTemplates/GetEntityQueryTemplates.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewEntityQueryTemplatesClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.EntityQueryTemplatesClientListOptions{Kind: to.Ptr(armsecurityinsights.Enum15Activity)})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.EntityQueryTemplateList = armsecurityinsights.EntityQueryTemplateList{
	// 	Value: []armsecurityinsights.EntityQueryTemplateClassification{
	// 		&armsecurityinsights.ActivityEntityQueryTemplate{
	// 			Name: to.Ptr("37ca3555-c135-4a73-a65e-9c1d00323f5d"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/entityQueryTemplates"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/37ca3555-c135-4a73-a65e-9c1d00323f5d"),
	// 			Kind: to.Ptr(armsecurityinsights.EntityQueryTemplateKindActivity),
	// 			Properties: &armsecurityinsights.ActivityEntityQueryTemplateProperties{
	// 				Description: to.Ptr("Account deleted on host"),
	// 				Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"),
	// 				DataTypes: []*armsecurityinsights.DataTypeDefinitions{
	// 					{
	// 						DataType: to.Ptr("AuditLogs"),
	// 					},
	// 					{
	// 						DataType: to.Ptr("SecurityEvent"),
	// 				}},
	// 				EntitiesFilter: map[string][]*string{
	// 					"Host_OsFamily": []*string{
	// 						to.Ptr("Windows")},
	// 					},
	// 					InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost),
	// 					QueryDefinitions: &armsecurityinsights.ActivityEntityQueryTemplatePropertiesQueryDefinitions{
	// 						Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "),
	// 					},
	// 					RequiredInputFieldsSets: [][]*string{
	// 						[]*string{
	// 							to.Ptr("Host_HostName"),
	// 							to.Ptr("Host_NTDomain")},
	// 							[]*string{
	// 								to.Ptr("Host_HostName"),
	// 								to.Ptr("Host_DnsDomain")},
	// 								[]*string{
	// 									to.Ptr("Host_AzureID")},
	// 									[]*string{
	// 										to.Ptr("Host_OMSAgentID")}},
	// 										Title: to.Ptr("An account was deleted on this host"),
	// 									},
	// 								},
	// 								&armsecurityinsights.ActivityEntityQueryTemplate{
	// 									Name: to.Ptr("97a1d515-abf2-4231-9a35-985f9de0bb91"),
	// 									Type: to.Ptr("Microsoft.SecurityInsights/entityQueryTemplates"),
	// 									ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entityQueryTemplates/97a1d515-abf2-4231-9a35-985f9de0bb91"),
	// 									Kind: to.Ptr(armsecurityinsights.EntityQueryTemplateKindActivity),
	// 									Properties: &armsecurityinsights.ActivityEntityQueryTemplateProperties{
	// 										Description: to.Ptr("Account deleted on host"),
	// 										Content: to.Ptr("On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'"),
	// 										DataTypes: []*armsecurityinsights.DataTypeDefinitions{
	// 											{
	// 												DataType: to.Ptr("AuditLogs"),
	// 											},
	// 											{
	// 												DataType: to.Ptr("SecurityEvent"),
	// 										}},
	// 										EntitiesFilter: map[string][]*string{
	// 											"Host_OsFamily": []*string{
	// 												to.Ptr("Windows")},
	// 											},
	// 											InputEntityType: to.Ptr(armsecurityinsights.EntityTypeHost),
	// 											QueryDefinitions: &armsecurityinsights.ActivityEntityQueryTemplatePropertiesQueryDefinitions{
	// 												Query: to.Ptr("let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has '@', tostring(split(Computer, '@')[0]),\nComputer has '\\\\', tostring(split(Computer, '\\\\')[1]),\nComputer has '.', tostring(split(Computer, '.')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', tostring(split(Computer, '.')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has '\\\\', tostring(split(Computer, '\\\\')[0]), \nComputer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions('{{Host_HostName}}', '{{Host_NTDomain}}', '{{Host_DnsDomain}}', '{{Host_AzureID}}', '{{Host_OMSAgentID}}')\n \n| where EventID == 4726 "),
	// 											},
	// 											RequiredInputFieldsSets: [][]*string{
	// 												[]*string{
	// 													to.Ptr("Host_HostName"),
	// 													to.Ptr("Host_NTDomain")},
	// 													[]*string{
	// 														to.Ptr("Host_HostName"),
	// 														to.Ptr("Host_DnsDomain")},
	// 														[]*string{
	// 															to.Ptr("Host_AzureID")},
	// 															[]*string{
	// 																to.Ptr("Host_OMSAgentID")}},
	// 																Title: to.Ptr("An account was deleted on this host"),
	// 															},
	// 													}},
	// 												}
}

Output:

type EntityQueryTemplatesClientGetOptions 

type EntityQueryTemplatesClientGetOptions struct {
}

EntityQueryTemplatesClientGetOptions contains the optional parameters for the EntityQueryTemplatesClient.Get method.

type EntityQueryTemplatesClientGetResponse 

type EntityQueryTemplatesClientGetResponse struct {
	EntityQueryTemplateClassification
}

EntityQueryTemplatesClientGetResponse contains the response from method EntityQueryTemplatesClient.Get.

func (*EntityQueryTemplatesClientGetResponse) UnmarshalJSON 

func (e *EntityQueryTemplatesClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityQueryTemplatesClientGetResponse.

type EntityQueryTemplatesClientListOptions 

type EntityQueryTemplatesClientListOptions struct {
	// The entity template query kind we want to fetch
	Kind *Enum15
}

EntityQueryTemplatesClientListOptions contains the optional parameters for the EntityQueryTemplatesClient.NewListPager method.

type EntityQueryTemplatesClientListResponse 

type EntityQueryTemplatesClientListResponse struct {
	EntityQueryTemplateList
}

EntityQueryTemplatesClientListResponse contains the response from method EntityQueryTemplatesClient.NewListPager.

type EntityRelationsClient 

type EntityRelationsClient struct {
	// contains filtered or unexported fields
}

EntityRelationsClient contains the methods for the EntityRelations group. Don't use this type directly, use NewEntityRelationsClient() instead.

func NewEntityRelationsClient 

func NewEntityRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*EntityRelationsClient, error)

NewEntityRelationsClient creates a new instance of EntityRelationsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*EntityRelationsClient) GetRelation 

func (client *EntityRelationsClient) GetRelation(ctx context.Context, resourceGroupName string, workspaceName string, entityID string, relationName string, options *EntityRelationsClientGetRelationOptions) (EntityRelationsClientGetRelationResponse, error)

GetRelation - Gets an entity relation. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • entityID - entity ID
  • relationName - Relation Name
  • options - EntityRelationsClientGetRelationOptions contains the optional parameters for the EntityRelationsClient.GetRelation method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/entities/relations/GetEntityRelationByName.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewEntityRelationsClient().GetRelation(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Relation = armsecurityinsights.Relation{
// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/entities/relations"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
// 	Properties: &armsecurityinsights.RelationProperties{
// 		RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/2216d0e1-91e3-4902-89fd-d2df8c535096"),
// 		RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"),
// 		RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/incidents"),
// 	},
// }

Output:

type EntityRelationsClientGetRelationOptions 

type EntityRelationsClientGetRelationOptions struct {
}

EntityRelationsClientGetRelationOptions contains the optional parameters for the EntityRelationsClient.GetRelation method.

type EntityRelationsClientGetRelationResponse 

type EntityRelationsClientGetRelationResponse struct {
	Relation
}

EntityRelationsClientGetRelationResponse contains the response from method EntityRelationsClient.GetRelation.

type EntityTimelineItem 

type EntityTimelineItem struct {
	// REQUIRED; The entity query kind type.
	Kind *EntityTimelineKind `json:"kind,omitempty"`
}

EntityTimelineItem - Entity timeline Item.

func (*EntityTimelineItem) GetEntityTimelineItem 

func (e *EntityTimelineItem) GetEntityTimelineItem() *EntityTimelineItem

GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type EntityTimelineItem.

func (EntityTimelineItem) MarshalJSON 

func (e EntityTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityTimelineItem.

func (*EntityTimelineItem) UnmarshalJSON 

func (e *EntityTimelineItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineItem.

type EntityTimelineItemClassification 

type EntityTimelineItemClassification interface {
	// GetEntityTimelineItem returns the EntityTimelineItem content of the underlying type.
	GetEntityTimelineItem() *EntityTimelineItem
}

EntityTimelineItemClassification provides polymorphic access to related types. Call the interface's GetEntityTimelineItem() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ActivityTimelineItem, *AnomalyTimelineItem, *BookmarkTimelineItem, *EntityTimelineItem, *SecurityAlertTimelineItem

type EntityTimelineKind 

type EntityTimelineKind string

EntityTimelineKind - The entity query kind 

const (
	// EntityTimelineKindActivity - activity
	EntityTimelineKindActivity EntityTimelineKind = "Activity"
	// EntityTimelineKindAnomaly - anomaly
	EntityTimelineKindAnomaly EntityTimelineKind = "Anomaly"
	// EntityTimelineKindBookmark - bookmarks
	EntityTimelineKindBookmark EntityTimelineKind = "Bookmark"
	// EntityTimelineKindSecurityAlert - security alerts
	EntityTimelineKindSecurityAlert EntityTimelineKind = "SecurityAlert"
)

func PossibleEntityTimelineKindValues 

func PossibleEntityTimelineKindValues() []EntityTimelineKind

PossibleEntityTimelineKindValues returns the possible values for the EntityTimelineKind const type.

type EntityTimelineParameters 

type EntityTimelineParameters struct {
	// REQUIRED; The end timeline date, so the results returned are before this date.
	EndTime *time.Time `json:"endTime,omitempty"`

	// REQUIRED; The start timeline date, so the results returned are after this date.
	StartTime *time.Time `json:"startTime,omitempty"`

	// Array of timeline Item kinds.
	Kinds []*EntityTimelineKind `json:"kinds,omitempty"`

	// The number of bucket for timeline queries aggregation.
	NumberOfBucket *int32 `json:"numberOfBucket,omitempty"`
}

EntityTimelineParameters - The parameters required to execute s timeline operation on the given entity.

func (EntityTimelineParameters) MarshalJSON 

func (e EntityTimelineParameters) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityTimelineParameters.

func (*EntityTimelineParameters) UnmarshalJSON 

func (e *EntityTimelineParameters) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineParameters.

type EntityTimelineResponse 

type EntityTimelineResponse struct {
	// The metadata from the timeline operation results.
	MetaData *TimelineResultsMetadata `json:"metaData,omitempty"`

	// The timeline result values.
	Value []EntityTimelineItemClassification `json:"value,omitempty"`
}

EntityTimelineResponse - The entity timeline result operation response.

func (EntityTimelineResponse) MarshalJSON 

func (e EntityTimelineResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EntityTimelineResponse.

func (*EntityTimelineResponse) UnmarshalJSON 

func (e *EntityTimelineResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EntityTimelineResponse.

type EntityType 

type EntityType string

EntityType - The type of the entity 

const (
	// EntityTypeAccount - Entity represents account in the system.
	EntityTypeAccount EntityType = "Account"
	// EntityTypeAzureResource - Entity represents azure resource in the system.
	EntityTypeAzureResource EntityType = "AzureResource"
	// EntityTypeCloudApplication - Entity represents cloud application in the system.
	EntityTypeCloudApplication EntityType = "CloudApplication"
	// EntityTypeDNS - Entity represents dns in the system.
	EntityTypeDNS EntityType = "DNS"
	// EntityTypeFile - Entity represents file in the system.
	EntityTypeFile EntityType = "File"
	// EntityTypeFileHash - Entity represents file hash in the system.
	EntityTypeFileHash EntityType = "FileHash"
	// EntityTypeHost - Entity represents host in the system.
	EntityTypeHost EntityType = "Host"
	// EntityTypeHuntingBookmark - Entity represents HuntingBookmark in the system.
	EntityTypeHuntingBookmark EntityType = "HuntingBookmark"
	// EntityTypeIP - Entity represents ip in the system.
	EntityTypeIP EntityType = "IP"
	// EntityTypeIoTDevice - Entity represents IoT device in the system.
	EntityTypeIoTDevice EntityType = "IoTDevice"
	// EntityTypeMailCluster - Entity represents mail cluster in the system.
	EntityTypeMailCluster EntityType = "MailCluster"
	// EntityTypeMailMessage - Entity represents mail message in the system.
	EntityTypeMailMessage EntityType = "MailMessage"
	// EntityTypeMailbox - Entity represents mailbox in the system.
	EntityTypeMailbox EntityType = "Mailbox"
	// EntityTypeMalware - Entity represents malware in the system.
	EntityTypeMalware EntityType = "Malware"
	// EntityTypeNic - Entity represents network interface in the system.
	EntityTypeNic EntityType = "Nic"
	// EntityTypeProcess - Entity represents process in the system.
	EntityTypeProcess EntityType = "Process"
	// EntityTypeRegistryKey - Entity represents registry key in the system.
	EntityTypeRegistryKey EntityType = "RegistryKey"
	// EntityTypeRegistryValue - Entity represents registry value in the system.
	EntityTypeRegistryValue EntityType = "RegistryValue"
	// EntityTypeSecurityAlert - Entity represents security alert in the system.
	EntityTypeSecurityAlert EntityType = "SecurityAlert"
	// EntityTypeSecurityGroup - Entity represents security group in the system.
	EntityTypeSecurityGroup EntityType = "SecurityGroup"
	// EntityTypeSubmissionMail - Entity represents submission mail in the system.
	EntityTypeSubmissionMail EntityType = "SubmissionMail"
	// EntityTypeURL - Entity represents url in the system.
	EntityTypeURL EntityType = "URL"
)

func PossibleEntityTypeValues 

func PossibleEntityTypeValues() []EntityType

PossibleEntityTypeValues returns the possible values for the EntityType const type.

type Enum13 

type Enum13 string
const (
	Enum13Activity  Enum13 = "Activity"
	Enum13Expansion Enum13 = "Expansion"
)

func PossibleEnum13Values 

func PossibleEnum13Values() []Enum13

PossibleEnum13Values returns the possible values for the Enum13 const type.

type Enum15 

type Enum15 string
const (
	Enum15Activity Enum15 = "Activity"
)

func PossibleEnum15Values 

func PossibleEnum15Values() []Enum15

PossibleEnum15Values returns the possible values for the Enum15 const type.

type EventGroupingAggregationKind 

type EventGroupingAggregationKind string

EventGroupingAggregationKind - The event grouping aggregation kinds 

const (
	EventGroupingAggregationKindAlertPerResult EventGroupingAggregationKind = "AlertPerResult"
	EventGroupingAggregationKindSingleAlert    EventGroupingAggregationKind = "SingleAlert"
)

func PossibleEventGroupingAggregationKindValues 

func PossibleEventGroupingAggregationKindValues() []EventGroupingAggregationKind

PossibleEventGroupingAggregationKindValues returns the possible values for the EventGroupingAggregationKind const type.

type EventGroupingSettings 

type EventGroupingSettings struct {
	// The event grouping aggregation kinds
	AggregationKind *EventGroupingAggregationKind `json:"aggregationKind,omitempty"`
}

EventGroupingSettings - Event grouping settings property bag.

func (EventGroupingSettings) MarshalJSON 

func (e EventGroupingSettings) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EventGroupingSettings.

func (*EventGroupingSettings) UnmarshalJSON 

func (e *EventGroupingSettings) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EventGroupingSettings.

type ExpansionEntityQueriesProperties 

type ExpansionEntityQueriesProperties struct {
	// List of the data sources that are required to run the query
	DataSources []*string `json:"dataSources,omitempty"`

	// The query display name
	DisplayName *string `json:"displayName,omitempty"`

	// The type of the query's source entity
	InputEntityType *EntityType `json:"inputEntityType,omitempty"`

	// List of the fields of the source entity that are required to run the query
	InputFields []*string `json:"inputFields,omitempty"`

	// List of the desired output types to be constructed from the result
	OutputEntityTypes []*EntityType `json:"outputEntityTypes,omitempty"`

	// The template query string to be parsed and formatted
	QueryTemplate *string `json:"queryTemplate,omitempty"`
}

ExpansionEntityQueriesProperties - Describes expansion entity query properties

func (ExpansionEntityQueriesProperties) MarshalJSON 

func (e ExpansionEntityQueriesProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ExpansionEntityQueriesProperties.

func (*ExpansionEntityQueriesProperties) UnmarshalJSON 

func (e *ExpansionEntityQueriesProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionEntityQueriesProperties.

type ExpansionEntityQuery 

type ExpansionEntityQuery struct {
	// REQUIRED; the entity query kind
	Kind *EntityQueryKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Expansion entity query properties
	Properties *ExpansionEntityQueriesProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ExpansionEntityQuery - Represents Expansion entity query.

func (*ExpansionEntityQuery) GetEntityQuery 

func (e *ExpansionEntityQuery) GetEntityQuery() *EntityQuery

GetEntityQuery implements the EntityQueryClassification interface for type ExpansionEntityQuery.

func (ExpansionEntityQuery) MarshalJSON 

func (e ExpansionEntityQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ExpansionEntityQuery.

func (*ExpansionEntityQuery) UnmarshalJSON 

func (e *ExpansionEntityQuery) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionEntityQuery.

type ExpansionResultAggregation 

type ExpansionResultAggregation struct {
	// REQUIRED; Total number of aggregations of the given kind (and aggregationType if given) in the expansion result.
	Count *int32 `json:"count,omitempty"`

	// REQUIRED; The kind of the aggregated entity.
	EntityKind *EntityKind `json:"entityKind,omitempty"`

	// The common type of the aggregation. (for e.g. entity field name)
	AggregationType *string `json:"aggregationType,omitempty"`

	// The display name of the aggregation by type.
	DisplayName *string `json:"displayName,omitempty"`
}

ExpansionResultAggregation - Information of a specific aggregation in the expansion result.

func (ExpansionResultAggregation) MarshalJSON 

func (e ExpansionResultAggregation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ExpansionResultAggregation.

func (*ExpansionResultAggregation) UnmarshalJSON 

func (e *ExpansionResultAggregation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionResultAggregation.

type ExpansionResultsMetadata 

type ExpansionResultsMetadata struct {
	// Information of the aggregated nodes in the expansion result.
	Aggregations []*ExpansionResultAggregation `json:"aggregations,omitempty"`
}

ExpansionResultsMetadata - Expansion result metadata.

func (ExpansionResultsMetadata) MarshalJSON 

func (e ExpansionResultsMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ExpansionResultsMetadata.

func (*ExpansionResultsMetadata) UnmarshalJSON 

func (e *ExpansionResultsMetadata) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ExpansionResultsMetadata.

type EyesOn 

type EyesOn struct {
	// REQUIRED; The kind of the setting
	Kind *SettingKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// EyesOn properties
	Properties *EyesOnSettingsProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

EyesOn - Settings with single toggle.

func (*EyesOn) GetSettings 

func (e *EyesOn) GetSettings() *Settings

GetSettings implements the SettingsClassification interface for type EyesOn.

func (EyesOn) MarshalJSON 

func (e EyesOn) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EyesOn.

func (*EyesOn) UnmarshalJSON 

func (e *EyesOn) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EyesOn.

type EyesOnSettingsProperties 

type EyesOnSettingsProperties struct {
	// READ-ONLY; Determines whether the setting is enable or disabled.
	IsEnabled *bool `json:"isEnabled,omitempty" azure:"ro"`
}

EyesOnSettingsProperties - EyesOn property bag.

func (EyesOnSettingsProperties) MarshalJSON 

func (e EyesOnSettingsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type EyesOnSettingsProperties.

func (*EyesOnSettingsProperties) UnmarshalJSON 

func (e *EyesOnSettingsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type EyesOnSettingsProperties.

type FieldMapping 

type FieldMapping struct {
	// the column name to be mapped to the identifier
	ColumnName *string `json:"columnName,omitempty"`

	// the V3 identifier of the entity
	Identifier *string `json:"identifier,omitempty"`
}

FieldMapping - A single field mapping of the mapped entity

func (FieldMapping) MarshalJSON 

func (f FieldMapping) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FieldMapping.

func (*FieldMapping) UnmarshalJSON 

func (f *FieldMapping) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FieldMapping.

type FileEntity 

type FileEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// File entity properties
	Properties *FileEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

FileEntity - Represents a file entity.

func (*FileEntity) GetEntity 

func (f *FileEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type FileEntity.

func (FileEntity) MarshalJSON 

func (f FileEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileEntity.

func (*FileEntity) UnmarshalJSON 

func (f *FileEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileEntity.

type FileEntityProperties 

type FileEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The full path to the file.
	Directory *string `json:"directory,omitempty" azure:"ro"`

	// READ-ONLY; The file hash entity identifiers associated with this file
	FileHashEntityIDs []*string `json:"fileHashEntityIds,omitempty" azure:"ro"`

	// READ-ONLY; The file name without path (some alerts might not include path).
	FileName *string `json:"fileName,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The Host entity id which the file belongs to
	HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"`
}

FileEntityProperties - File entity property bag.

func (FileEntityProperties) MarshalJSON 

func (f FileEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileEntityProperties.

func (*FileEntityProperties) UnmarshalJSON 

func (f *FileEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileEntityProperties.

type FileFormat 

type FileFormat string

FileFormat - The format of the file 

const (
	// FileFormatCSV - A CSV file.
	FileFormatCSV FileFormat = "CSV"
	// FileFormatJSON - A JSON file.
	FileFormatJSON FileFormat = "JSON"
	// FileFormatUnspecified - A file of other format.
	FileFormatUnspecified FileFormat = "Unspecified"
)

func PossibleFileFormatValues 

func PossibleFileFormatValues() []FileFormat

PossibleFileFormatValues returns the possible values for the FileFormat const type.

type FileHashAlgorithm 

type FileHashAlgorithm string

FileHashAlgorithm - The hash algorithm type. 

const (
	// FileHashAlgorithmMD5 - MD5 hash type
	FileHashAlgorithmMD5 FileHashAlgorithm = "MD5"
	// FileHashAlgorithmSHA1 - SHA1 hash type
	FileHashAlgorithmSHA1 FileHashAlgorithm = "SHA1"
	// FileHashAlgorithmSHA256 - SHA256 hash type
	FileHashAlgorithmSHA256 FileHashAlgorithm = "SHA256"
	// FileHashAlgorithmSHA256AC - SHA256 Authenticode hash type
	FileHashAlgorithmSHA256AC FileHashAlgorithm = "SHA256AC"
	// FileHashAlgorithmUnknown - Unknown hash algorithm
	FileHashAlgorithmUnknown FileHashAlgorithm = "Unknown"
)

func PossibleFileHashAlgorithmValues 

func PossibleFileHashAlgorithmValues() []FileHashAlgorithm

PossibleFileHashAlgorithmValues returns the possible values for the FileHashAlgorithm const type.

type FileHashEntity 

type FileHashEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// FileHash entity properties
	Properties *FileHashEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

FileHashEntity - Represents a file hash entity.

func (*FileHashEntity) GetEntity 

func (f *FileHashEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type FileHashEntity.

func (FileHashEntity) MarshalJSON 

func (f FileHashEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileHashEntity.

func (*FileHashEntity) UnmarshalJSON 

func (f *FileHashEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntity.

type FileHashEntityProperties 

type FileHashEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The hash algorithm type.
	Algorithm *FileHashAlgorithm `json:"algorithm,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The file hash value.
	HashValue *string `json:"hashValue,omitempty" azure:"ro"`
}

FileHashEntityProperties - FileHash entity property bag.

func (FileHashEntityProperties) MarshalJSON 

func (f FileHashEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileHashEntityProperties.

func (*FileHashEntityProperties) UnmarshalJSON 

func (f *FileHashEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileHashEntityProperties.

type FileImport 

type FileImport struct {
	// File import properties
	Properties *FileImportProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

FileImport - Represents a file import in Azure Security Insights.

func (FileImport) MarshalJSON 

func (f FileImport) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileImport.

func (*FileImport) UnmarshalJSON 

func (f *FileImport) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileImport.

type FileImportContentType 

type FileImportContentType string

FileImportContentType - The content type of this file. 

const (
	// FileImportContentTypeBasicIndicator - File containing records with the core fields of an indicator, plus the observables
	// to construct the STIX pattern.
	FileImportContentTypeBasicIndicator FileImportContentType = "BasicIndicator"
	// FileImportContentTypeStixIndicator - File containing STIX indicators.
	FileImportContentTypeStixIndicator FileImportContentType = "StixIndicator"
	// FileImportContentTypeUnspecified - File containing other records.
	FileImportContentTypeUnspecified FileImportContentType = "Unspecified"
)

func PossibleFileImportContentTypeValues 

func PossibleFileImportContentTypeValues() []FileImportContentType

PossibleFileImportContentTypeValues returns the possible values for the FileImportContentType const type.

type FileImportList 

type FileImportList struct {
	// REQUIRED; Array of file imports.
	Value []*FileImport `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of file imports.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

FileImportList - List all the file imports.

func (FileImportList) MarshalJSON 

func (f FileImportList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileImportList.

func (*FileImportList) UnmarshalJSON 

func (f *FileImportList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileImportList.

type FileImportProperties 

type FileImportProperties struct {
	// REQUIRED; The content type of this file.
	ContentType *FileImportContentType `json:"contentType,omitempty"`

	// REQUIRED; Represents the imported file.
	ImportFile *FileMetadata `json:"importFile,omitempty"`

	// REQUIRED; Describes how to ingest the records in the file.
	IngestionMode *IngestionMode `json:"ingestionMode,omitempty"`

	// REQUIRED; The source for the data in the file.
	Source *string `json:"source,omitempty"`

	// READ-ONLY; The time the file was imported.
	CreatedTimeUTC *time.Time `json:"createdTimeUTC,omitempty" azure:"ro"`

	// READ-ONLY; Represents the error file (if the import was ingested with errors or failed the validation).
	ErrorFile *FileMetadata `json:"errorFile,omitempty" azure:"ro"`

	// READ-ONLY; An ordered list of some of the errors that were encountered during validation.
	ErrorsPreview []*ValidationError `json:"errorsPreview,omitempty" azure:"ro"`

	// READ-ONLY; The time the files associated with this import are deleted from the storage account.
	FilesValidUntilTimeUTC *time.Time `json:"filesValidUntilTimeUTC,omitempty" azure:"ro"`

	// READ-ONLY; The time the file import record is soft deleted from the database and history.
	ImportValidUntilTimeUTC *time.Time `json:"importValidUntilTimeUTC,omitempty" azure:"ro"`

	// READ-ONLY; The number of records that have been successfully ingested.
	IngestedRecordCount *int32 `json:"ingestedRecordCount,omitempty" azure:"ro"`

	// READ-ONLY; The state of the file import.
	State *FileImportState `json:"state,omitempty" azure:"ro"`

	// READ-ONLY; The number of records in the file.
	TotalRecordCount *int32 `json:"totalRecordCount,omitempty" azure:"ro"`

	// READ-ONLY; The number of records that have passed validation.
	ValidRecordCount *int32 `json:"validRecordCount,omitempty" azure:"ro"`
}

FileImportProperties - Describes the FileImport's properties

func (FileImportProperties) MarshalJSON 

func (f FileImportProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileImportProperties.

func (*FileImportProperties) UnmarshalJSON 

func (f *FileImportProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileImportProperties.

type FileImportState 

type FileImportState string

FileImportState - The state of the file import. 

const (
	// FileImportStateFatalError - A fatal error has occurred while ingesting the file.
	FileImportStateFatalError FileImportState = "FatalError"
	// FileImportStateInProgress - The file ingestion is in progress.
	FileImportStateInProgress FileImportState = "InProgress"
	// FileImportStateIngested - The file has been ingested.
	FileImportStateIngested FileImportState = "Ingested"
	// FileImportStateIngestedWithErrors - The file has been ingested with errors.
	FileImportStateIngestedWithErrors FileImportState = "IngestedWithErrors"
	// FileImportStateInvalid - The file is invalid.
	FileImportStateInvalid FileImportState = "Invalid"
	// FileImportStateUnspecified - Unspecified state.
	FileImportStateUnspecified FileImportState = "Unspecified"
	// FileImportStateWaitingForUpload - Waiting for the file to be uploaded.
	FileImportStateWaitingForUpload FileImportState = "WaitingForUpload"
)

func PossibleFileImportStateValues 

func PossibleFileImportStateValues() []FileImportState

PossibleFileImportStateValues returns the possible values for the FileImportState const type.

type FileImportsClient 

type FileImportsClient struct {
	// contains filtered or unexported fields
}

FileImportsClient contains the methods for the FileImports group. Don't use this type directly, use NewFileImportsClient() instead.

func NewFileImportsClient 

func NewFileImportsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*FileImportsClient, error)

NewFileImportsClient creates a new instance of FileImportsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*FileImportsClient) BeginDelete 

func (client *FileImportsClient) BeginDelete(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, options *FileImportsClientBeginDeleteOptions) (*runtime.Poller[FileImportsClientDeleteResponse], error)

BeginDelete - Delete the file import. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • fileImportID - File import ID
  • options - FileImportsClientBeginDeleteOptions contains the optional parameters for the FileImportsClient.BeginDelete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/fileImports/DeleteFileImport.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFileImportsClient().BeginDelete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
_, err = poller.PollUntilDone(ctx, nil)
if err != nil {
	log.Fatalf("failed to pull the result: %v", err)
}

Output:

func (*FileImportsClient) Create 

func (client *FileImportsClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, fileImport FileImport, options *FileImportsClientCreateOptions) (FileImportsClientCreateResponse, error)

Create - Creates the file import. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • fileImportID - File import ID
  • fileImport - The file import
  • options - FileImportsClientCreateOptions contains the optional parameters for the FileImportsClient.Create method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/fileImports/CreateFileImport.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewFileImportsClient().Create(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", armsecurityinsights.FileImport{
	Properties: &armsecurityinsights.FileImportProperties{
		ContentType: to.Ptr(armsecurityinsights.FileImportContentTypeStixIndicator),
		ImportFile: &armsecurityinsights.FileMetadata{
			FileFormat: to.Ptr(armsecurityinsights.FileFormatJSON),
			FileName:   to.Ptr("myFile.json"),
			FileSize:   to.Ptr[int32](4653),
		},
		IngestionMode: to.Ptr(armsecurityinsights.IngestionModeIngestAnyValidRecords),
		Source:        to.Ptr("mySource"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*FileImportsClient) Get 

func (client *FileImportsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, fileImportID string, options *FileImportsClientGetOptions) (FileImportsClientGetResponse, error)

Get - Gets a file import. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • fileImportID - File import ID
  • options - FileImportsClientGetOptions contains the optional parameters for the FileImportsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/fileImports/GetFileImportById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewFileImportsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FileImport = armsecurityinsights.FileImport{
// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/FileImports"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Properties: &armsecurityinsights.FileImportProperties{
// 		ContentType: to.Ptr(armsecurityinsights.FileImportContentTypeStixIndicator),
// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-03-25T21:02:38.8350631Z"); return t}()),
// 		FilesValidUntilTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-03-26T21:02:38.8350632Z"); return t}()),
// 		ImportFile: &armsecurityinsights.FileMetadata{
// 			DeleteStatus: to.Ptr(armsecurityinsights.DeleteStatusNotDeleted),
// 			FileContentURI: to.Ptr("https://sentinelimportswus2.blob.core.windows.net/78c2e51a-3cd3-4ca0-a2d4-e7effb9a05fe/43967a5e-47a7-474e-afb8-2081e9b99ca1/myFile.json?skoid=40ca3ff4-ed1d-4c65-a409-8c6caff8a6d5&sktid=72f988bf-86f1-41af-91ab-2d7cd011db47&skt=2022-03-25T21%3A12%3A51Z&ske=2022-03-25T22%3A12%3A51Z&sks=b&skv=2020-10-02&sv=2020-08-04&st=2022-03-25T21%3A12%3A51Z&se=2022-03-25T22%3A12%3A51Z&sr=b&sp=c&sig=5n0D%2FERS6ZOQdfdO2adleeSVOM4b6mQeds%2FWYCGm9pU%3D"),
// 			FileFormat: to.Ptr(armsecurityinsights.FileFormatJSON),
// 			FileName: to.Ptr("myFile.json"),
// 			FileSize: to.Ptr[int32](5146),
// 		},
// 		ImportValidUntilTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-04-24T21:02:38.8350636Z"); return t}()),
// 		IngestedRecordCount: to.Ptr[int32](5),
// 		IngestionMode: to.Ptr(armsecurityinsights.IngestionModeIngestAnyValidRecords),
// 		Source: to.Ptr("mySource"),
// 		State: to.Ptr(armsecurityinsights.FileImportStateIngested),
// 		TotalRecordCount: to.Ptr[int32](5),
// 		ValidRecordCount: to.Ptr[int32](5),
// 	},
// }

Output:

func (*FileImportsClient) NewListPager 

func (client *FileImportsClient) NewListPager(resourceGroupName string, workspaceName string, options *FileImportsClientListOptions) *runtime.Pager[FileImportsClientListResponse]

NewListPager - Gets all file imports.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - FileImportsClientListOptions contains the optional parameters for the FileImportsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/fileImports/GetFileImports.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewFileImportsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.FileImportsClientListOptions{Filter: nil,
	Orderby:   to.Ptr("properties/createdTimeUtc desc"),
	Top:       to.Ptr[int32](1),
	SkipToken: nil,
})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.FileImportList = armsecurityinsights.FileImportList{
	// 	Value: []*armsecurityinsights.FileImport{
	// 		{
	// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/FileImports"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/FileImports/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Properties: &armsecurityinsights.FileImportProperties{
	// 				ContentType: to.Ptr(armsecurityinsights.FileImportContentTypeStixIndicator),
	// 				CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-03-25T21:02:38.8350631Z"); return t}()),
	// 				FilesValidUntilTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-03-26T21:02:38.8350632Z"); return t}()),
	// 				ImportFile: &armsecurityinsights.FileMetadata{
	// 					DeleteStatus: to.Ptr(armsecurityinsights.DeleteStatusNotDeleted),
	// 					FileFormat: to.Ptr(armsecurityinsights.FileFormatJSON),
	// 					FileName: to.Ptr("fileName.json"),
	// 					FileSize: to.Ptr[int32](5146),
	// 				},
	// 				ImportValidUntilTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-04-24T21:02:38.8350636Z"); return t}()),
	// 				IngestedRecordCount: to.Ptr[int32](5),
	// 				IngestionMode: to.Ptr(armsecurityinsights.IngestionModeIngestAnyValidRecords),
	// 				Source: to.Ptr("mySource"),
	// 				State: to.Ptr(armsecurityinsights.FileImportStateIngested),
	// 				TotalRecordCount: to.Ptr[int32](5),
	// 				ValidRecordCount: to.Ptr[int32](5),
	// 			},
	// 	}},
	// }
}

Output:

type FileImportsClientBeginDeleteOptions 

type FileImportsClientBeginDeleteOptions struct {
	// Resumes the LRO from the provided token.
	ResumeToken string
}

FileImportsClientBeginDeleteOptions contains the optional parameters for the FileImportsClient.BeginDelete method.

type FileImportsClientCreateOptions 

type FileImportsClientCreateOptions struct {
}

FileImportsClientCreateOptions contains the optional parameters for the FileImportsClient.Create method.

type FileImportsClientCreateResponse 

type FileImportsClientCreateResponse struct {
	FileImport
}

FileImportsClientCreateResponse contains the response from method FileImportsClient.Create.

type FileImportsClientDeleteResponse 

type FileImportsClientDeleteResponse struct {
	FileImport
}

FileImportsClientDeleteResponse contains the response from method FileImportsClient.BeginDelete.

type FileImportsClientGetOptions 

type FileImportsClientGetOptions struct {
}

FileImportsClientGetOptions contains the optional parameters for the FileImportsClient.Get method.

type FileImportsClientGetResponse 

type FileImportsClientGetResponse struct {
	FileImport
}

FileImportsClientGetResponse contains the response from method FileImportsClient.Get.

type FileImportsClientListOptions 

type FileImportsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

FileImportsClientListOptions contains the optional parameters for the FileImportsClient.NewListPager method.

type FileImportsClientListResponse 

type FileImportsClientListResponse struct {
	FileImportList
}

FileImportsClientListResponse contains the response from method FileImportsClient.NewListPager.

type FileMetadata 

type FileMetadata struct {
	// The format of the file
	FileFormat *FileFormat `json:"fileFormat,omitempty"`

	// The name of the file.
	FileName *string `json:"fileName,omitempty"`

	// The size of the file.
	FileSize *int32 `json:"fileSize,omitempty"`

	// READ-ONLY; Indicates whether the file was deleted from the storage account.
	DeleteStatus *DeleteStatus `json:"deleteStatus,omitempty" azure:"ro"`

	// READ-ONLY; A URI with a valid SAS token to allow uploading / downloading the file.
	FileContentURI *string `json:"fileContentUri,omitempty" azure:"ro"`
}

FileMetadata - Represents a file.

func (FileMetadata) MarshalJSON 

func (f FileMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FileMetadata.

func (*FileMetadata) UnmarshalJSON 

func (f *FileMetadata) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FileMetadata.

type FusionAlertRule 

type FusionAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Fusion alert rule properties
	Properties *FusionAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

FusionAlertRule - Represents Fusion alert rule.

func (*FusionAlertRule) GetAlertRule 

func (f *FusionAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type FusionAlertRule.

func (FusionAlertRule) MarshalJSON 

func (f FusionAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRule.

func (*FusionAlertRule) UnmarshalJSON 

func (f *FusionAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRule.

type FusionAlertRuleProperties 

type FusionAlertRuleProperties struct {
	// REQUIRED; The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// Configuration to exclude scenarios in fusion detection.
	ScenarioExclusionPatterns []*FusionScenarioExclusionPattern `json:"scenarioExclusionPatterns,omitempty"`

	// Configuration for all supported source signals in fusion detection.
	SourceSettings []*FusionSourceSettings `json:"sourceSettings,omitempty"`

	// READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty" azure:"ro"`

	// READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`

	// READ-ONLY; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"`

	// READ-ONLY; The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"`

	// READ-ONLY; The techniques of the alert rule
	Techniques []*string `json:"techniques,omitempty" azure:"ro"`
}

FusionAlertRuleProperties - Fusion alert rule base property bag.

func (FusionAlertRuleProperties) MarshalJSON 

func (f FusionAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleProperties.

func (*FusionAlertRuleProperties) UnmarshalJSON 

func (f *FusionAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleProperties.

type FusionAlertRuleTemplate 

type FusionAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Fusion alert rule template properties
	Properties *FusionAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

FusionAlertRuleTemplate - Represents Fusion alert rule template.

func (*FusionAlertRuleTemplate) GetAlertRuleTemplate 

func (f *FusionAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type FusionAlertRuleTemplate.

func (FusionAlertRuleTemplate) MarshalJSON 

func (f FusionAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplate.

func (*FusionAlertRuleTemplate) UnmarshalJSON 

func (f *FusionAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplate.

type FusionAlertRuleTemplateProperties 

type FusionAlertRuleTemplateProperties struct {
	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// The required data connectors for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// All supported source signal configurations consumed in fusion detection.
	SourceSettings []*FusionTemplateSourceSetting `json:"sourceSettings,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// The tactics of the alert rule template
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The techniques of the alert rule
	Techniques []*string `json:"techniques,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The time that this alert rule template was last updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

FusionAlertRuleTemplateProperties - Fusion alert rule template properties

func (FusionAlertRuleTemplateProperties) MarshalJSON 

func (f FusionAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionAlertRuleTemplateProperties.

func (*FusionAlertRuleTemplateProperties) UnmarshalJSON 

func (f *FusionAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionAlertRuleTemplateProperties.

type FusionScenarioExclusionPattern 

type FusionScenarioExclusionPattern struct {
	// REQUIRED; DateTime when scenario exclusion pattern is added in UTC.
	DateAddedInUTC *string `json:"dateAddedInUTC,omitempty"`

	// REQUIRED; Scenario exclusion pattern.
	ExclusionPattern *string `json:"exclusionPattern,omitempty"`
}

FusionScenarioExclusionPattern - Represents a Fusion scenario exclusion patterns in Fusion detection.

func (FusionScenarioExclusionPattern) MarshalJSON 

func (f FusionScenarioExclusionPattern) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionScenarioExclusionPattern.

func (*FusionScenarioExclusionPattern) UnmarshalJSON 

func (f *FusionScenarioExclusionPattern) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionScenarioExclusionPattern.

type FusionSourceSettings 

type FusionSourceSettings struct {
	// REQUIRED; Determines whether this source signal is enabled or disabled in Fusion detection.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; Name of the Fusion source signal. Refer to Fusion alert rule template for supported values.
	SourceName *string `json:"sourceName,omitempty"`

	// Configuration for all source subtypes under this source signal consumed in fusion detection.
	SourceSubTypes []*FusionSourceSubTypeSetting `json:"sourceSubTypes,omitempty"`
}

FusionSourceSettings - Represents a supported source signal configuration in Fusion detection.

func (FusionSourceSettings) MarshalJSON 

func (f FusionSourceSettings) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionSourceSettings.

func (*FusionSourceSettings) UnmarshalJSON 

func (f *FusionSourceSettings) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionSourceSettings.

type FusionSourceSubTypeSetting 

type FusionSourceSubTypeSetting struct {
	// REQUIRED; Determines whether this source subtype under source signal is enabled or disabled in Fusion detection.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; Severity configuration for a source subtype consumed in fusion detection.
	SeverityFilters *FusionSubTypeSeverityFilter `json:"severityFilters,omitempty"`

	// REQUIRED; The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template
	// for supported values.
	SourceSubTypeName *string `json:"sourceSubTypeName,omitempty"`

	// READ-ONLY; The display name of source subtype under a source signal consumed in Fusion detection.
	SourceSubTypeDisplayName *string `json:"sourceSubTypeDisplayName,omitempty" azure:"ro"`
}

FusionSourceSubTypeSetting - Represents a supported source subtype configuration under a source signal in Fusion detection.

func (FusionSourceSubTypeSetting) MarshalJSON 

func (f FusionSourceSubTypeSetting) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionSourceSubTypeSetting.

func (*FusionSourceSubTypeSetting) UnmarshalJSON 

func (f *FusionSourceSubTypeSetting) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionSourceSubTypeSetting.

type FusionSubTypeSeverityFilter 

type FusionSubTypeSeverityFilter struct {
	// Individual Severity configuration settings for a given source subtype consumed in Fusion detection.
	Filters []*FusionSubTypeSeverityFiltersItem `json:"filters,omitempty"`

	// READ-ONLY; Determines whether this source subtype supports severity configuration or not.
	IsSupported *bool `json:"isSupported,omitempty" azure:"ro"`
}

FusionSubTypeSeverityFilter - Represents severity configuration for a source subtype consumed in Fusion detection.

func (FusionSubTypeSeverityFilter) MarshalJSON 

func (f FusionSubTypeSeverityFilter) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionSubTypeSeverityFilter.

func (*FusionSubTypeSeverityFilter) UnmarshalJSON 

func (f *FusionSubTypeSeverityFilter) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionSubTypeSeverityFilter.

type FusionSubTypeSeverityFiltersItem 

type FusionSubTypeSeverityFiltersItem struct {
	// REQUIRED; Determines whether this severity is enabled or disabled for this source subtype consumed in Fusion detection.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; The Severity for a given source subtype consumed in Fusion detection.
	Severity *AlertSeverity `json:"severity,omitempty"`
}

FusionSubTypeSeverityFiltersItem - Represents a Severity filter setting for a given source subtype consumed in Fusion detection.

func (FusionSubTypeSeverityFiltersItem) MarshalJSON 

func (f FusionSubTypeSeverityFiltersItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionSubTypeSeverityFiltersItem.

func (*FusionSubTypeSeverityFiltersItem) UnmarshalJSON 

func (f *FusionSubTypeSeverityFiltersItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionSubTypeSeverityFiltersItem.

type FusionTemplateSourceSetting 

type FusionTemplateSourceSetting struct {
	// REQUIRED; The name of a source signal consumed in Fusion detection.
	SourceName *string `json:"sourceName,omitempty"`

	// All supported source subtypes under this source signal consumed in fusion detection.
	SourceSubTypes []*FusionTemplateSourceSubType `json:"sourceSubTypes,omitempty"`
}

FusionTemplateSourceSetting - Represents a source signal consumed in Fusion detection.

func (FusionTemplateSourceSetting) MarshalJSON 

func (f FusionTemplateSourceSetting) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionTemplateSourceSetting.

func (*FusionTemplateSourceSetting) UnmarshalJSON 

func (f *FusionTemplateSourceSetting) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionTemplateSourceSetting.

type FusionTemplateSourceSubType 

type FusionTemplateSourceSubType struct {
	// REQUIRED; Severity configuration available for a source subtype consumed in fusion detection.
	SeverityFilter *FusionTemplateSubTypeSeverityFilter `json:"severityFilter,omitempty"`

	// REQUIRED; The name of source subtype under a source signal consumed in Fusion detection.
	SourceSubTypeName *string `json:"sourceSubTypeName,omitempty"`

	// READ-ONLY; The display name of source subtype under a source signal consumed in Fusion detection.
	SourceSubTypeDisplayName *string `json:"sourceSubTypeDisplayName,omitempty" azure:"ro"`
}

FusionTemplateSourceSubType - Represents a source subtype under a source signal consumed in Fusion detection.

func (FusionTemplateSourceSubType) MarshalJSON 

func (f FusionTemplateSourceSubType) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionTemplateSourceSubType.

func (*FusionTemplateSourceSubType) UnmarshalJSON 

func (f *FusionTemplateSourceSubType) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionTemplateSourceSubType.

type FusionTemplateSubTypeSeverityFilter 

type FusionTemplateSubTypeSeverityFilter struct {
	// REQUIRED; Determines whether severity configuration is supported for this source subtype consumed in Fusion detection.
	IsSupported *bool `json:"isSupported,omitempty"`

	// List of all supported severities for this source subtype consumed in Fusion detection.
	SeverityFilters []*AlertSeverity `json:"severityFilters,omitempty"`
}

FusionTemplateSubTypeSeverityFilter - Represents severity configurations available for a source subtype consumed in Fusion detection.

func (FusionTemplateSubTypeSeverityFilter) MarshalJSON 

func (f FusionTemplateSubTypeSeverityFilter) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type FusionTemplateSubTypeSeverityFilter.

func (*FusionTemplateSubTypeSeverityFilter) UnmarshalJSON 

func (f *FusionTemplateSubTypeSeverityFilter) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type FusionTemplateSubTypeSeverityFilter.

type GeoLocation 

type GeoLocation struct {
	// READ-ONLY; Autonomous System Number
	Asn *int32 `json:"asn,omitempty" azure:"ro"`

	// READ-ONLY; City name
	City *string `json:"city,omitempty" azure:"ro"`

	// READ-ONLY; The country code according to ISO 3166 format
	CountryCode *string `json:"countryCode,omitempty" azure:"ro"`

	// READ-ONLY; Country name according to ISO 3166 Alpha 2: the lowercase of the English Short Name
	CountryName *string `json:"countryName,omitempty" azure:"ro"`

	// READ-ONLY; The longitude of the identified location, expressed as a floating point number with range of -180 to 180, with
	// positive numbers representing East and negative numbers representing West. Latitude and
	// longitude are derived from the city or postal code.
	Latitude *float64 `json:"latitude,omitempty" azure:"ro"`

	// READ-ONLY; The latitude of the identified location, expressed as a floating point number with range of - 90 to 90, with
	// positive numbers representing North and negative numbers representing South. Latitude and
	// longitude are derived from the city or postal code.
	Longitude *float64 `json:"longitude,omitempty" azure:"ro"`

	// READ-ONLY; State name
	State *string `json:"state,omitempty" azure:"ro"`
}

GeoLocation - The geo-location context attached to the ip entity

func (GeoLocation) MarshalJSON 

func (g GeoLocation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GeoLocation.

func (*GeoLocation) UnmarshalJSON 

func (g *GeoLocation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type GeoLocation.

type GetInsightsError 

type GetInsightsError string

GetInsightsError - the query kind 

const (
	GetInsightsErrorInsight GetInsightsError = "Insight"
)

func PossibleGetInsightsErrorValues 

func PossibleGetInsightsErrorValues() []GetInsightsError

PossibleGetInsightsErrorValues returns the possible values for the GetInsightsError const type.

type GetInsightsErrorKind 

type GetInsightsErrorKind struct {
	// REQUIRED; the error message
	ErrorMessage *string `json:"errorMessage,omitempty"`

	// REQUIRED; the query kind
	Kind *GetInsightsError `json:"kind,omitempty"`

	// the query id
	QueryID *string `json:"queryId,omitempty"`
}

GetInsightsErrorKind - GetInsights Query Errors.

func (GetInsightsErrorKind) MarshalJSON 

func (g GetInsightsErrorKind) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GetInsightsErrorKind.

func (*GetInsightsErrorKind) UnmarshalJSON 

func (g *GetInsightsErrorKind) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type GetInsightsErrorKind.

type GetInsightsResultsMetadata 

type GetInsightsResultsMetadata struct {
	// REQUIRED; the total items found for the insights request
	TotalCount *int32 `json:"totalCount,omitempty"`

	// information about the failed queries
	Errors []*GetInsightsErrorKind `json:"errors,omitempty"`
}

GetInsightsResultsMetadata - Get Insights result metadata.

func (GetInsightsResultsMetadata) MarshalJSON 

func (g GetInsightsResultsMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GetInsightsResultsMetadata.

func (*GetInsightsResultsMetadata) UnmarshalJSON 

func (g *GetInsightsResultsMetadata) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type GetInsightsResultsMetadata.

type GetQueriesResponse 

type GetQueriesResponse struct {
	// The query result values.
	Value []EntityQueryItemClassification `json:"value,omitempty"`
}

GetQueriesResponse - Retrieve queries for entity result operation response.

func (GetQueriesResponse) MarshalJSON 

func (g GetQueriesResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GetQueriesResponse.

func (*GetQueriesResponse) UnmarshalJSON 

func (g *GetQueriesResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type GetQueriesResponse.

type GitHubResourceInfo 

type GitHubResourceInfo struct {
	// GitHub application installation id.
	AppInstallationID *string `json:"appInstallationId,omitempty"`
}

GitHubResourceInfo - Resources created in GitHub repository.

func (GitHubResourceInfo) MarshalJSON 

func (g GitHubResourceInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GitHubResourceInfo.

func (*GitHubResourceInfo) UnmarshalJSON 

func (g *GitHubResourceInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type GitHubResourceInfo.

type GroupingConfiguration 

type GroupingConfiguration struct {
	// REQUIRED; Grouping enabled
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
	LookbackDuration *string `json:"lookbackDuration,omitempty"`

	// REQUIRED; Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails
	// must be provided and not empty.
	MatchingMethod *MatchingMethod `json:"matchingMethod,omitempty"`

	// REQUIRED; Re-open closed matching incidents
	ReopenClosedIncident *bool `json:"reopenClosedIncident,omitempty"`

	// A list of alert details to group by (when matchingMethod is Selected)
	GroupByAlertDetails []*AlertDetail `json:"groupByAlertDetails,omitempty"`

	// A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule
	// may be used.
	GroupByCustomDetails []*string `json:"groupByCustomDetails,omitempty"`

	// A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may
	// be used.
	GroupByEntities []*EntityMappingType `json:"groupByEntities,omitempty"`
}

GroupingConfiguration - Grouping configuration property bag.

func (GroupingConfiguration) MarshalJSON 

func (g GroupingConfiguration) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type GroupingConfiguration.

func (*GroupingConfiguration) UnmarshalJSON 

func (g *GroupingConfiguration) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type GroupingConfiguration.

type HostEntity 

type HostEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Host entity properties
	Properties *HostEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

HostEntity - Represents a host entity.

func (*HostEntity) GetEntity 

func (h *HostEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type HostEntity.

func (HostEntity) MarshalJSON 

func (h HostEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HostEntity.

func (*HostEntity) UnmarshalJSON 

func (h *HostEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HostEntity.

type HostEntityProperties 

type HostEntityProperties struct {
	// The operating system type.
	OSFamily *OSFamily `json:"osFamily,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The azure resource id of the VM.
	AzureID *string `json:"azureID,omitempty" azure:"ro"`

	// READ-ONLY; The DNS domain that this host belongs to. Should contain the compete DNS suffix for the domain
	DNSDomain *string `json:"dnsDomain,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The hostname without the domain suffix.
	HostName *string `json:"hostName,omitempty" azure:"ro"`

	// READ-ONLY; Determines whether this host belongs to a domain.
	IsDomainJoined *bool `json:"isDomainJoined,omitempty" azure:"ro"`

	// READ-ONLY; The host name (pre-windows2000).
	NetBiosName *string `json:"netBiosName,omitempty" azure:"ro"`

	// READ-ONLY; The NT domain that this host belongs to.
	NtDomain *string `json:"ntDomain,omitempty" azure:"ro"`

	// READ-ONLY; A free text representation of the operating system. This field is meant to hold specific versions the are more
	// fine grained than OSFamily or future values not supported by OSFamily enumeration
	OSVersion *string `json:"osVersion,omitempty" azure:"ro"`

	// READ-ONLY; The OMS agent id, if the host has OMS agent installed.
	OmsAgentID *string `json:"omsAgentID,omitempty" azure:"ro"`
}

HostEntityProperties - Host entity property bag.

func (HostEntityProperties) MarshalJSON 

func (h HostEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HostEntityProperties.

func (*HostEntityProperties) UnmarshalJSON 

func (h *HostEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HostEntityProperties.

type HuntingBookmark 

type HuntingBookmark struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// HuntingBookmark entity properties
	Properties *HuntingBookmarkProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

HuntingBookmark - Represents a Hunting bookmark entity.

func (*HuntingBookmark) GetEntity 

func (h *HuntingBookmark) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type HuntingBookmark.

func (HuntingBookmark) MarshalJSON 

func (h HuntingBookmark) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HuntingBookmark.

func (*HuntingBookmark) UnmarshalJSON 

func (h *HuntingBookmark) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmark.

type HuntingBookmarkProperties 

type HuntingBookmarkProperties struct {
	// REQUIRED; The display name of the bookmark
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The query of the bookmark.
	Query *string `json:"query,omitempty"`

	// The time the bookmark was created
	Created *time.Time `json:"created,omitempty"`

	// Describes a user that created the bookmark
	CreatedBy *UserInfo `json:"createdBy,omitempty"`

	// The time of the event
	EventTime *time.Time `json:"eventTime,omitempty"`

	// Describes an incident that relates to bookmark
	IncidentInfo *IncidentInfo `json:"incidentInfo,omitempty"`

	// List of labels relevant to this bookmark
	Labels []*string `json:"labels,omitempty"`

	// The notes of the bookmark
	Notes *string `json:"notes,omitempty"`

	// The query result of the bookmark.
	QueryResult *string `json:"queryResult,omitempty"`

	// The last time the bookmark was updated
	Updated *time.Time `json:"updated,omitempty"`

	// Describes a user that updated the bookmark
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`
}

HuntingBookmarkProperties - Describes bookmark properties

func (HuntingBookmarkProperties) MarshalJSON 

func (h HuntingBookmarkProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type HuntingBookmarkProperties.

func (*HuntingBookmarkProperties) UnmarshalJSON 

func (h *HuntingBookmarkProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type HuntingBookmarkProperties.

type IPEntity 

type IPEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Ip entity properties
	Properties *IPEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

IPEntity - Represents an ip entity.

func (*IPEntity) GetEntity 

func (i *IPEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type IPEntity.

func (IPEntity) MarshalJSON 

func (i IPEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IPEntity.

func (*IPEntity) UnmarshalJSON 

func (i *IPEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IPEntity.

type IPEntityProperties 

type IPEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6)
	Address *string `json:"address,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The geo-location context attached to the ip entity
	Location *GeoLocation `json:"location,omitempty" azure:"ro"`

	// READ-ONLY; A list of TI contexts attached to the ip entity.
	ThreatIntelligence []*ThreatIntelligence `json:"threatIntelligence,omitempty" azure:"ro"`
}

IPEntityProperties - Ip entity property bag.

func (IPEntityProperties) MarshalJSON 

func (i IPEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IPEntityProperties.

func (*IPEntityProperties) UnmarshalJSON 

func (i *IPEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IPEntityProperties.

type IPGeodataClient 

type IPGeodataClient struct {
	// contains filtered or unexported fields
}

IPGeodataClient contains the methods for the IPGeodata group. Don't use this type directly, use NewIPGeodataClient() instead.

func NewIPGeodataClient 

func NewIPGeodataClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IPGeodataClient, error)

NewIPGeodataClient creates a new instance of IPGeodataClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*IPGeodataClient) Get 

func (client *IPGeodataClient) Get(ctx context.Context, resourceGroupName string, ipAddress string, options *IPGeodataClientGetOptions) (IPGeodataClientGetResponse, error)

Get - Get geodata for a single IP address If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • ipAddress - IP address (v4 or v6) to be enriched
  • options - IPGeodataClientGetOptions contains the optional parameters for the IPGeodataClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/enrichment/GetGeodataByIp.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIPGeodataClient().Get(ctx, "myRg", "1.2.3.4", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.EnrichmentIPGeodata = armsecurityinsights.EnrichmentIPGeodata{
// 	Asn: to.Ptr("12345"),
// 	Carrier: to.Ptr("Microsoft"),
// 	City: to.Ptr("Redmond"),
// 	CityCf: to.Ptr[int32](90),
// 	Continent: to.Ptr("north america"),
// 	Country: to.Ptr("united states"),
// 	CountryCf: to.Ptr[int32](99),
// 	IPAddr: to.Ptr("1.2.3.4"),
// 	IPRoutingType: to.Ptr("fixed"),
// 	Latitude: to.Ptr("40.2436"),
// 	Longitude: to.Ptr("-100.8891"),
// 	Organization: to.Ptr("Microsoft"),
// 	OrganizationType: to.Ptr("tech"),
// 	Region: to.Ptr("western usa"),
// 	State: to.Ptr("washington"),
// 	StateCode: to.Ptr("wa"),
// }

Output:

type IPGeodataClientGetOptions 

type IPGeodataClientGetOptions struct {
}

IPGeodataClientGetOptions contains the optional parameters for the IPGeodataClient.Get method.

type IPGeodataClientGetResponse 

type IPGeodataClientGetResponse struct {
	EnrichmentIPGeodata
}

IPGeodataClientGetResponse contains the response from method IPGeodataClient.Get.

type Incident 

type Incident struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Incident properties
	Properties *IncidentProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Incident - Represents an incident in Azure Security Insights.

func (Incident) MarshalJSON 

func (i Incident) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Incident.

func (*Incident) UnmarshalJSON 

func (i *Incident) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Incident.

type IncidentAdditionalData 

type IncidentAdditionalData struct {
	// READ-ONLY; List of product names of alerts in the incident
	AlertProductNames []*string `json:"alertProductNames,omitempty" azure:"ro"`

	// READ-ONLY; The number of alerts in the incident
	AlertsCount *int32 `json:"alertsCount,omitempty" azure:"ro"`

	// READ-ONLY; The number of bookmarks in the incident
	BookmarksCount *int32 `json:"bookmarksCount,omitempty" azure:"ro"`

	// READ-ONLY; The number of comments in the incident
	CommentsCount *int32 `json:"commentsCount,omitempty" azure:"ro"`

	// READ-ONLY; The provider incident url to the incident in Microsoft 365 Defender portal
	ProviderIncidentURL *string `json:"providerIncidentUrl,omitempty" azure:"ro"`

	// READ-ONLY; The tactics associated with incident
	Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"`

	// READ-ONLY; The techniques associated with incident's tactics'
	Techniques []*string `json:"techniques,omitempty" azure:"ro"`
}

IncidentAdditionalData - Incident additional data property bag.

func (IncidentAdditionalData) MarshalJSON 

func (i IncidentAdditionalData) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentAdditionalData.

func (*IncidentAdditionalData) UnmarshalJSON 

func (i *IncidentAdditionalData) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentAdditionalData.

type IncidentAlertList 

type IncidentAlertList struct {
	// REQUIRED; Array of incident alerts.
	Value []*SecurityAlert `json:"value,omitempty"`
}

IncidentAlertList - List of incident alerts.

func (IncidentAlertList) MarshalJSON 

func (i IncidentAlertList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentAlertList.

func (*IncidentAlertList) UnmarshalJSON 

func (i *IncidentAlertList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentAlertList.

type IncidentBookmarkList 

type IncidentBookmarkList struct {
	// REQUIRED; Array of incident bookmarks.
	Value []*HuntingBookmark `json:"value,omitempty"`
}

IncidentBookmarkList - List of incident bookmarks.

func (IncidentBookmarkList) MarshalJSON 

func (i IncidentBookmarkList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentBookmarkList.

func (*IncidentBookmarkList) UnmarshalJSON 

func (i *IncidentBookmarkList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentBookmarkList.

type IncidentClassification 

type IncidentClassification string

IncidentClassification - The reason the incident was closed 

const (
	// IncidentClassificationBenignPositive - Incident was benign positive
	IncidentClassificationBenignPositive IncidentClassification = "BenignPositive"
	// IncidentClassificationFalsePositive - Incident was false positive
	IncidentClassificationFalsePositive IncidentClassification = "FalsePositive"
	// IncidentClassificationTruePositive - Incident was true positive
	IncidentClassificationTruePositive IncidentClassification = "TruePositive"
	// IncidentClassificationUndetermined - Incident classification was undetermined
	IncidentClassificationUndetermined IncidentClassification = "Undetermined"
)

func PossibleIncidentClassificationValues 

func PossibleIncidentClassificationValues() []IncidentClassification

PossibleIncidentClassificationValues returns the possible values for the IncidentClassification const type.

type IncidentClassificationReason 

type IncidentClassificationReason string

IncidentClassificationReason - The classification reason the incident was closed with 

const (
	// IncidentClassificationReasonInaccurateData - Classification reason was inaccurate data
	IncidentClassificationReasonInaccurateData IncidentClassificationReason = "InaccurateData"
	// IncidentClassificationReasonIncorrectAlertLogic - Classification reason was incorrect alert logic
	IncidentClassificationReasonIncorrectAlertLogic IncidentClassificationReason = "IncorrectAlertLogic"
	// IncidentClassificationReasonSuspiciousActivity - Classification reason was suspicious activity
	IncidentClassificationReasonSuspiciousActivity IncidentClassificationReason = "SuspiciousActivity"
	// IncidentClassificationReasonSuspiciousButExpected - Classification reason was suspicious but expected
	IncidentClassificationReasonSuspiciousButExpected IncidentClassificationReason = "SuspiciousButExpected"
)

func PossibleIncidentClassificationReasonValues 

func PossibleIncidentClassificationReasonValues() []IncidentClassificationReason

PossibleIncidentClassificationReasonValues returns the possible values for the IncidentClassificationReason const type.

type IncidentComment 

type IncidentComment struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Incident comment properties
	Properties *IncidentCommentProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

IncidentComment - Represents an incident comment

func (IncidentComment) MarshalJSON 

func (i IncidentComment) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentComment.

func (*IncidentComment) UnmarshalJSON 

func (i *IncidentComment) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentComment.

type IncidentCommentList 

type IncidentCommentList struct {
	// REQUIRED; Array of comments.
	Value []*IncidentComment `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of comments.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

IncidentCommentList - List of incident comments.

func (IncidentCommentList) MarshalJSON 

func (i IncidentCommentList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentCommentList.

func (*IncidentCommentList) UnmarshalJSON 

func (i *IncidentCommentList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentList.

type IncidentCommentProperties 

type IncidentCommentProperties struct {
	// REQUIRED; The comment message
	Message *string `json:"message,omitempty"`

	// READ-ONLY; Describes the client that created the comment
	Author *ClientInfo `json:"author,omitempty" azure:"ro"`

	// READ-ONLY; The time the comment was created
	CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; The time the comment was updated
	LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"`
}

IncidentCommentProperties - Incident comment property bag.

func (IncidentCommentProperties) MarshalJSON 

func (i IncidentCommentProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentCommentProperties.

func (*IncidentCommentProperties) UnmarshalJSON 

func (i *IncidentCommentProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentCommentProperties.

type IncidentCommentsClient 

type IncidentCommentsClient struct {
	// contains filtered or unexported fields
}

IncidentCommentsClient contains the methods for the IncidentComments group. Don't use this type directly, use NewIncidentCommentsClient() instead.

func NewIncidentCommentsClient 

func NewIncidentCommentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IncidentCommentsClient, error)

NewIncidentCommentsClient creates a new instance of IncidentCommentsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*IncidentCommentsClient) CreateOrUpdate 

func (client *IncidentCommentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, incidentComment IncidentComment, options *IncidentCommentsClientCreateOrUpdateOptions) (IncidentCommentsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the incident comment. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • incidentCommentID - Incident comment ID
  • incidentComment - The incident comment
  • options - IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/comments/CreateIncidentComment.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIncidentCommentsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", armsecurityinsights.IncidentComment{
	Properties: &armsecurityinsights.IncidentCommentProperties{
		Message: to.Ptr("Some message"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.IncidentComment = armsecurityinsights.IncidentComment{
// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents/comments"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
// 	Properties: &armsecurityinsights.IncidentCommentProperties{
// 		Author: &armsecurityinsights.ClientInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john.doe@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 			UserPrincipalName: to.Ptr("john@contoso.com"),
// 		},
// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 		LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-03T11:10:30Z"); return t}()),
// 		Message: to.Ptr("Some message"),
// 	},
// }

Output:

func (*IncidentCommentsClient) Delete 

func (client *IncidentCommentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, options *IncidentCommentsClientDeleteOptions) (IncidentCommentsClientDeleteResponse, error)

Delete - Delete the incident comment. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • incidentCommentID - Incident comment ID
  • options - IncidentCommentsClientDeleteOptions contains the optional parameters for the IncidentCommentsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/comments/DeleteIncidentComment.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewIncidentCommentsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*IncidentCommentsClient) Get 

func (client *IncidentCommentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incidentCommentID string, options *IncidentCommentsClientGetOptions) (IncidentCommentsClientGetResponse, error)

Get - Gets an incident comment. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • incidentCommentID - Incident comment ID
  • options - IncidentCommentsClientGetOptions contains the optional parameters for the IncidentCommentsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/comments/GetIncidentCommentById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIncidentCommentsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.IncidentComment = armsecurityinsights.IncidentComment{
// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents/comments"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
// 	Properties: &armsecurityinsights.IncidentCommentProperties{
// 		Author: &armsecurityinsights.ClientInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john.doe@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 			UserPrincipalName: to.Ptr("john@contoso.com"),
// 		},
// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 		LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-03T11:10:30Z"); return t}()),
// 		Message: to.Ptr("Some message"),
// 	},
// }

Output:

func (*IncidentCommentsClient) NewListPager 

func (client *IncidentCommentsClient) NewListPager(resourceGroupName string, workspaceName string, incidentID string, options *IncidentCommentsClientListOptions) *runtime.Pager[IncidentCommentsClientListResponse]

NewListPager - Gets all incident comments.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentCommentsClientListOptions contains the optional parameters for the IncidentCommentsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/comments/GetAllIncidentComments.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewIncidentCommentsClient().NewListPager("myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", &armsecurityinsights.IncidentCommentsClientListOptions{Filter: nil,
	Orderby:   nil,
	Top:       nil,
	SkipToken: nil,
})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.IncidentCommentList = armsecurityinsights.IncidentCommentList{
	// 	Value: []*armsecurityinsights.IncidentComment{
	// 		{
	// 			Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/incidents/comments"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5/comments/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 			Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
	// 			Properties: &armsecurityinsights.IncidentCommentProperties{
	// 				Author: &armsecurityinsights.ClientInfo{
	// 					Name: to.Ptr("john doe"),
	// 					Email: to.Ptr("john.doe@contoso.com"),
	// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 					UserPrincipalName: to.Ptr("john@contoso.com"),
	// 				},
	// 				CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
	// 				LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-03T11:10:30Z"); return t}()),
	// 				Message: to.Ptr("Some message"),
	// 			},
	// 	}},
	// }
}

Output:

type IncidentCommentsClientCreateOrUpdateOptions 

type IncidentCommentsClientCreateOrUpdateOptions struct {
}

IncidentCommentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentCommentsClient.CreateOrUpdate method.

type IncidentCommentsClientCreateOrUpdateResponse 

type IncidentCommentsClientCreateOrUpdateResponse struct {
	IncidentComment
}

IncidentCommentsClientCreateOrUpdateResponse contains the response from method IncidentCommentsClient.CreateOrUpdate.

type IncidentCommentsClientDeleteOptions 

type IncidentCommentsClientDeleteOptions struct {
}

IncidentCommentsClientDeleteOptions contains the optional parameters for the IncidentCommentsClient.Delete method.

type IncidentCommentsClientDeleteResponse 

type IncidentCommentsClientDeleteResponse struct {
}

IncidentCommentsClientDeleteResponse contains the response from method IncidentCommentsClient.Delete.

type IncidentCommentsClientGetOptions 

type IncidentCommentsClientGetOptions struct {
}

IncidentCommentsClientGetOptions contains the optional parameters for the IncidentCommentsClient.Get method.

type IncidentCommentsClientGetResponse 

type IncidentCommentsClientGetResponse struct {
	IncidentComment
}

IncidentCommentsClientGetResponse contains the response from method IncidentCommentsClient.Get.

type IncidentCommentsClientListOptions 

type IncidentCommentsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

IncidentCommentsClientListOptions contains the optional parameters for the IncidentCommentsClient.NewListPager method.

type IncidentCommentsClientListResponse 

type IncidentCommentsClientListResponse struct {
	IncidentCommentList
}

IncidentCommentsClientListResponse contains the response from method IncidentCommentsClient.NewListPager.

type IncidentConfiguration 

type IncidentConfiguration struct {
	// REQUIRED; Create incidents from alerts triggered by this analytics rule
	CreateIncident *bool `json:"createIncident,omitempty"`

	// Set how the alerts that are triggered by this analytics rule, are grouped into incidents
	GroupingConfiguration *GroupingConfiguration `json:"groupingConfiguration,omitempty"`
}

IncidentConfiguration - Incident Configuration property bag.

func (IncidentConfiguration) MarshalJSON 

func (i IncidentConfiguration) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentConfiguration.

func (*IncidentConfiguration) UnmarshalJSON 

func (i *IncidentConfiguration) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentConfiguration.

type IncidentEntitiesResponse 

type IncidentEntitiesResponse struct {
	// Array of the incident related entities.
	Entities []EntityClassification `json:"entities,omitempty"`

	// The metadata from the incident related entities results.
	MetaData []*IncidentEntitiesResultsMetadata `json:"metaData,omitempty"`
}

IncidentEntitiesResponse - The incident related entities response.

func (IncidentEntitiesResponse) MarshalJSON 

func (i IncidentEntitiesResponse) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentEntitiesResponse.

func (*IncidentEntitiesResponse) UnmarshalJSON 

func (i *IncidentEntitiesResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResponse.

type IncidentEntitiesResultsMetadata 

type IncidentEntitiesResultsMetadata struct {
	// REQUIRED; Total number of aggregations of the given kind in the incident related entities result.
	Count *int32 `json:"count,omitempty"`

	// REQUIRED; The kind of the aggregated entity.
	EntityKind *EntityKind `json:"entityKind,omitempty"`
}

IncidentEntitiesResultsMetadata - Information of a specific aggregation in the incident related entities result.

func (IncidentEntitiesResultsMetadata) MarshalJSON 

func (i IncidentEntitiesResultsMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentEntitiesResultsMetadata.

func (*IncidentEntitiesResultsMetadata) UnmarshalJSON 

func (i *IncidentEntitiesResultsMetadata) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentEntitiesResultsMetadata.

type IncidentInfo 

type IncidentInfo struct {
	// Incident Id
	IncidentID *string `json:"incidentId,omitempty"`

	// Relation Name
	RelationName *string `json:"relationName,omitempty"`

	// The severity of the incident
	Severity *IncidentSeverity `json:"severity,omitempty"`

	// The title of the incident
	Title *string `json:"title,omitempty"`
}

IncidentInfo - Describes related incident information for the bookmark

func (IncidentInfo) MarshalJSON 

func (i IncidentInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentInfo.

func (*IncidentInfo) UnmarshalJSON 

func (i *IncidentInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentInfo.

type IncidentLabel 

type IncidentLabel struct {
	// REQUIRED; The name of the label
	LabelName *string `json:"labelName,omitempty"`

	// READ-ONLY; The type of the label
	LabelType *IncidentLabelType `json:"labelType,omitempty" azure:"ro"`
}

IncidentLabel - Represents an incident label

func (IncidentLabel) MarshalJSON 

func (i IncidentLabel) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentLabel.

func (*IncidentLabel) UnmarshalJSON 

func (i *IncidentLabel) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentLabel.

type IncidentLabelType 

type IncidentLabelType string

IncidentLabelType - The type of the label 

const (
	// IncidentLabelTypeAutoAssigned - Label automatically created by the system
	IncidentLabelTypeAutoAssigned IncidentLabelType = "AutoAssigned"
	// IncidentLabelTypeUser - Label manually created by a user
	IncidentLabelTypeUser IncidentLabelType = "User"
)

func PossibleIncidentLabelTypeValues 

func PossibleIncidentLabelTypeValues() []IncidentLabelType

PossibleIncidentLabelTypeValues returns the possible values for the IncidentLabelType const type.

type IncidentList 

type IncidentList struct {
	// REQUIRED; Array of incidents.
	Value []*Incident `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of incidents.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

IncidentList - List all the incidents.

func (IncidentList) MarshalJSON 

func (i IncidentList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentList.

func (*IncidentList) UnmarshalJSON 

func (i *IncidentList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentList.

type IncidentOwnerInfo 

type IncidentOwnerInfo struct {
	// The name of the user the incident is assigned to.
	AssignedTo *string `json:"assignedTo,omitempty"`

	// The email of the user the incident is assigned to.
	Email *string `json:"email,omitempty"`

	// The object id of the user the incident is assigned to.
	ObjectID *string `json:"objectId,omitempty"`

	// The type of the owner the incident is assigned to.
	OwnerType *OwnerType `json:"ownerType,omitempty"`

	// The user principal name of the user the incident is assigned to.
	UserPrincipalName *string `json:"userPrincipalName,omitempty"`
}

IncidentOwnerInfo - Information on the user an incident is assigned to

func (IncidentOwnerInfo) MarshalJSON 

func (i IncidentOwnerInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentOwnerInfo.

func (*IncidentOwnerInfo) UnmarshalJSON 

func (i *IncidentOwnerInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentOwnerInfo.

type IncidentProperties 

type IncidentProperties struct {
	// REQUIRED; The severity of the incident
	Severity *IncidentSeverity `json:"severity,omitempty"`

	// REQUIRED; The status of the incident
	Status *IncidentStatus `json:"status,omitempty"`

	// REQUIRED; The title of the incident
	Title *string `json:"title,omitempty"`

	// The reason the incident was closed
	Classification *IncidentClassification `json:"classification,omitempty"`

	// Describes the reason the incident was closed
	ClassificationComment *string `json:"classificationComment,omitempty"`

	// The classification reason the incident was closed with
	ClassificationReason *IncidentClassificationReason `json:"classificationReason,omitempty"`

	// The description of the incident
	Description *string `json:"description,omitempty"`

	// The time of the first activity in the incident
	FirstActivityTimeUTC *time.Time `json:"firstActivityTimeUtc,omitempty"`

	// List of labels relevant to this incident
	Labels []*IncidentLabel `json:"labels,omitempty"`

	// The time of the last activity in the incident
	LastActivityTimeUTC *time.Time `json:"lastActivityTimeUtc,omitempty"`

	// Describes a user that the incident is assigned to
	Owner *IncidentOwnerInfo `json:"owner,omitempty"`

	// The incident ID assigned by the incident provider
	ProviderIncidentID *string `json:"providerIncidentId,omitempty"`

	// The name of the source provider that generated the incident
	ProviderName *string `json:"providerName,omitempty"`

	// Describes a team for the incident
	TeamInformation *TeamInformation `json:"teamInformation,omitempty"`

	// READ-ONLY; Additional data on the incident
	AdditionalData *IncidentAdditionalData `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The time the incident was created
	CreatedTimeUTC *time.Time `json:"createdTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; A sequential number
	IncidentNumber *int32 `json:"incidentNumber,omitempty" azure:"ro"`

	// READ-ONLY; The deep-link url to the incident in Azure portal
	IncidentURL *string `json:"incidentUrl,omitempty" azure:"ro"`

	// READ-ONLY; The last time the incident was updated
	LastModifiedTimeUTC *time.Time `json:"lastModifiedTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; List of resource ids of Analytic rules related to the incident
	RelatedAnalyticRuleIDs []*string `json:"relatedAnalyticRuleIds,omitempty" azure:"ro"`
}

IncidentProperties - Describes incident properties

func (IncidentProperties) MarshalJSON 

func (i IncidentProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentProperties.

func (*IncidentProperties) UnmarshalJSON 

func (i *IncidentProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentProperties.

type IncidentPropertiesAction 

type IncidentPropertiesAction struct {
	// The reason the incident was closed
	Classification *IncidentClassification `json:"classification,omitempty"`

	// Describes the reason the incident was closed.
	ClassificationComment *string `json:"classificationComment,omitempty"`

	// The classification reason the incident was closed with
	ClassificationReason *IncidentClassificationReason `json:"classificationReason,omitempty"`

	// List of labels to add to the incident.
	Labels []*IncidentLabel `json:"labels,omitempty"`

	// Information on the user an incident is assigned to
	Owner *IncidentOwnerInfo `json:"owner,omitempty"`

	// The severity of the incident
	Severity *IncidentSeverity `json:"severity,omitempty"`

	// The status of the incident
	Status *IncidentStatus `json:"status,omitempty"`
}

func (IncidentPropertiesAction) MarshalJSON 

func (i IncidentPropertiesAction) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IncidentPropertiesAction.

func (*IncidentPropertiesAction) UnmarshalJSON 

func (i *IncidentPropertiesAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IncidentPropertiesAction.

type IncidentRelationsClient 

type IncidentRelationsClient struct {
	// contains filtered or unexported fields
}

IncidentRelationsClient contains the methods for the IncidentRelations group. Don't use this type directly, use NewIncidentRelationsClient() instead.

func NewIncidentRelationsClient 

func NewIncidentRelationsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IncidentRelationsClient, error)

NewIncidentRelationsClient creates a new instance of IncidentRelationsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*IncidentRelationsClient) CreateOrUpdate 

func (client *IncidentRelationsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, relation Relation, options *IncidentRelationsClientCreateOrUpdateOptions) (IncidentRelationsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the incident relation. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • relationName - Relation Name
  • relation - The relation model
  • options - IncidentRelationsClientCreateOrUpdateOptions contains the optional parameters for the IncidentRelationsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/relations/CreateIncidentRelation.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIncidentRelationsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", armsecurityinsights.Relation{
	Properties: &armsecurityinsights.RelationProperties{
		RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Relation = armsecurityinsights.Relation{
// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
// 	Properties: &armsecurityinsights.RelationProperties{
// 		RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"),
// 		RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"),
// 		RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
// 	},
// }

Output:

func (*IncidentRelationsClient) Delete 

func (client *IncidentRelationsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, options *IncidentRelationsClientDeleteOptions) (IncidentRelationsClientDeleteResponse, error)

Delete - Delete the incident relation. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • relationName - Relation Name
  • options - IncidentRelationsClientDeleteOptions contains the optional parameters for the IncidentRelationsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/relations/DeleteIncidentRelation.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewIncidentRelationsClient().Delete(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*IncidentRelationsClient) Get 

func (client *IncidentRelationsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, relationName string, options *IncidentRelationsClientGetOptions) (IncidentRelationsClientGetResponse, error)

Get - Gets an incident relation. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • relationName - Relation Name
  • options - IncidentRelationsClientGetOptions contains the optional parameters for the IncidentRelationsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/relations/GetIncidentRelationByName.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIncidentRelationsClient().Get(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Relation = armsecurityinsights.Relation{
// 	Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
// 	Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
// 	Properties: &armsecurityinsights.RelationProperties{
// 		RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"),
// 		RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"),
// 		RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
// 	},
// }

Output:

func (*IncidentRelationsClient) NewListPager 

func (client *IncidentRelationsClient) NewListPager(resourceGroupName string, workspaceName string, incidentID string, options *IncidentRelationsClientListOptions) *runtime.Pager[IncidentRelationsClientListResponse]

NewListPager - Gets all incident relations.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentRelationsClientListOptions contains the optional parameters for the IncidentRelationsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/relations/GetAllIncidentRelations.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewIncidentRelationsClient().NewListPager("myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", &armsecurityinsights.IncidentRelationsClientListOptions{Filter: nil,
	Orderby:   nil,
	Top:       nil,
	SkipToken: nil,
})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.RelationList = armsecurityinsights.RelationList{
	// 	Value: []*armsecurityinsights.Relation{
	// 		{
	// 			Name: to.Ptr("4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014"),
	// 			Etag: to.Ptr("190057d0-0000-0d00-0000-5c6f5adb0000"),
	// 			Properties: &armsecurityinsights.RelationProperties{
	// 				RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096"),
	// 				RelatedResourceName: to.Ptr("2216d0e1-91e3-4902-89fd-d2df8c535096"),
	// 				RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/bookmarks"),
	// 			},
	// 		},
	// 		{
	// 			Name: to.Ptr("9673a17d-8bc7-4ca6-88ee-38a4f3efc032"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/incidents/relations"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032"),
	// 			Etag: to.Ptr("6f714025-dd7c-46aa-b5d0-b9857488d060"),
	// 			Properties: &armsecurityinsights.RelationProperties{
	// 				RelatedResourceID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af"),
	// 				RelatedResourceKind: to.Ptr("SecurityAlert"),
	// 				RelatedResourceName: to.Ptr("1dd267cd-8a1f-4f6f-b92c-da43ac8819af"),
	// 				RelatedResourceType: to.Ptr("Microsoft.SecurityInsights/entities"),
	// 			},
	// 	}},
	// }
}

Output:

type IncidentRelationsClientCreateOrUpdateOptions 

type IncidentRelationsClientCreateOrUpdateOptions struct {
}

IncidentRelationsClientCreateOrUpdateOptions contains the optional parameters for the IncidentRelationsClient.CreateOrUpdate method.

type IncidentRelationsClientCreateOrUpdateResponse 

type IncidentRelationsClientCreateOrUpdateResponse struct {
	Relation
}

IncidentRelationsClientCreateOrUpdateResponse contains the response from method IncidentRelationsClient.CreateOrUpdate.

type IncidentRelationsClientDeleteOptions 

type IncidentRelationsClientDeleteOptions struct {
}

IncidentRelationsClientDeleteOptions contains the optional parameters for the IncidentRelationsClient.Delete method.

type IncidentRelationsClientDeleteResponse 

type IncidentRelationsClientDeleteResponse struct {
}

IncidentRelationsClientDeleteResponse contains the response from method IncidentRelationsClient.Delete.

type IncidentRelationsClientGetOptions 

type IncidentRelationsClientGetOptions struct {
}

IncidentRelationsClientGetOptions contains the optional parameters for the IncidentRelationsClient.Get method.

type IncidentRelationsClientGetResponse 

type IncidentRelationsClientGetResponse struct {
	Relation
}

IncidentRelationsClientGetResponse contains the response from method IncidentRelationsClient.Get.

type IncidentRelationsClientListOptions 

type IncidentRelationsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

IncidentRelationsClientListOptions contains the optional parameters for the IncidentRelationsClient.NewListPager method.

type IncidentRelationsClientListResponse 

type IncidentRelationsClientListResponse struct {
	RelationList
}

IncidentRelationsClientListResponse contains the response from method IncidentRelationsClient.NewListPager.

type IncidentSeverity 

type IncidentSeverity string

IncidentSeverity - The severity of the incident 

const (
	// IncidentSeverityHigh - High severity
	IncidentSeverityHigh IncidentSeverity = "High"
	// IncidentSeverityInformational - Informational severity
	IncidentSeverityInformational IncidentSeverity = "Informational"
	// IncidentSeverityLow - Low severity
	IncidentSeverityLow IncidentSeverity = "Low"
	// IncidentSeverityMedium - Medium severity
	IncidentSeverityMedium IncidentSeverity = "Medium"
)

func PossibleIncidentSeverityValues 

func PossibleIncidentSeverityValues() []IncidentSeverity

PossibleIncidentSeverityValues returns the possible values for the IncidentSeverity const type.

type IncidentStatus 

type IncidentStatus string

IncidentStatus - The status of the incident 

const (
	// IncidentStatusActive - An active incident which is being handled
	IncidentStatusActive IncidentStatus = "Active"
	// IncidentStatusClosed - A non-active incident
	IncidentStatusClosed IncidentStatus = "Closed"
	// IncidentStatusNew - An active incident which isn't being handled currently
	IncidentStatusNew IncidentStatus = "New"
)

func PossibleIncidentStatusValues 

func PossibleIncidentStatusValues() []IncidentStatus

PossibleIncidentStatusValues returns the possible values for the IncidentStatus const type.

type IncidentsClient 

type IncidentsClient struct {
	// contains filtered or unexported fields
}

IncidentsClient contains the methods for the Incidents group. Don't use this type directly, use NewIncidentsClient() instead.

func NewIncidentsClient 

func NewIncidentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*IncidentsClient, error)

NewIncidentsClient creates a new instance of IncidentsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*IncidentsClient) CreateOrUpdate 

func (client *IncidentsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, incident Incident, options *IncidentsClientCreateOrUpdateOptions) (IncidentsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • incident - The incident
  • options - IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/CreateIncident.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIncidentsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", armsecurityinsights.Incident{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Properties: &armsecurityinsights.IncidentProperties{
		Description:           to.Ptr("This is a demo incident"),
		Classification:        to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive),
		ClassificationComment: to.Ptr("Not a malicious activity"),
		ClassificationReason:  to.Ptr(armsecurityinsights.IncidentClassificationReasonIncorrectAlertLogic),
		FirstActivityTimeUTC:  to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30Z"); return t }()),
		LastActivityTimeUTC:   to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30Z"); return t }()),
		Owner: &armsecurityinsights.IncidentOwnerInfo{
			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
		},
		Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
		Status:   to.Ptr(armsecurityinsights.IncidentStatusClosed),
		Title:    to.Ptr("My incident"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Incident = armsecurityinsights.Incident{
// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0001\""),
// 	Properties: &armsecurityinsights.IncidentProperties{
// 		Description: to.Ptr("This is a demo incident"),
// 		AdditionalData: &armsecurityinsights.IncidentAdditionalData{
// 			AlertProductNames: []*string{
// 			},
// 			AlertsCount: to.Ptr[int32](0),
// 			BookmarksCount: to.Ptr[int32](0),
// 			CommentsCount: to.Ptr[int32](3),
// 			ProviderIncidentURL: to.Ptr("https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f"),
// 			Tactics: []*armsecurityinsights.AttackTactic{
// 			},
// 			Techniques: []*string{
// 			},
// 		},
// 		Classification: to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive),
// 		ClassificationComment: to.Ptr("Not a malicious activity"),
// 		ClassificationReason: to.Ptr(armsecurityinsights.IncidentClassificationReasonIncorrectAlertLogic),
// 		CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 		FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30Z"); return t}()),
// 		IncidentNumber: to.Ptr[int32](3177),
// 		IncidentURL: to.Ptr("https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 		Labels: []*armsecurityinsights.IncidentLabel{
// 		},
// 		LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30Z"); return t}()),
// 		LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 		Owner: &armsecurityinsights.IncidentOwnerInfo{
// 			AssignedTo: to.Ptr("john doe"),
// 			Email: to.Ptr("john.doe@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 			OwnerType: to.Ptr(armsecurityinsights.OwnerTypeUser),
// 			UserPrincipalName: to.Ptr("john@contoso.com"),
// 		},
// 		ProviderIncidentID: to.Ptr("3177"),
// 		ProviderName: to.Ptr("Azure Sentinel"),
// 		RelatedAnalyticRuleIDs: []*string{
// 		},
// 		Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
// 		Status: to.Ptr(armsecurityinsights.IncidentStatusClosed),
// 		Title: to.Ptr("My incident"),
// 	},
// }

Output:

func (*IncidentsClient) CreateTeam 

func (client *IncidentsClient) CreateTeam(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, teamProperties TeamProperties, options *IncidentsClientCreateTeamOptions) (IncidentsClientCreateTeamResponse, error)

CreateTeam - Creates a Microsoft team to investigate the incident by sharing information and insights between participants. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • teamProperties - Team properties
  • options - IncidentsClientCreateTeamOptions contains the optional parameters for the IncidentsClient.CreateTeam method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/CreateTeam.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIncidentsClient().CreateTeam(ctx, "ambawolvese5resourcegroup", "AmbaE5WestCentralUS", "69a30280-6a4c-4aa7-9af0-5d63f335d600", armsecurityinsights.TeamProperties{
	TeamDescription: to.Ptr("Team description"),
	TeamName:        to.Ptr("Team name"),
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.TeamInformation = armsecurityinsights.TeamInformation{
// 	Name: to.Ptr("Team name"),
// 	Description: to.Ptr("Team description"),
// 	PrimaryChannelURL: to.Ptr("https://teams.microsoft.com/l/team/19:80bf3b25485b4067b7d2dc4eec9e1578%40thread.tacv2/conversations?groupId=99978838-9bda-4ad4-8f93-4cf7ebc50ca5&tenantId=5b5a146c-eba8-46af-96f8-e31b50d15a3f"),
// 	TeamCreationTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-03-15T17:08:21.9954238+02:00"); return t}()),
// 	TeamID: to.Ptr("99978838-9bda-4ad4-8f93-4cf7ebc50ca5"),
// }

Output:

func (*IncidentsClient) Delete 

func (client *IncidentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientDeleteOptions) (IncidentsClientDeleteResponse, error)

Delete - Delete the incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentsClientDeleteOptions contains the optional parameters for the IncidentsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/DeleteIncident.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewIncidentsClient().Delete(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*IncidentsClient) Get 

func (client *IncidentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientGetOptions) (IncidentsClientGetResponse, error)

Get - Gets an incident. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentsClientGetOptions contains the optional parameters for the IncidentsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/GetIncidentById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIncidentsClient().Get(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ab5", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Incident = armsecurityinsights.Incident{
// 	Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/incidents"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.IncidentProperties{
// 		Description: to.Ptr("This is a demo incident"),
// 		AdditionalData: &armsecurityinsights.IncidentAdditionalData{
// 			AlertProductNames: []*string{
// 			},
// 			AlertsCount: to.Ptr[int32](0),
// 			BookmarksCount: to.Ptr[int32](0),
// 			CommentsCount: to.Ptr[int32](3),
// 			ProviderIncidentURL: to.Ptr("https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f"),
// 			Tactics: []*armsecurityinsights.AttackTactic{
// 				to.Ptr(armsecurityinsights.AttackTacticInitialAccess),
// 				to.Ptr(armsecurityinsights.AttackTacticPersistence)},
// 				Techniques: []*string{
// 					to.Ptr("T1091"),
// 					to.Ptr("T1133"),
// 					to.Ptr("T1053")},
// 				},
// 				Classification: to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive),
// 				ClassificationComment: to.Ptr("Not a malicious activity"),
// 				ClassificationReason: to.Ptr(armsecurityinsights.IncidentClassificationReasonInaccurateData),
// 				CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 				FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30Z"); return t}()),
// 				IncidentNumber: to.Ptr[int32](3177),
// 				IncidentURL: to.Ptr("https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
// 				Labels: []*armsecurityinsights.IncidentLabel{
// 				},
// 				LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30Z"); return t}()),
// 				LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
// 				Owner: &armsecurityinsights.IncidentOwnerInfo{
// 					AssignedTo: to.Ptr("john doe"),
// 					Email: to.Ptr("john.doe@contoso.com"),
// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 					OwnerType: to.Ptr(armsecurityinsights.OwnerTypeUser),
// 					UserPrincipalName: to.Ptr("john@contoso.com"),
// 				},
// 				ProviderIncidentID: to.Ptr("3177"),
// 				ProviderName: to.Ptr("Azure Sentinel"),
// 				RelatedAnalyticRuleIDs: []*string{
// 					to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7")},
// 					Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
// 					Status: to.Ptr(armsecurityinsights.IncidentStatusClosed),
// 					Title: to.Ptr("My incident"),
// 				},
// 			}

Output:

func (*IncidentsClient) ListAlerts 

func (client *IncidentsClient) ListAlerts(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListAlertsOptions) (IncidentsClientListAlertsResponse, error)

ListAlerts - Gets all incident alerts. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentsClientListAlertsOptions contains the optional parameters for the IncidentsClient.ListAlerts method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/GetAllIncidentAlerts.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIncidentsClient().ListAlerts(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.IncidentAlertList = armsecurityinsights.IncidentAlertList{
// 	Value: []*armsecurityinsights.SecurityAlert{
// 		{
// 			Name: to.Ptr("baa8a239-6fde-4ab7-a093-d09f7b75c58c"),
// 			Type: to.Ptr("Microsoft.SecurityInsights/Entities"),
// 			ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRG/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/baa8a239-6fde-4ab7-a093-d09f7b75c58c"),
// 			Kind: to.Ptr(armsecurityinsights.EntityKindSecurityAlert),
// 			Properties: &armsecurityinsights.SecurityAlertProperties{
// 				AdditionalData: map[string]any{
// 					"AlertMessageEnqueueTime": "2020-07-20T18:21:57.304Z",
// 				},
// 				FriendlyName: to.Ptr("myAlert"),
// 				AlertDisplayName: to.Ptr("myAlert"),
// 				AlertType: to.Ptr("myAlert"),
// 				ConfidenceLevel: to.Ptr(armsecurityinsights.ConfidenceLevelUnknown),
// 				EndTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.6158361Z"); return t}()),
// 				ProcessingEndTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.6158361Z"); return t}()),
// 				ProductName: to.Ptr("Azure Security Center"),
// 				ResourceIdentifiers: []any{
// 					map[string]any{
// 						"type": "LogAnalytics",
// 						"resourceGroup": "myRG",
// 						"subscriptionId": "bd794837-4d29-4647-9105-6339bfdb4e6a",
// 						"workspaceId": "c8c99641-985d-4e4e-8e91-fb3466cd0e5b",
// 				}},
// 				Severity: to.Ptr(armsecurityinsights.AlertSeverityLow),
// 				StartTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.6158361Z"); return t}()),
// 				Status: to.Ptr(armsecurityinsights.AlertStatusNew),
// 				SystemAlertID: to.Ptr("baa8a239-6fde-4ab7-a093-d09f7b75c58c"),
// 				Tactics: []*armsecurityinsights.AttackTactic{
// 				},
// 				TimeGenerated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-07-20T18:21:53.6158361Z"); return t}()),
// 				VendorName: to.Ptr("Microsoft"),
// 			},
// 	}},
// }

Output:

func (*IncidentsClient) ListBookmarks 

func (client *IncidentsClient) ListBookmarks(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListBookmarksOptions) (IncidentsClientListBookmarksResponse, error)

ListBookmarks - Gets all incident bookmarks. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentsClientListBookmarksOptions contains the optional parameters for the IncidentsClient.ListBookmarks method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/GetAllIncidentBookmarks.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIncidentsClient().ListBookmarks(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.IncidentBookmarkList = armsecurityinsights.IncidentBookmarkList{
// 	Value: []*armsecurityinsights.HuntingBookmark{
// 		{
// 			Name: to.Ptr("afbd324f-6c48-459c-8710-8d1e1cd03812"),
// 			Type: to.Ptr("Microsoft.SecurityInsights/Entities"),
// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/afbd324f-6c48-459c-8710-8d1e1cd03812"),
// 			Kind: to.Ptr(armsecurityinsights.EntityKindBookmark),
// 			Properties: &armsecurityinsights.HuntingBookmarkProperties{
// 				AdditionalData: map[string]any{
// 					"ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"",
// 					"EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812",
// 				},
// 				FriendlyName: to.Ptr("SecurityEvent - 868f40f4698d"),
// 				Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.4265524+00:00"); return t}()),
// 				CreatedBy: &armsecurityinsights.UserInfo{
// 					Name: to.Ptr("user"),
// 					Email: to.Ptr("user@microsoft.com"),
// 					ObjectID: to.Ptr("b03ca914-5eb6-45e5-9417-fe0797c372fd"),
// 				},
// 				DisplayName: to.Ptr("SecurityEvent - 868f40f4698d"),
// 				EventTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.4265524+00:00"); return t}()),
// 				Labels: []*string{
// 				},
// 				Query: to.Ptr("SecurityEvent\r\n| take 1\n"),
// 				QueryResult: to.Ptr("{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}"),
// 				Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.4265524+00:00"); return t}()),
// 				UpdatedBy: &armsecurityinsights.UserInfo{
// 					Name: to.Ptr("user"),
// 					Email: to.Ptr("user@microsoft.com"),
// 					ObjectID: to.Ptr("b03ca914-5eb6-45e5-9417-fe0797c372fd"),
// 				},
// 			},
// 		},
// 		{
// 			Name: to.Ptr("bbbd324f-6c48-459c-8710-8d1e1cd03812"),
// 			Type: to.Ptr("Microsoft.SecurityInsights/Entities"),
// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/bbbd324f-6c48-459c-8710-8d1e1cd03812"),
// 			Kind: to.Ptr(armsecurityinsights.EntityKindBookmark),
// 			Properties: &armsecurityinsights.HuntingBookmarkProperties{
// 				AdditionalData: map[string]any{
// 					"ETag": "\"3b00acab-0000-0d00-0000-5f15e4ed0000\"",
// 					"EntityId": "afbd324f-6c48-459c-8710-8d1e1cd03812",
// 				},
// 				FriendlyName: to.Ptr("SecurityEvent - 868f40f4698d"),
// 				Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.4265524+00:00"); return t}()),
// 				CreatedBy: &armsecurityinsights.UserInfo{
// 					Name: to.Ptr("user"),
// 					Email: to.Ptr("user@microsoft.com"),
// 					ObjectID: to.Ptr("303ca914-5eb6-45e5-9417-fe0797c372fd"),
// 				},
// 				DisplayName: to.Ptr("SecurityEvent - 868f40f4698d"),
// 				EventTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.4265524+00:00"); return t}()),
// 				Labels: []*string{
// 				},
// 				Query: to.Ptr("SecurityEvent\r\n| take 1\n"),
// 				QueryResult: to.Ptr("{\"TimeGenerated\":\"2020-05-24T01:24:25.67Z\",\"Account\":\"\\\\ADMINISTRATOR\",\"AccountType\":\"User\",\"Computer\":\"SecurityEvents\",\"EventSourceName\":\"Microsoft-Windows-Security-Auditing\",\"Channel\":\"Security\",\"Task\":12544,\"Level\":\"16\",\"EventID\":4625,\"Activity\":\"4625 - An account failed to log on.\",\"AuthenticationPackageName\":\"NTLM\",\"FailureReason\":\"%%2313\",\"IpAddress\":\"176.113.115.73\",\"IpPort\":\"0\",\"LmPackageName\":\"-\",\"LogonProcessName\":\"NtLmSsp \",\"LogonType\":3,\"LogonTypeName\":\"3 - Network\",\"Process\":\"-\",\"ProcessId\":\"0x0\",\"__entityMapping\":{\"\\\\ADMINISTRATOR\":\"Account\",\"SecurityEvents\":\"Host\"}}"),
// 				Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-06-17T15:34:01.4265524+00:00"); return t}()),
// 				UpdatedBy: &armsecurityinsights.UserInfo{
// 					Name: to.Ptr("user"),
// 					Email: to.Ptr("user@microsoft.com"),
// 					ObjectID: to.Ptr("b03ca914-5eb6-45e5-9417-fe0797c372fd"),
// 				},
// 			},
// 	}},
// }

Output:

func (*IncidentsClient) ListEntities 

func (client *IncidentsClient) ListEntities(ctx context.Context, resourceGroupName string, workspaceName string, incidentID string, options *IncidentsClientListEntitiesOptions) (IncidentsClientListEntitiesResponse, error)

ListEntities - Gets all incident related entities. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • incidentID - Incident ID
  • options - IncidentsClientListEntitiesOptions contains the optional parameters for the IncidentsClient.ListEntities method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/entities/GetAllIncidentEntities.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewIncidentsClient().ListEntities(ctx, "myRg", "myWorkspace", "afbd324f-6c48-459c-8710-8d1e1cd03812", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.IncidentEntitiesResponse = armsecurityinsights.IncidentEntitiesResponse{
// 	Entities: []armsecurityinsights.EntityClassification{
// 		&armsecurityinsights.AccountEntity{
// 			Name: to.Ptr("e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 			Type: to.Ptr("Microsoft.SecurityInsights/Entities"),
// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Entities/e1d3d618-e11f-478b-98e3-bb381539a8e1"),
// 			Kind: to.Ptr(armsecurityinsights.EntityKindAccount),
// 			Properties: &armsecurityinsights.AccountEntityProperties{
// 				FriendlyName: to.Ptr("administrator"),
// 				AccountName: to.Ptr("administrator"),
// 				NtDomain: to.Ptr("domain"),
// 			},
// 	}},
// 	MetaData: []*armsecurityinsights.IncidentEntitiesResultsMetadata{
// 		{
// 			Count: to.Ptr[int32](1),
// 			EntityKind: to.Ptr(armsecurityinsights.EntityKindAccount),
// 	}},
// }

Output:

func (*IncidentsClient) NewListPager 

func (client *IncidentsClient) NewListPager(resourceGroupName string, workspaceName string, options *IncidentsClientListOptions) *runtime.Pager[IncidentsClientListResponse]

NewListPager - Gets all incidents.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - IncidentsClientListOptions contains the optional parameters for the IncidentsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/incidents/GetIncidents.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewIncidentsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.IncidentsClientListOptions{Filter: nil,
	Orderby:   to.Ptr("properties/createdTimeUtc desc"),
	Top:       to.Ptr[int32](1),
	SkipToken: nil,
})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.IncidentList = armsecurityinsights.IncidentList{
	// 	Value: []*armsecurityinsights.Incident{
	// 		{
	// 			Name: to.Ptr("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/incidents"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Properties: &armsecurityinsights.IncidentProperties{
	// 				Description: to.Ptr("This is a demo incident"),
	// 				AdditionalData: &armsecurityinsights.IncidentAdditionalData{
	// 					AlertProductNames: []*string{
	// 					},
	// 					AlertsCount: to.Ptr[int32](0),
	// 					BookmarksCount: to.Ptr[int32](0),
	// 					CommentsCount: to.Ptr[int32](3),
	// 					ProviderIncidentURL: to.Ptr("https://security.microsoft.com/incidents/3177?tid=5b5a146c-eba8-46af-96f8-e31b50d15a3f"),
	// 					Tactics: []*armsecurityinsights.AttackTactic{
	// 						to.Ptr(armsecurityinsights.AttackTacticPersistence)},
	// 						Techniques: []*string{
	// 							to.Ptr("T1053")},
	// 						},
	// 						Classification: to.Ptr(armsecurityinsights.IncidentClassificationFalsePositive),
	// 						ClassificationComment: to.Ptr("Not a malicious activity"),
	// 						ClassificationReason: to.Ptr(armsecurityinsights.IncidentClassificationReasonIncorrectAlertLogic),
	// 						CreatedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
	// 						FirstActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:00:30Z"); return t}()),
	// 						IncidentNumber: to.Ptr[int32](3177),
	// 						IncidentURL: to.Ptr("https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
	// 						Labels: []*armsecurityinsights.IncidentLabel{
	// 						},
	// 						LastActivityTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:05:30Z"); return t}()),
	// 						LastModifiedTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-01-01T13:15:30Z"); return t}()),
	// 						Owner: &armsecurityinsights.IncidentOwnerInfo{
	// 							AssignedTo: to.Ptr("john doe"),
	// 							Email: to.Ptr("john.doe@contoso.com"),
	// 							ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 							OwnerType: to.Ptr(armsecurityinsights.OwnerTypeUser),
	// 							UserPrincipalName: to.Ptr("john@contoso.com"),
	// 						},
	// 						ProviderIncidentID: to.Ptr("3177"),
	// 						ProviderName: to.Ptr("Azure Sentinel"),
	// 						RelatedAnalyticRuleIDs: []*string{
	// 							to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
	// 							to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")},
	// 							Severity: to.Ptr(armsecurityinsights.IncidentSeverityHigh),
	// 							Status: to.Ptr(armsecurityinsights.IncidentStatusClosed),
	// 							Title: to.Ptr("My incident"),
	// 						},
	// 				}},
	// 			}
}

Output:

func (*IncidentsClient) RunPlaybook 

func (client *IncidentsClient) RunPlaybook(ctx context.Context, resourceGroupName string, workspaceName string, incidentIdentifier string, options *IncidentsClientRunPlaybookOptions) (IncidentsClientRunPlaybookResponse, error)

RunPlaybook - Triggers playbook on a specific incident If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - IncidentsClientRunPlaybookOptions contains the optional parameters for the IncidentsClient.RunPlaybook method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/manualTrigger/Incidents_RunPlaybook.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewIncidentsClient().RunPlaybook(ctx, "myRg", "myWorkspace", "73e01a99-5cd7-4139-a149-9f2736ff2ar4", &armsecurityinsights.IncidentsClientRunPlaybookOptions{RequestBody: nil})
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

type IncidentsClientCreateOrUpdateOptions 

type IncidentsClientCreateOrUpdateOptions struct {
}

IncidentsClientCreateOrUpdateOptions contains the optional parameters for the IncidentsClient.CreateOrUpdate method.

type IncidentsClientCreateOrUpdateResponse 

type IncidentsClientCreateOrUpdateResponse struct {
	Incident
}

IncidentsClientCreateOrUpdateResponse contains the response from method IncidentsClient.CreateOrUpdate.

type IncidentsClientCreateTeamOptions 

type IncidentsClientCreateTeamOptions struct {
}

IncidentsClientCreateTeamOptions contains the optional parameters for the IncidentsClient.CreateTeam method.

type IncidentsClientCreateTeamResponse 

type IncidentsClientCreateTeamResponse struct {
	TeamInformation
}

IncidentsClientCreateTeamResponse contains the response from method IncidentsClient.CreateTeam.

type IncidentsClientDeleteOptions 

type IncidentsClientDeleteOptions struct {
}

IncidentsClientDeleteOptions contains the optional parameters for the IncidentsClient.Delete method.

type IncidentsClientDeleteResponse 

type IncidentsClientDeleteResponse struct {
}

IncidentsClientDeleteResponse contains the response from method IncidentsClient.Delete.

type IncidentsClientGetOptions 

type IncidentsClientGetOptions struct {
}

IncidentsClientGetOptions contains the optional parameters for the IncidentsClient.Get method.

type IncidentsClientGetResponse 

type IncidentsClientGetResponse struct {
	Incident
}

IncidentsClientGetResponse contains the response from method IncidentsClient.Get.

type IncidentsClientListAlertsOptions 

type IncidentsClientListAlertsOptions struct {
}

IncidentsClientListAlertsOptions contains the optional parameters for the IncidentsClient.ListAlerts method.

type IncidentsClientListAlertsResponse 

type IncidentsClientListAlertsResponse struct {
	IncidentAlertList
}

IncidentsClientListAlertsResponse contains the response from method IncidentsClient.ListAlerts.

type IncidentsClientListBookmarksOptions 

type IncidentsClientListBookmarksOptions struct {
}

IncidentsClientListBookmarksOptions contains the optional parameters for the IncidentsClient.ListBookmarks method.

type IncidentsClientListBookmarksResponse 

type IncidentsClientListBookmarksResponse struct {
	IncidentBookmarkList
}

IncidentsClientListBookmarksResponse contains the response from method IncidentsClient.ListBookmarks.

type IncidentsClientListEntitiesOptions 

type IncidentsClientListEntitiesOptions struct {
}

IncidentsClientListEntitiesOptions contains the optional parameters for the IncidentsClient.ListEntities method.

type IncidentsClientListEntitiesResponse 

type IncidentsClientListEntitiesResponse struct {
	IncidentEntitiesResponse
}

IncidentsClientListEntitiesResponse contains the response from method IncidentsClient.ListEntities.

type IncidentsClientListOptions 

type IncidentsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

IncidentsClientListOptions contains the optional parameters for the IncidentsClient.NewListPager method.

type IncidentsClientListResponse 

type IncidentsClientListResponse struct {
	IncidentList
}

IncidentsClientListResponse contains the response from method IncidentsClient.NewListPager.

type IncidentsClientRunPlaybookOptions 

type IncidentsClientRunPlaybookOptions struct {
	RequestBody *ManualTriggerRequestBody
}

IncidentsClientRunPlaybookOptions contains the optional parameters for the IncidentsClient.RunPlaybook method.

type IncidentsClientRunPlaybookResponse 

type IncidentsClientRunPlaybookResponse struct {
	// Anything
	Interface any
}

IncidentsClientRunPlaybookResponse contains the response from method IncidentsClient.RunPlaybook.

type IngestionMode 

type IngestionMode string

IngestionMode - Describes how to ingest the records in the file. 

const (
	// IngestionModeIngestAnyValidRecords - Valid records should still be ingested when invalid records are detected.
	IngestionModeIngestAnyValidRecords IngestionMode = "IngestAnyValidRecords"
	// IngestionModeIngestOnlyIfAllAreValid - No records should be ingested when invalid records are detected.
	IngestionModeIngestOnlyIfAllAreValid IngestionMode = "IngestOnlyIfAllAreValid"
	// IngestionModeUnspecified - Unspecified
	IngestionModeUnspecified IngestionMode = "Unspecified"
)

func PossibleIngestionModeValues 

func PossibleIngestionModeValues() []IngestionMode

PossibleIngestionModeValues returns the possible values for the IngestionMode const type.

type InsightQueryItem 

type InsightQueryItem struct {
	// REQUIRED; The kind of the entity query
	Kind *EntityQueryKind `json:"kind,omitempty"`

	// Query Template ARM Name
	Name *string `json:"name,omitempty"`

	// Properties bag for InsightQueryItem
	Properties *InsightQueryItemProperties `json:"properties,omitempty"`

	// ARM Type
	Type *string `json:"type,omitempty"`

	// READ-ONLY; Query Template ARM ID
	ID *string `json:"id,omitempty" azure:"ro"`
}

InsightQueryItem - Represents Insight Query.

func (*InsightQueryItem) GetEntityQueryItem 

func (i *InsightQueryItem) GetEntityQueryItem() *EntityQueryItem

GetEntityQueryItem implements the EntityQueryItemClassification interface for type InsightQueryItem.

func (InsightQueryItem) MarshalJSON 

func (i InsightQueryItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItem.

func (*InsightQueryItem) UnmarshalJSON 

func (i *InsightQueryItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItem.

type InsightQueryItemProperties 

type InsightQueryItemProperties struct {
	// The activity query definitions.
	AdditionalQuery *InsightQueryItemPropertiesAdditionalQuery `json:"additionalQuery,omitempty"`

	// The base query of the insight.
	BaseQuery *string `json:"baseQuery,omitempty"`

	// The insight chart query.
	ChartQuery any `json:"chartQuery,omitempty"`

	// Data types for template
	DataTypes []*EntityQueryItemPropertiesDataTypesItem `json:"dataTypes,omitempty"`

	// The insight chart query.
	DefaultTimeRange *InsightQueryItemPropertiesDefaultTimeRange `json:"defaultTimeRange,omitempty"`

	// The insight description.
	Description *string `json:"description,omitempty"`

	// The insight display name.
	DisplayName *string `json:"displayName,omitempty"`

	// The query applied only to entities matching to all filters
	EntitiesFilter any `json:"entitiesFilter,omitempty"`

	// The type of the entity
	InputEntityType *EntityType `json:"inputEntityType,omitempty"`

	// The insight chart query.
	ReferenceTimeRange *InsightQueryItemPropertiesReferenceTimeRange `json:"referenceTimeRange,omitempty"`

	// Data types for template
	RequiredInputFieldsSets [][]*string `json:"requiredInputFieldsSets,omitempty"`

	// The insight table query.
	TableQuery *InsightQueryItemPropertiesTableQuery `json:"tableQuery,omitempty"`
}

InsightQueryItemProperties - Represents Insight Query.

func (InsightQueryItemProperties) MarshalJSON 

func (i InsightQueryItemProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemProperties.

func (*InsightQueryItemProperties) UnmarshalJSON 

func (i *InsightQueryItemProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemProperties.

type InsightQueryItemPropertiesAdditionalQuery 

type InsightQueryItemPropertiesAdditionalQuery struct {
	// The insight query.
	Query *string `json:"query,omitempty"`

	// The insight text.
	Text *string `json:"text,omitempty"`
}

InsightQueryItemPropertiesAdditionalQuery - The activity query definitions.

func (InsightQueryItemPropertiesAdditionalQuery) MarshalJSON 

func (i InsightQueryItemPropertiesAdditionalQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesAdditionalQuery.

func (*InsightQueryItemPropertiesAdditionalQuery) UnmarshalJSON 

func (i *InsightQueryItemPropertiesAdditionalQuery) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesAdditionalQuery.

type InsightQueryItemPropertiesDefaultTimeRange 

type InsightQueryItemPropertiesDefaultTimeRange struct {
	// The padding for the end time of the query.
	AfterRange *string `json:"afterRange,omitempty"`

	// The padding for the start time of the query.
	BeforeRange *string `json:"beforeRange,omitempty"`
}

InsightQueryItemPropertiesDefaultTimeRange - The insight chart query.

func (InsightQueryItemPropertiesDefaultTimeRange) MarshalJSON 

func (i InsightQueryItemPropertiesDefaultTimeRange) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesDefaultTimeRange.

func (*InsightQueryItemPropertiesDefaultTimeRange) UnmarshalJSON 

func (i *InsightQueryItemPropertiesDefaultTimeRange) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesDefaultTimeRange.

type InsightQueryItemPropertiesReferenceTimeRange 

type InsightQueryItemPropertiesReferenceTimeRange struct {
	// Additional query time for looking back.
	BeforeRange *string `json:"beforeRange,omitempty"`
}

InsightQueryItemPropertiesReferenceTimeRange - The insight chart query.

func (InsightQueryItemPropertiesReferenceTimeRange) MarshalJSON 

func (i InsightQueryItemPropertiesReferenceTimeRange) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesReferenceTimeRange.

func (*InsightQueryItemPropertiesReferenceTimeRange) UnmarshalJSON 

func (i *InsightQueryItemPropertiesReferenceTimeRange) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesReferenceTimeRange.

type InsightQueryItemPropertiesTableQuery 

type InsightQueryItemPropertiesTableQuery struct {
	// List of insight column definitions.
	ColumnsDefinitions []*InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem `json:"columnsDefinitions,omitempty"`

	// List of insight queries definitions.
	QueriesDefinitions []*InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem `json:"queriesDefinitions,omitempty"`
}

InsightQueryItemPropertiesTableQuery - The insight table query.

func (InsightQueryItemPropertiesTableQuery) MarshalJSON 

func (i InsightQueryItemPropertiesTableQuery) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQuery.

func (*InsightQueryItemPropertiesTableQuery) UnmarshalJSON 

func (i *InsightQueryItemPropertiesTableQuery) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesTableQuery.

type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem 

type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem struct {
	// Insight column header.
	Header *string `json:"header,omitempty"`

	// Insights Column type.
	OutputType *OutputType `json:"outputType,omitempty"`

	// Is query supports deep-link.
	SupportDeepLink *bool `json:"supportDeepLink,omitempty"`
}

func (InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem) MarshalJSON 

func (i InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem.

func (*InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem) UnmarshalJSON 

func (i *InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem.

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem 

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem struct {
	// Insight column header.
	Filter *string `json:"filter,omitempty"`

	// Insight column header.
	LinkColumnsDefinitions []*InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem `json:"linkColumnsDefinitions,omitempty"`

	// Insight column header.
	Project *string `json:"project,omitempty"`

	// Insight column header.
	Summarize *string `json:"summarize,omitempty"`
}

func (InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem) MarshalJSON 

func (i InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem.

func (*InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem) UnmarshalJSON 

func (i *InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem.

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem 

type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem struct {
	// Insight Link Definition Projected Name.
	ProjectedName *string `json:"projectedName,omitempty"`

	// Insight Link Definition Query.
	Query *string `json:"Query,omitempty"`
}

func (InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem) MarshalJSON 

func (i InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem.

func (*InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem) UnmarshalJSON 

func (i *InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem.

type InsightsTableResult 

type InsightsTableResult struct {
	// Columns Metadata of the table
	Columns []*InsightsTableResultColumnsItem `json:"columns,omitempty"`

	// Rows data of the table
	Rows [][]*string `json:"rows,omitempty"`
}

InsightsTableResult - Query results for table insights query.

func (InsightsTableResult) MarshalJSON 

func (i InsightsTableResult) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightsTableResult.

func (*InsightsTableResult) UnmarshalJSON 

func (i *InsightsTableResult) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightsTableResult.

type InsightsTableResultColumnsItem 

type InsightsTableResultColumnsItem struct {
	// the name of the colum
	Name *string `json:"name,omitempty"`

	// the type of the colum
	Type *string `json:"type,omitempty"`
}

func (InsightsTableResultColumnsItem) MarshalJSON 

func (i InsightsTableResultColumnsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InsightsTableResultColumnsItem.

func (*InsightsTableResultColumnsItem) UnmarshalJSON 

func (i *InsightsTableResultColumnsItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InsightsTableResultColumnsItem.

type InstructionStepsInstructionsItem 

type InstructionStepsInstructionsItem struct {
	// REQUIRED; The kind of the setting
	Type *SettingType `json:"type,omitempty"`

	// The parameters for the setting
	Parameters any `json:"parameters,omitempty"`
}

func (InstructionStepsInstructionsItem) MarshalJSON 

func (i InstructionStepsInstructionsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type InstructionStepsInstructionsItem.

func (*InstructionStepsInstructionsItem) UnmarshalJSON 

func (i *InstructionStepsInstructionsItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type InstructionStepsInstructionsItem.

type IoTCheckRequirements 

type IoTCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// IoT requirements check properties.
	Properties *IoTCheckRequirementsProperties `json:"properties,omitempty"`
}

IoTCheckRequirements - Represents IoT requirements check request.

func (*IoTCheckRequirements) GetDataConnectorsCheckRequirements 

func (i *IoTCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type IoTCheckRequirements.

func (IoTCheckRequirements) MarshalJSON 

func (i IoTCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IoTCheckRequirements.

func (*IoTCheckRequirements) UnmarshalJSON 

func (i *IoTCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IoTCheckRequirements.

type IoTCheckRequirementsProperties 

type IoTCheckRequirementsProperties struct {
	// The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
}

IoTCheckRequirementsProperties - IoT requirements check properties.

func (IoTCheckRequirementsProperties) MarshalJSON 

func (i IoTCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IoTCheckRequirementsProperties.

func (*IoTCheckRequirementsProperties) UnmarshalJSON 

func (i *IoTCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IoTCheckRequirementsProperties.

type IoTDataConnector 

type IoTDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// IoT data connector properties.
	Properties *IoTDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

IoTDataConnector - Represents IoT data connector.

func (*IoTDataConnector) GetDataConnector 

func (i *IoTDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type IoTDataConnector.

func (IoTDataConnector) MarshalJSON 

func (i IoTDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IoTDataConnector.

func (*IoTDataConnector) UnmarshalJSON 

func (i *IoTDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IoTDataConnector.

type IoTDataConnectorProperties 

type IoTDataConnectorProperties struct {
	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`

	// The subscription id to connect to, and get the data from.
	SubscriptionID *string `json:"subscriptionId,omitempty"`
}

IoTDataConnectorProperties - IoT data connector properties.

func (IoTDataConnectorProperties) MarshalJSON 

func (i IoTDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IoTDataConnectorProperties.

func (*IoTDataConnectorProperties) UnmarshalJSON 

func (i *IoTDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IoTDataConnectorProperties.

type IoTDeviceEntity 

type IoTDeviceEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// IoTDevice entity properties
	Properties *IoTDeviceEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

IoTDeviceEntity - Represents an IoT device entity.

func (*IoTDeviceEntity) GetEntity 

func (i *IoTDeviceEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type IoTDeviceEntity.

func (IoTDeviceEntity) MarshalJSON 

func (i IoTDeviceEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntity.

func (*IoTDeviceEntity) UnmarshalJSON 

func (i *IoTDeviceEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntity.

type IoTDeviceEntityProperties 

type IoTDeviceEntityProperties struct {
	// Device importance, determines if the device classified as 'crown jewel'
	Importance *DeviceImportance `json:"importance,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The ID of the IoT Device in the IoT Hub
	DeviceID *string `json:"deviceId,omitempty" azure:"ro"`

	// READ-ONLY; The friendly name of the device
	DeviceName *string `json:"deviceName,omitempty" azure:"ro"`

	// READ-ONLY; The subType of the device ('PLC', 'HMI', 'EWS', etc.)
	DeviceSubType *string `json:"deviceSubType,omitempty" azure:"ro"`

	// READ-ONLY; The type of the device
	DeviceType *string `json:"deviceType,omitempty" azure:"ro"`

	// READ-ONLY; The ID of the edge device
	EdgeID *string `json:"edgeId,omitempty" azure:"ro"`

	// READ-ONLY; The firmware version of the device
	FirmwareVersion *string `json:"firmwareVersion,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The Host entity id of this device
	HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The IP entity if of this device
	IPAddressEntityID *string `json:"ipAddressEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The AzureResource entity id of the IoT Hub
	IotHubEntityID *string `json:"iotHubEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The ID of the security agent running on the device
	IotSecurityAgentID *string `json:"iotSecurityAgentId,omitempty" azure:"ro"`

	// READ-ONLY; Determines whether the device classified as authorized device
	IsAuthorized *bool `json:"isAuthorized,omitempty" azure:"ro"`

	// READ-ONLY; Determines whether the device classified as programming device
	IsProgramming *bool `json:"isProgramming,omitempty" azure:"ro"`

	// READ-ONLY; Is the device classified as a scanner device
	IsScanner *bool `json:"isScanner,omitempty" azure:"ro"`

	// READ-ONLY; The MAC address of the device
	MacAddress *string `json:"macAddress,omitempty" azure:"ro"`

	// READ-ONLY; The model of the device
	Model *string `json:"model,omitempty" azure:"ro"`

	// READ-ONLY; A list of Nic entity ids of the IoTDevice entity.
	NicEntityIDs []*string `json:"nicEntityIds,omitempty" azure:"ro"`

	// READ-ONLY; The operating system of the device
	OperatingSystem *string `json:"operatingSystem,omitempty" azure:"ro"`

	// READ-ONLY; A list of owners of the IoTDevice entity.
	Owners []*string `json:"owners,omitempty" azure:"ro"`

	// READ-ONLY; A list of protocols of the IoTDevice entity.
	Protocols []*string `json:"protocols,omitempty" azure:"ro"`

	// READ-ONLY; The Purdue Layer of the device
	PurdueLayer *string `json:"purdueLayer,omitempty" azure:"ro"`

	// READ-ONLY; The sensor the device is monitored by
	Sensor *string `json:"sensor,omitempty" azure:"ro"`

	// READ-ONLY; The serial number of the device
	SerialNumber *string `json:"serialNumber,omitempty" azure:"ro"`

	// READ-ONLY; The site of the device
	Site *string `json:"site,omitempty" azure:"ro"`

	// READ-ONLY; The source of the device
	Source *string `json:"source,omitempty" azure:"ro"`

	// READ-ONLY; A list of TI contexts attached to the IoTDevice entity.
	ThreatIntelligence []*ThreatIntelligence `json:"threatIntelligence,omitempty" azure:"ro"`

	// READ-ONLY; The vendor of the device
	Vendor *string `json:"vendor,omitempty" azure:"ro"`

	// READ-ONLY; The zone location of the device within a site
	Zone *string `json:"zone,omitempty" azure:"ro"`
}

IoTDeviceEntityProperties - IoTDevice entity property bag.

func (IoTDeviceEntityProperties) MarshalJSON 

func (i IoTDeviceEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type IoTDeviceEntityProperties.

func (*IoTDeviceEntityProperties) UnmarshalJSON 

func (i *IoTDeviceEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type IoTDeviceEntityProperties.

type KillChainIntent 

type KillChainIntent string

KillChainIntent - Holds the alert intent stage(s) mapping for this alert. 

const (
	// KillChainIntentCollection - Collection consists of techniques used to identify and gather information, such as sensitive
	// files, from a target network prior to exfiltration. This category also covers locations on a system or network where the
	// adversary may look for information to exfiltrate.
	KillChainIntentCollection KillChainIntent = "Collection"
	// KillChainIntentCommandAndControl - The command and control tactic represents how adversaries communicate with systems under
	// their control within a target network.
	KillChainIntentCommandAndControl KillChainIntent = "CommandAndControl"
	// KillChainIntentCredentialAccess - Credential access represents techniques resulting in access to or control over system,
	// domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain
	// legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator
	// access) to use within the network. With sufficient access within a network, an adversary can create accounts for later
	// use within the environment.
	KillChainIntentCredentialAccess KillChainIntent = "CredentialAccess"
	// KillChainIntentDefenseEvasion - Defense evasion consists of techniques an adversary may use to evade detection or avoid
	// other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added
	// benefit of subverting a particular defense or mitigation.
	KillChainIntentDefenseEvasion KillChainIntent = "DefenseEvasion"
	// KillChainIntentDiscovery - Discovery consists of techniques that allow the adversary to gain knowledge about the system
	// and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control
	// of and what benefits operating from that system give to their current objective or overall goals during the intrusion.
	// The operating system provides many native tools that aid in this post-compromise information-gathering phase.
	KillChainIntentDiscovery KillChainIntent = "Discovery"
	// KillChainIntentExecution - The execution tactic represents techniques that result in execution of adversary-controlled
	// code on a local or remote system. This tactic is often used in conjunction with lateral movement to expand access to remote
	// systems on a network.
	KillChainIntentExecution KillChainIntent = "Execution"
	// KillChainIntentExfiltration - Exfiltration refers to techniques and attributes that result or aid in the adversary removing
	// files and information from a target network. This category also covers locations on a system or network where the adversary
	// may look for information to exfiltrate.
	KillChainIntentExfiltration KillChainIntent = "Exfiltration"
	// KillChainIntentExploitation - Exploitation is the stage where an attacker manage to get foothold on the attacked resource.
	// This stage is applicable not only for compute hosts, but also for resources such as user accounts, certificates etc. Adversaries
	// will often be able to control the resource after this stage.
	KillChainIntentExploitation KillChainIntent = "Exploitation"
	// KillChainIntentImpact - The impact intent primary objective is to directly reduce the availability or integrity of a system,
	// service, or network; including manipulation of data to impact a business or operational process. This would often refer
	// to techniques such as ransom-ware, defacement, data manipulation and others.
	KillChainIntentImpact KillChainIntent = "Impact"
	// KillChainIntentLateralMovement - Lateral movement consists of techniques that enable an adversary to access and control
	// remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. The lateral
	// movement techniques could allow an adversary to gather information from a system without needing additional tools, such
	// as a remote access tool. An adversary can use lateral movement for many purposes, including remote Execution of tools,
	// pivoting to additional systems, access to specific information or files, access to additional credentials, or to cause
	// an effect.
	KillChainIntentLateralMovement KillChainIntent = "LateralMovement"
	// KillChainIntentPersistence - Persistence is any access, action, or configuration change to a system that gives an adversary
	// a persistent presence on that system. Adversaries will often need to maintain access to systems through interruptions such
	// as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or alternate
	// backdoor for them to regain access.
	KillChainIntentPersistence KillChainIntent = "Persistence"
	// KillChainIntentPrivilegeEscalation - Privilege escalation is the result of actions that allow an adversary to obtain a
	// higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work
	// and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems
	// or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation
	// of privilege.
	KillChainIntentPrivilegeEscalation KillChainIntent = "PrivilegeEscalation"
	// KillChainIntentProbing - Probing could be an attempt to access a certain resource regardless of a malicious intent or a
	// failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected
	// as an attempt originating from outside the network in attempt to scan the target system and find a way in.
	KillChainIntentProbing KillChainIntent = "Probing"
	// KillChainIntentUnknown - The default value.
	KillChainIntentUnknown KillChainIntent = "Unknown"
)

func PossibleKillChainIntentValues 

func PossibleKillChainIntentValues() []KillChainIntent

PossibleKillChainIntentValues returns the possible values for the KillChainIntent const type.

type Kind 

type Kind string

Kind - The kind of content the metadata is for. 

const (
	KindAnalyticsRule            Kind = "AnalyticsRule"
	KindAnalyticsRuleTemplate    Kind = "AnalyticsRuleTemplate"
	KindAutomationRule           Kind = "AutomationRule"
	KindAzureFunction            Kind = "AzureFunction"
	KindDataConnector            Kind = "DataConnector"
	KindDataType                 Kind = "DataType"
	KindHuntingQuery             Kind = "HuntingQuery"
	KindInvestigationQuery       Kind = "InvestigationQuery"
	KindLogicAppsCustomConnector Kind = "LogicAppsCustomConnector"
	KindParser                   Kind = "Parser"
	KindPlaybook                 Kind = "Playbook"
	KindPlaybookTemplate         Kind = "PlaybookTemplate"
	KindSolution                 Kind = "Solution"
	KindWatchlist                Kind = "Watchlist"
	KindWatchlistTemplate        Kind = "WatchlistTemplate"
	KindWorkbook                 Kind = "Workbook"
	KindWorkbookTemplate         Kind = "WorkbookTemplate"
)

func PossibleKindValues 

func PossibleKindValues() []Kind

PossibleKindValues returns the possible values for the Kind const type.

type MCASCheckRequirements 

type MCASCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// MCAS (Microsoft Cloud App Security) requirements check properties.
	Properties *MCASCheckRequirementsProperties `json:"properties,omitempty"`
}

MCASCheckRequirements - Represents MCAS (Microsoft Cloud App Security) requirements check request.

func (*MCASCheckRequirements) GetDataConnectorsCheckRequirements 

func (m *MCASCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MCASCheckRequirements.

func (MCASCheckRequirements) MarshalJSON 

func (m MCASCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MCASCheckRequirements.

func (*MCASCheckRequirements) UnmarshalJSON 

func (m *MCASCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MCASCheckRequirements.

type MCASCheckRequirementsProperties 

type MCASCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASCheckRequirementsProperties - MCAS (Microsoft Cloud App Security) requirements check properties.

func (MCASCheckRequirementsProperties) MarshalJSON 

func (m MCASCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MCASCheckRequirementsProperties.

func (*MCASCheckRequirementsProperties) UnmarshalJSON 

func (m *MCASCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MCASCheckRequirementsProperties.

type MCASDataConnector 

type MCASDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// MCAS (Microsoft Cloud App Security) data connector properties.
	Properties *MCASDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MCASDataConnector - Represents MCAS (Microsoft Cloud App Security) data connector.

func (*MCASDataConnector) GetDataConnector 

func (m *MCASDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type MCASDataConnector.

func (MCASDataConnector) MarshalJSON 

func (m MCASDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MCASDataConnector.

func (*MCASDataConnector) UnmarshalJSON 

func (m *MCASDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnector.

type MCASDataConnectorDataTypes 

type MCASDataConnectorDataTypes struct {
	// REQUIRED; Alerts data type connection.
	Alerts *DataConnectorDataTypeCommon `json:"alerts,omitempty"`

	// Discovery log data type connection.
	DiscoveryLogs *DataConnectorDataTypeCommon `json:"discoveryLogs,omitempty"`
}

MCASDataConnectorDataTypes - The available data types for MCAS (Microsoft Cloud App Security) data connector.

func (MCASDataConnectorDataTypes) MarshalJSON 

func (m MCASDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MCASDataConnectorDataTypes.

func (*MCASDataConnectorDataTypes) UnmarshalJSON 

func (m *MCASDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnectorDataTypes.

type MCASDataConnectorProperties 

type MCASDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *MCASDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MCASDataConnectorProperties - MCAS (Microsoft Cloud App Security) data connector properties.

func (MCASDataConnectorProperties) MarshalJSON 

func (m MCASDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MCASDataConnectorProperties.

func (*MCASDataConnectorProperties) UnmarshalJSON 

func (m *MCASDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MCASDataConnectorProperties.

type MDATPCheckRequirements 

type MDATPCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.
	Properties *MDATPCheckRequirementsProperties `json:"properties,omitempty"`
}

MDATPCheckRequirements - Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request.

func (*MDATPCheckRequirements) GetDataConnectorsCheckRequirements 

func (m *MDATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MDATPCheckRequirements.

func (MDATPCheckRequirements) MarshalJSON 

func (m MDATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MDATPCheckRequirements.

func (*MDATPCheckRequirements) UnmarshalJSON 

func (m *MDATPCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MDATPCheckRequirements.

type MDATPCheckRequirementsProperties 

type MDATPCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MDATPCheckRequirementsProperties - MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties.

func (MDATPCheckRequirementsProperties) MarshalJSON 

func (m MDATPCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MDATPCheckRequirementsProperties.

func (*MDATPCheckRequirementsProperties) UnmarshalJSON 

func (m *MDATPCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MDATPCheckRequirementsProperties.

type MDATPDataConnector 

type MDATPDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.
	Properties *MDATPDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MDATPDataConnector - Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector.

func (*MDATPDataConnector) GetDataConnector 

func (m *MDATPDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type MDATPDataConnector.

func (MDATPDataConnector) MarshalJSON 

func (m MDATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MDATPDataConnector.

func (*MDATPDataConnector) UnmarshalJSON 

func (m *MDATPDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnector.

type MDATPDataConnectorProperties 

type MDATPDataConnectorProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

MDATPDataConnectorProperties - MDATP (Microsoft Defender Advanced Threat Protection) data connector properties.

func (MDATPDataConnectorProperties) MarshalJSON 

func (m MDATPDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MDATPDataConnectorProperties.

func (*MDATPDataConnectorProperties) UnmarshalJSON 

func (m *MDATPDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MDATPDataConnectorProperties.

type MLBehaviorAnalyticsAlertRule 

type MLBehaviorAnalyticsAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// MLBehaviorAnalytics alert rule properties
	Properties *MLBehaviorAnalyticsAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MLBehaviorAnalyticsAlertRule - Represents MLBehaviorAnalytics alert rule.

func (*MLBehaviorAnalyticsAlertRule) GetAlertRule 

func (m *MLBehaviorAnalyticsAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type MLBehaviorAnalyticsAlertRule.

func (MLBehaviorAnalyticsAlertRule) MarshalJSON 

func (m MLBehaviorAnalyticsAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRule.

func (*MLBehaviorAnalyticsAlertRule) UnmarshalJSON 

func (m *MLBehaviorAnalyticsAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRule.

type MLBehaviorAnalyticsAlertRuleProperties 

type MLBehaviorAnalyticsAlertRuleProperties struct {
	// REQUIRED; The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty" azure:"ro"`

	// READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`

	// READ-ONLY; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"`

	// READ-ONLY; The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"`

	// READ-ONLY; The techniques of the alert rule
	Techniques []*string `json:"techniques,omitempty" azure:"ro"`
}

MLBehaviorAnalyticsAlertRuleProperties - MLBehaviorAnalytics alert rule base property bag.

func (MLBehaviorAnalyticsAlertRuleProperties) MarshalJSON 

func (m MLBehaviorAnalyticsAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleProperties.

func (*MLBehaviorAnalyticsAlertRuleProperties) UnmarshalJSON 

func (m *MLBehaviorAnalyticsAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleProperties.

type MLBehaviorAnalyticsAlertRuleTemplate 

type MLBehaviorAnalyticsAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// MLBehaviorAnalytics alert rule template properties.
	Properties *MLBehaviorAnalyticsAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MLBehaviorAnalyticsAlertRuleTemplate - Represents MLBehaviorAnalytics alert rule template.

func (*MLBehaviorAnalyticsAlertRuleTemplate) GetAlertRuleTemplate 

func (m *MLBehaviorAnalyticsAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MLBehaviorAnalyticsAlertRuleTemplate.

func (MLBehaviorAnalyticsAlertRuleTemplate) MarshalJSON 

func (m MLBehaviorAnalyticsAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleTemplate.

func (*MLBehaviorAnalyticsAlertRuleTemplate) UnmarshalJSON 

func (m *MLBehaviorAnalyticsAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleTemplate.

type MLBehaviorAnalyticsAlertRuleTemplateProperties 

type MLBehaviorAnalyticsAlertRuleTemplateProperties struct {
	// REQUIRED; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The techniques of the alert rule
	Techniques []*string `json:"techniques,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

MLBehaviorAnalyticsAlertRuleTemplateProperties - MLBehaviorAnalytics alert rule template properties.

func (MLBehaviorAnalyticsAlertRuleTemplateProperties) MarshalJSON 

func (m MLBehaviorAnalyticsAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MLBehaviorAnalyticsAlertRuleTemplateProperties.

func (*MLBehaviorAnalyticsAlertRuleTemplateProperties) UnmarshalJSON 

func (m *MLBehaviorAnalyticsAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MLBehaviorAnalyticsAlertRuleTemplateProperties.

type MSTICheckRequirements 

type MSTICheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Microsoft Threat Intelligence requirements check properties.
	Properties *MSTICheckRequirementsProperties `json:"properties,omitempty"`
}

MSTICheckRequirements - Represents Microsoft Threat Intelligence requirements check request.

func (*MSTICheckRequirements) GetDataConnectorsCheckRequirements 

func (m *MSTICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MSTICheckRequirements.

func (MSTICheckRequirements) MarshalJSON 

func (m MSTICheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MSTICheckRequirements.

func (*MSTICheckRequirements) UnmarshalJSON 

func (m *MSTICheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MSTICheckRequirements.

type MSTICheckRequirementsProperties 

type MSTICheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MSTICheckRequirementsProperties - Microsoft Threat Intelligence requirements check properties.

func (MSTICheckRequirementsProperties) MarshalJSON 

func (m MSTICheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MSTICheckRequirementsProperties.

func (*MSTICheckRequirementsProperties) UnmarshalJSON 

func (m *MSTICheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MSTICheckRequirementsProperties.

type MSTIDataConnector 

type MSTIDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Microsoft Threat Intelligence data connector properties.
	Properties *MSTIDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MSTIDataConnector - Represents Microsoft Threat Intelligence data connector.

func (*MSTIDataConnector) GetDataConnector 

func (m *MSTIDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type MSTIDataConnector.

func (MSTIDataConnector) MarshalJSON 

func (m MSTIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MSTIDataConnector.

func (*MSTIDataConnector) UnmarshalJSON 

func (m *MSTIDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnector.

type MSTIDataConnectorDataTypes 

type MSTIDataConnectorDataTypes struct {
	// REQUIRED; Data type for Microsoft Threat Intelligence Platforms data connector.
	BingSafetyPhishingURL *MSTIDataConnectorDataTypesBingSafetyPhishingURL `json:"bingSafetyPhishingURL,omitempty"`

	// REQUIRED; Data type for Microsoft Threat Intelligence Platforms data connector.
	MicrosoftEmergingThreatFeed *MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed `json:"microsoftEmergingThreatFeed,omitempty"`
}

MSTIDataConnectorDataTypes - The available data types for Microsoft Threat Intelligence Platforms data connector.

func (MSTIDataConnectorDataTypes) MarshalJSON 

func (m MSTIDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorDataTypes.

func (*MSTIDataConnectorDataTypes) UnmarshalJSON 

func (m *MSTIDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorDataTypes.

type MSTIDataConnectorDataTypesBingSafetyPhishingURL 

type MSTIDataConnectorDataTypesBingSafetyPhishingURL struct {
	// REQUIRED; lookback period
	LookbackPeriod *string `json:"lookbackPeriod,omitempty"`

	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

MSTIDataConnectorDataTypesBingSafetyPhishingURL - Data type for Microsoft Threat Intelligence Platforms data connector.

func (MSTIDataConnectorDataTypesBingSafetyPhishingURL) MarshalJSON 

func (m MSTIDataConnectorDataTypesBingSafetyPhishingURL) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorDataTypesBingSafetyPhishingURL.

func (*MSTIDataConnectorDataTypesBingSafetyPhishingURL) UnmarshalJSON 

func (m *MSTIDataConnectorDataTypesBingSafetyPhishingURL) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorDataTypesBingSafetyPhishingURL.

type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed 

type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed struct {
	// REQUIRED; lookback period
	LookbackPeriod *string `json:"lookbackPeriod,omitempty"`

	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed - Data type for Microsoft Threat Intelligence Platforms data connector.

func (MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed) MarshalJSON 

func (m MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed.

func (*MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed) UnmarshalJSON 

func (m *MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed.

type MSTIDataConnectorProperties 

type MSTIDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *MSTIDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MSTIDataConnectorProperties - Microsoft Threat Intelligence data connector properties.

func (MSTIDataConnectorProperties) MarshalJSON 

func (m MSTIDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MSTIDataConnectorProperties.

func (*MSTIDataConnectorProperties) UnmarshalJSON 

func (m *MSTIDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MSTIDataConnectorProperties.

type MTPCheckRequirementsProperties 

type MTPCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MTPCheckRequirementsProperties - MTP (Microsoft Threat Protection) requirements check properties.

func (MTPCheckRequirementsProperties) MarshalJSON 

func (m MTPCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MTPCheckRequirementsProperties.

func (*MTPCheckRequirementsProperties) UnmarshalJSON 

func (m *MTPCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MTPCheckRequirementsProperties.

type MTPDataConnector 

type MTPDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// MTP (Microsoft Threat Protection) data connector properties.
	Properties *MTPDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MTPDataConnector - Represents MTP (Microsoft Threat Protection) data connector.

func (*MTPDataConnector) GetDataConnector 

func (m *MTPDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type MTPDataConnector.

func (MTPDataConnector) MarshalJSON 

func (m MTPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MTPDataConnector.

func (*MTPDataConnector) UnmarshalJSON 

func (m *MTPDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnector.

type MTPDataConnectorDataTypes 

type MTPDataConnectorDataTypes struct {
	// REQUIRED; Data type for Microsoft Threat Protection Platforms data connector.
	Incidents *MTPDataConnectorDataTypesIncidents `json:"incidents,omitempty"`
}

MTPDataConnectorDataTypes - The available data types for Microsoft Threat Protection Platforms data connector.

func (MTPDataConnectorDataTypes) MarshalJSON 

func (m MTPDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MTPDataConnectorDataTypes.

func (*MTPDataConnectorDataTypes) UnmarshalJSON 

func (m *MTPDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnectorDataTypes.

type MTPDataConnectorDataTypesIncidents 

type MTPDataConnectorDataTypesIncidents struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

MTPDataConnectorDataTypesIncidents - Data type for Microsoft Threat Protection Platforms data connector.

func (MTPDataConnectorDataTypesIncidents) MarshalJSON 

func (m MTPDataConnectorDataTypesIncidents) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MTPDataConnectorDataTypesIncidents.

func (*MTPDataConnectorDataTypesIncidents) UnmarshalJSON 

func (m *MTPDataConnectorDataTypesIncidents) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnectorDataTypesIncidents.

type MTPDataConnectorProperties 

type MTPDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *MTPDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

MTPDataConnectorProperties - MTP (Microsoft Threat Protection) data connector properties.

func (MTPDataConnectorProperties) MarshalJSON 

func (m MTPDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MTPDataConnectorProperties.

func (*MTPDataConnectorProperties) UnmarshalJSON 

func (m *MTPDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MTPDataConnectorProperties.

type MailClusterEntity 

type MailClusterEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Mail cluster entity properties
	Properties *MailClusterEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MailClusterEntity - Represents a mail cluster entity.

func (*MailClusterEntity) GetEntity 

func (m *MailClusterEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MailClusterEntity.

func (MailClusterEntity) MarshalJSON 

func (m MailClusterEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailClusterEntity.

func (*MailClusterEntity) UnmarshalJSON 

func (m *MailClusterEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntity.

type MailClusterEntityProperties 

type MailClusterEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The cluster group
	ClusterGroup *string `json:"clusterGroup,omitempty" azure:"ro"`

	// READ-ONLY; The cluster query end time
	ClusterQueryEndTime *time.Time `json:"clusterQueryEndTime,omitempty" azure:"ro"`

	// READ-ONLY; The cluster query start time
	ClusterQueryStartTime *time.Time `json:"clusterQueryStartTime,omitempty" azure:"ro"`

	// READ-ONLY; The id of the cluster source
	ClusterSourceIdentifier *string `json:"clusterSourceIdentifier,omitempty" azure:"ro"`

	// READ-ONLY; The type of the cluster source
	ClusterSourceType *string `json:"clusterSourceType,omitempty" azure:"ro"`

	// READ-ONLY; Count of mail messages by DeliveryStatus string representation
	CountByDeliveryStatus any `json:"countByDeliveryStatus,omitempty" azure:"ro"`

	// READ-ONLY; Count of mail messages by ProtectionStatus string representation
	CountByProtectionStatus any `json:"countByProtectionStatus,omitempty" azure:"ro"`

	// READ-ONLY; Count of mail messages by ThreatType string representation
	CountByThreatType any `json:"countByThreatType,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; Is this a volume anomaly mail cluster
	IsVolumeAnomaly *bool `json:"isVolumeAnomaly,omitempty" azure:"ro"`

	// READ-ONLY; The number of mail messages that are part of the mail cluster
	MailCount *int32 `json:"mailCount,omitempty" azure:"ro"`

	// READ-ONLY; The mail message IDs that are part of the mail cluster
	NetworkMessageIDs []*string `json:"networkMessageIds,omitempty" azure:"ro"`

	// READ-ONLY; The query that was used to identify the messages of the mail cluster
	Query *string `json:"query,omitempty" azure:"ro"`

	// READ-ONLY; The query time
	QueryTime *time.Time `json:"queryTime,omitempty" azure:"ro"`

	// READ-ONLY; The source of the mail cluster (default is 'O365 ATP')
	Source *string `json:"source,omitempty" azure:"ro"`

	// READ-ONLY; The threats of mail messages that are part of the mail cluster
	Threats []*string `json:"threats,omitempty" azure:"ro"`
}

MailClusterEntityProperties - Mail cluster entity property bag.

func (MailClusterEntityProperties) MarshalJSON 

func (m MailClusterEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailClusterEntityProperties.

func (*MailClusterEntityProperties) UnmarshalJSON 

func (m *MailClusterEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailClusterEntityProperties.

type MailMessageEntity 

type MailMessageEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Mail message entity properties
	Properties *MailMessageEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MailMessageEntity - Represents a mail message entity.

func (*MailMessageEntity) GetEntity 

func (m *MailMessageEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MailMessageEntity.

func (MailMessageEntity) MarshalJSON 

func (m MailMessageEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailMessageEntity.

func (*MailMessageEntity) UnmarshalJSON 

func (m *MailMessageEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntity.

type MailMessageEntityProperties 

type MailMessageEntityProperties struct {
	// The directionality of this mail message
	AntispamDirection *AntispamMailDirection `json:"antispamDirection,omitempty"`

	// The bodyFingerprintBin1
	BodyFingerprintBin1 *int32 `json:"bodyFingerprintBin1,omitempty"`

	// The bodyFingerprintBin2
	BodyFingerprintBin2 *int32 `json:"bodyFingerprintBin2,omitempty"`

	// The bodyFingerprintBin3
	BodyFingerprintBin3 *int32 `json:"bodyFingerprintBin3,omitempty"`

	// The bodyFingerprintBin4
	BodyFingerprintBin4 *int32 `json:"bodyFingerprintBin4,omitempty"`

	// The bodyFingerprintBin5
	BodyFingerprintBin5 *int32 `json:"bodyFingerprintBin5,omitempty"`

	// The delivery action of this mail message like Delivered, Blocked, Replaced etc
	DeliveryAction *DeliveryAction `json:"deliveryAction,omitempty"`

	// The delivery location of this mail message like Inbox, JunkFolder etc
	DeliveryLocation *DeliveryLocation `json:"deliveryLocation,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The File entity ids of this mail message's attachments
	FileEntityIDs []*string `json:"fileEntityIds,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The internet message id of this mail message
	InternetMessageID *string `json:"internetMessageId,omitempty" azure:"ro"`

	// READ-ONLY; The language of this mail message
	Language *string `json:"language,omitempty" azure:"ro"`

	// READ-ONLY; The network message id of this mail message
	NetworkMessageID *string `json:"networkMessageId,omitempty" azure:"ro"`

	// READ-ONLY; The p1 sender's email address
	P1Sender *string `json:"p1Sender,omitempty" azure:"ro"`

	// READ-ONLY; The p1 sender's display name
	P1SenderDisplayName *string `json:"p1SenderDisplayName,omitempty" azure:"ro"`

	// READ-ONLY; The p1 sender's domain
	P1SenderDomain *string `json:"p1SenderDomain,omitempty" azure:"ro"`

	// READ-ONLY; The p2 sender's email address
	P2Sender *string `json:"p2Sender,omitempty" azure:"ro"`

	// READ-ONLY; The p2 sender's display name
	P2SenderDisplayName *string `json:"p2SenderDisplayName,omitempty" azure:"ro"`

	// READ-ONLY; The p2 sender's domain
	P2SenderDomain *string `json:"p2SenderDomain,omitempty" azure:"ro"`

	// READ-ONLY; The receive date of this message
	ReceiveDate *time.Time `json:"receiveDate,omitempty" azure:"ro"`

	// READ-ONLY; The recipient of this mail message. Note that in case of multiple recipients the mail message is forked and
	// each copy has one recipient
	Recipient *string `json:"recipient,omitempty" azure:"ro"`

	// READ-ONLY; The sender's IP address
	SenderIP *string `json:"senderIP,omitempty" azure:"ro"`

	// READ-ONLY; The subject of this mail message
	Subject *string `json:"subject,omitempty" azure:"ro"`

	// READ-ONLY; The threat detection methods
	ThreatDetectionMethods []*string `json:"threatDetectionMethods,omitempty" azure:"ro"`

	// READ-ONLY; The threats of this mail message
	Threats []*string `json:"threats,omitempty" azure:"ro"`

	// READ-ONLY; The Urls contained in this mail message
	Urls []*string `json:"urls,omitempty" azure:"ro"`
}

MailMessageEntityProperties - Mail message entity property bag.

func (MailMessageEntityProperties) MarshalJSON 

func (m MailMessageEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailMessageEntityProperties.

func (*MailMessageEntityProperties) UnmarshalJSON 

func (m *MailMessageEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailMessageEntityProperties.

type MailboxEntity 

type MailboxEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Mailbox entity properties
	Properties *MailboxEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MailboxEntity - Represents a mailbox entity.

func (*MailboxEntity) GetEntity 

func (m *MailboxEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MailboxEntity.

func (MailboxEntity) MarshalJSON 

func (m MailboxEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailboxEntity.

func (*MailboxEntity) UnmarshalJSON 

func (m *MailboxEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntity.

type MailboxEntityProperties 

type MailboxEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The mailbox's display name
	DisplayName *string `json:"displayName,omitempty" azure:"ro"`

	// READ-ONLY; The AzureAD identifier of mailbox. Similar to AadUserId in account entity but this property is specific to mailbox
	// object on office side
	ExternalDirectoryObjectID *string `json:"externalDirectoryObjectId,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The mailbox's primary address
	MailboxPrimaryAddress *string `json:"mailboxPrimaryAddress,omitempty" azure:"ro"`

	// READ-ONLY; The mailbox's UPN
	Upn *string `json:"upn,omitempty" azure:"ro"`
}

MailboxEntityProperties - Mailbox entity property bag.

func (MailboxEntityProperties) MarshalJSON 

func (m MailboxEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MailboxEntityProperties.

func (*MailboxEntityProperties) UnmarshalJSON 

func (m *MailboxEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MailboxEntityProperties.

type MalwareEntity 

type MalwareEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// File entity properties
	Properties *MalwareEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MalwareEntity - Represents a malware entity.

func (*MalwareEntity) GetEntity 

func (m *MalwareEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type MalwareEntity.

func (MalwareEntity) MarshalJSON 

func (m MalwareEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MalwareEntity.

func (*MalwareEntity) UnmarshalJSON 

func (m *MalwareEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntity.

type MalwareEntityProperties 

type MalwareEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The malware category by the vendor, e.g. Trojan
	Category *string `json:"category,omitempty" azure:"ro"`

	// READ-ONLY; List of linked file entity identifiers on which the malware was found
	FileEntityIDs []*string `json:"fileEntityIds,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The malware name by the vendor, e.g. Win32/Toga!rfn
	MalwareName *string `json:"malwareName,omitempty" azure:"ro"`

	// READ-ONLY; List of linked process entity identifiers on which the malware was found.
	ProcessEntityIDs []*string `json:"processEntityIds,omitempty" azure:"ro"`
}

MalwareEntityProperties - Malware entity property bag.

func (MalwareEntityProperties) MarshalJSON 

func (m MalwareEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MalwareEntityProperties.

func (*MalwareEntityProperties) UnmarshalJSON 

func (m *MalwareEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MalwareEntityProperties.

type ManualTriggerRequestBody 

type ManualTriggerRequestBody struct {
	// REQUIRED
	LogicAppsResourceID *string `json:"logicAppsResourceId,omitempty"`
	TenantID            *string `json:"tenantId,omitempty"`
}

func (ManualTriggerRequestBody) MarshalJSON 

func (m ManualTriggerRequestBody) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ManualTriggerRequestBody.

func (*ManualTriggerRequestBody) UnmarshalJSON 

func (m *ManualTriggerRequestBody) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ManualTriggerRequestBody.

type MatchingMethod 

type MatchingMethod string

MatchingMethod - Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. 

const (
	// MatchingMethodAllEntities - Grouping alerts into a single incident if all the entities match
	MatchingMethodAllEntities MatchingMethod = "AllEntities"
	// MatchingMethodAnyAlert - Grouping any alerts triggered by this rule into a single incident
	MatchingMethodAnyAlert MatchingMethod = "AnyAlert"
	// MatchingMethodSelected - Grouping alerts into a single incident if the selected entities, custom details and alert details
	// match
	MatchingMethodSelected MatchingMethod = "Selected"
)

func PossibleMatchingMethodValues 

func PossibleMatchingMethodValues() []MatchingMethod

PossibleMatchingMethodValues returns the possible values for the MatchingMethod const type.

type MetadataAuthor 

type MetadataAuthor struct {
	// Email of author contact
	Email *string `json:"email,omitempty"`

	// Link for author/vendor page
	Link *string `json:"link,omitempty"`

	// Name of the author. Company or person.
	Name *string `json:"name,omitempty"`
}

MetadataAuthor - Publisher or creator of the content item.

func (MetadataAuthor) MarshalJSON 

func (m MetadataAuthor) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataAuthor.

func (*MetadataAuthor) UnmarshalJSON 

func (m *MetadataAuthor) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataAuthor.

type MetadataCategories 

type MetadataCategories struct {
	// domain for the solution content item
	Domains []*string `json:"domains,omitempty"`

	// Industry verticals for the solution content item
	Verticals []*string `json:"verticals,omitempty"`
}

MetadataCategories - ies for the solution content item

func (MetadataCategories) MarshalJSON 

func (m MetadataCategories) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataCategories.

func (*MetadataCategories) UnmarshalJSON 

func (m *MetadataCategories) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataCategories.

type MetadataClient 

type MetadataClient struct {
	// contains filtered or unexported fields
}

MetadataClient contains the methods for the Metadata group. Don't use this type directly, use NewMetadataClient() instead.

func NewMetadataClient 

func NewMetadataClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*MetadataClient, error)

NewMetadataClient creates a new instance of MetadataClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*MetadataClient) Create 

func (client *MetadataClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadata MetadataModel, options *MetadataClientCreateOptions) (MetadataClientCreateResponse, error)

Create - Create a Metadata. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • metadataName - The Metadata name.
  • metadata - Metadata resource.
  • options - MetadataClientCreateOptions contains the optional parameters for the MetadataClient.Create method.
Example (CreateUpdateFullMetadata)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/PutMetadata.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewMetadataClient().Create(ctx, "myRg", "myWorkspace", "metadataName", armsecurityinsights.MetadataModel{
	Properties: &armsecurityinsights.MetadataProperties{
		Author: &armsecurityinsights.MetadataAuthor{
			Name:  to.Ptr("User Name"),
			Email: to.Ptr("email@microsoft.com"),
		},
		Categories: &armsecurityinsights.MetadataCategories{
			Domains: []*string{
				to.Ptr("Application"),
				to.Ptr("Security – Insider Threat")},
			Verticals: []*string{
				to.Ptr("Healthcare")},
		},
		ContentID:            to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"),
		ContentSchemaVersion: to.Ptr("2.0"),
		CustomVersion:        to.Ptr("1.0"),
		Dependencies: &armsecurityinsights.MetadataDependencies{
			Criteria: []*armsecurityinsights.MetadataDependencies{
				{
					Criteria: []*armsecurityinsights.MetadataDependencies{
						{
							Name:      to.Ptr("Microsoft Defender for Endpoint"),
							ContentID: to.Ptr("045d06d0-ee72-4794-aba4-cf5646e4c756"),
							Kind:      to.Ptr(armsecurityinsights.KindDataConnector),
						},
						{
							ContentID: to.Ptr("dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d"),
							Kind:      to.Ptr(armsecurityinsights.KindDataConnector),
						},
						{
							ContentID: to.Ptr("de4dca9b-eb37-47d6-a56f-b8b06b261593"),
							Kind:      to.Ptr(armsecurityinsights.KindDataConnector),
							Version:   to.Ptr("2.0"),
						}},
					Operator: to.Ptr(armsecurityinsights.OperatorOR),
				},
				{
					ContentID: to.Ptr("31ee11cc-9989-4de8-b176-5e0ef5c4dbab"),
					Kind:      to.Ptr(armsecurityinsights.KindPlaybook),
					Version:   to.Ptr("1.0"),
				},
				{
					ContentID: to.Ptr("21ba424a-9438-4444-953a-7059539a7a1b"),
					Kind:      to.Ptr(armsecurityinsights.KindParser),
				}},
			Operator: to.Ptr(armsecurityinsights.OperatorAND),
		},
		FirstPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t }()),
		Kind:             to.Ptr(armsecurityinsights.KindAnalyticsRule),
		LastPublishDate:  to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t }()),
		ParentID:         to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"),
		PreviewImages: []*string{
			to.Ptr("firstImage.png"),
			to.Ptr("secondImage.jpeg")},
		PreviewImagesDark: []*string{
			to.Ptr("firstImageDark.png"),
			to.Ptr("secondImageDark.jpeg")},
		Providers: []*string{
			to.Ptr("Amazon"),
			to.Ptr("Microsoft")},
		Source: &armsecurityinsights.MetadataSource{
			Name:     to.Ptr("Contoso Solution 1.0"),
			Kind:     to.Ptr(armsecurityinsights.SourceKindSolution),
			SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"),
		},
		Support: &armsecurityinsights.MetadataSupport{
			Name:  to.Ptr("Microsoft"),
			Email: to.Ptr("support@microsoft.com"),
			Link:  to.Ptr("https://support.microsoft.com/"),
			Tier:  to.Ptr(armsecurityinsights.SupportTierPartner),
		},
		ThreatAnalysisTactics: []*string{
			to.Ptr("reconnaissance"),
			to.Ptr("commandandcontrol")},
		ThreatAnalysisTechniques: []*string{
			to.Ptr("T1548"),
			to.Ptr("T1548.001")},
		Version: to.Ptr("1.0.0.0"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.MetadataModel = armsecurityinsights.MetadataModel{
// 	Name: to.Ptr("metadataName"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/metadata"),
// 	ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName"),
// 	Properties: &armsecurityinsights.MetadataProperties{
// 		Author: &armsecurityinsights.MetadataAuthor{
// 			Name: to.Ptr("User Name"),
// 			Email: to.Ptr("email@microsoft.com"),
// 		},
// 		Categories: &armsecurityinsights.MetadataCategories{
// 			Domains: []*string{
// 				to.Ptr("Application"),
// 				to.Ptr("Security – Insider Threat")},
// 				Verticals: []*string{
// 					to.Ptr("Healthcare")},
// 				},
// 				ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"),
// 				ContentSchemaVersion: to.Ptr("2.0"),
// 				CustomVersion: to.Ptr("1.0"),
// 				Dependencies: &armsecurityinsights.MetadataDependencies{
// 					Criteria: []*armsecurityinsights.MetadataDependencies{
// 						{
// 							Criteria: []*armsecurityinsights.MetadataDependencies{
// 								{
// 									ContentID: to.Ptr("045d06d0-ee72-4794-aba4-cf5646e4c756"),
// 									Kind: to.Ptr(armsecurityinsights.KindDataConnector),
// 								},
// 								{
// 									ContentID: to.Ptr("dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d"),
// 									Kind: to.Ptr(armsecurityinsights.KindDataConnector),
// 								},
// 								{
// 									ContentID: to.Ptr("de4dca9b-eb37-47d6-a56f-b8b06b261593"),
// 									Kind: to.Ptr(armsecurityinsights.KindDataConnector),
// 									Version: to.Ptr("2.0"),
// 							}},
// 							Operator: to.Ptr(armsecurityinsights.OperatorOR),
// 						},
// 						{
// 							ContentID: to.Ptr("31ee11cc-9989-4de8-b176-5e0ef5c4dbab"),
// 							Kind: to.Ptr(armsecurityinsights.KindPlaybook),
// 							Version: to.Ptr("1.0"),
// 						},
// 						{
// 							ContentID: to.Ptr("21ba424a-9438-4444-953a-7059539a7a1b"),
// 							Kind: to.Ptr(armsecurityinsights.KindParser),
// 					}},
// 					Operator: to.Ptr(armsecurityinsights.OperatorAND),
// 				},
// 				FirstPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t}()),
// 				Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule),
// 				LastPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t}()),
// 				ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"),
// 				PreviewImages: []*string{
// 					to.Ptr("firstImage.png"),
// 					to.Ptr("secondImage.jpeg")},
// 					PreviewImagesDark: []*string{
// 						to.Ptr("firstImageDark.png"),
// 						to.Ptr("secondImageDark.jpeg")},
// 						Providers: []*string{
// 							to.Ptr("Amazon"),
// 							to.Ptr("Microsoft")},
// 							Source: &armsecurityinsights.MetadataSource{
// 								Name: to.Ptr("Contoso Solution 1.0"),
// 								Kind: to.Ptr(armsecurityinsights.SourceKindSolution),
// 								SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"),
// 							},
// 							Support: &armsecurityinsights.MetadataSupport{
// 								Name: to.Ptr("Microsoft"),
// 								Email: to.Ptr("support@microsoft.com"),
// 								Link: to.Ptr("https://support.microsoft.com/"),
// 								Tier: to.Ptr(armsecurityinsights.SupportTierPartner),
// 							},
// 							ThreatAnalysisTactics: []*string{
// 								to.Ptr("reconnaissance"),
// 								to.Ptr("commandandcontrol")},
// 								ThreatAnalysisTechniques: []*string{
// 									to.Ptr("T1548"),
// 									to.Ptr("T1548.001")},
// 									Version: to.Ptr("1.0.0.0"),
// 								},
// 							}

Output:
Example (CreateUpdateMinimalMetadata)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/PutMetadataMinimal.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewMetadataClient().Create(ctx, "myRg", "myWorkspace", "metadataName", armsecurityinsights.MetadataModel{
	Properties: &armsecurityinsights.MetadataProperties{
		ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"),
		Kind:      to.Ptr(armsecurityinsights.KindAnalyticsRule),
		ParentID:  to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.MetadataModel = armsecurityinsights.MetadataModel{
// 	Name: to.Ptr("metadataName"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/metadata"),
// 	ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName"),
// 	Properties: &armsecurityinsights.MetadataProperties{
// 		Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule),
// 		ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"),
// 	},
// }

Output:

func (*MetadataClient) Delete 

func (client *MetadataClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, options *MetadataClientDeleteOptions) (MetadataClientDeleteResponse, error)

Delete - Delete a Metadata. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • metadataName - The Metadata name.
  • options - MetadataClientDeleteOptions contains the optional parameters for the MetadataClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/DeleteMetadata.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewMetadataClient().Delete(ctx, "myRg", "myWorkspace", "metadataName", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*MetadataClient) Get 

func (client *MetadataClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, options *MetadataClientGetOptions) (MetadataClientGetResponse, error)

Get - Get a Metadata. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • metadataName - The Metadata name.
  • options - MetadataClientGetOptions contains the optional parameters for the MetadataClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/GetMetadata.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewMetadataClient().Get(ctx, "myRg", "myWorkspace", "metadataName", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.MetadataModel = armsecurityinsights.MetadataModel{
// 	Name: to.Ptr("metadataName"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/metadata"),
// 	ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName"),
// 	Properties: &armsecurityinsights.MetadataProperties{
// 		Author: &armsecurityinsights.MetadataAuthor{
// 			Name: to.Ptr("User Name"),
// 			Email: to.Ptr("email@microsoft.com"),
// 		},
// 		Categories: &armsecurityinsights.MetadataCategories{
// 			Domains: []*string{
// 				to.Ptr("Application"),
// 				to.Ptr("Security – Insider Threat")},
// 				Verticals: []*string{
// 					to.Ptr("Healthcare")},
// 				},
// 				ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"),
// 				ContentSchemaVersion: to.Ptr("2.0"),
// 				CustomVersion: to.Ptr("1.0"),
// 				Dependencies: &armsecurityinsights.MetadataDependencies{
// 					Criteria: []*armsecurityinsights.MetadataDependencies{
// 						{
// 							Criteria: []*armsecurityinsights.MetadataDependencies{
// 								{
// 									ContentID: to.Ptr("045d06d0-ee72-4794-aba4-cf5646e4c756"),
// 									Kind: to.Ptr(armsecurityinsights.KindDataConnector),
// 								},
// 								{
// 									ContentID: to.Ptr("dbfcb2cc-d782-40ef-8d94-fe7af58a6f2d"),
// 									Kind: to.Ptr(armsecurityinsights.KindDataConnector),
// 								},
// 								{
// 									ContentID: to.Ptr("de4dca9b-eb37-47d6-a56f-b8b06b261593"),
// 									Kind: to.Ptr(armsecurityinsights.KindDataConnector),
// 									Version: to.Ptr("2.0"),
// 							}},
// 							Operator: to.Ptr(armsecurityinsights.OperatorOR),
// 						},
// 						{
// 							ContentID: to.Ptr("31ee11cc-9989-4de8-b176-5e0ef5c4dbab"),
// 							Kind: to.Ptr(armsecurityinsights.KindPlaybook),
// 							Version: to.Ptr("1.0"),
// 						},
// 						{
// 							ContentID: to.Ptr("21ba424a-9438-4444-953a-7059539a7a1b"),
// 							Kind: to.Ptr(armsecurityinsights.KindParser),
// 					}},
// 					Operator: to.Ptr(armsecurityinsights.OperatorAND),
// 				},
// 				FirstPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t}()),
// 				Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule),
// 				LastPublishDate: to.Ptr(func() time.Time { t, _ := time.Parse("2006-01-02", "2021-05-18"); return t}()),
// 				ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"),
// 				PreviewImages: []*string{
// 					to.Ptr("firstImage.png"),
// 					to.Ptr("secondImage.jpeg")},
// 					PreviewImagesDark: []*string{
// 						to.Ptr("firstImageDark.png"),
// 						to.Ptr("secondImageDark.jpeg")},
// 						Providers: []*string{
// 							to.Ptr("Amazon"),
// 							to.Ptr("Microsoft")},
// 							Source: &armsecurityinsights.MetadataSource{
// 								Name: to.Ptr("Contoso Solution 1.0"),
// 								Kind: to.Ptr(armsecurityinsights.SourceKindSolution),
// 								SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"),
// 							},
// 							Support: &armsecurityinsights.MetadataSupport{
// 								Name: to.Ptr("Microsoft"),
// 								Email: to.Ptr("support@microsoft.com"),
// 								Link: to.Ptr("https://support.microsoft.com/"),
// 								Tier: to.Ptr(armsecurityinsights.SupportTierPartner),
// 							},
// 							ThreatAnalysisTactics: []*string{
// 								to.Ptr("reconnaissance"),
// 								to.Ptr("commandandcontrol")},
// 								ThreatAnalysisTechniques: []*string{
// 									to.Ptr("T1548"),
// 									to.Ptr("T1548.001")},
// 									Version: to.Ptr("1.0.0.0"),
// 								},
// 							}

Output:

func (*MetadataClient) NewListPager 

func (client *MetadataClient) NewListPager(resourceGroupName string, workspaceName string, options *MetadataClientListOptions) *runtime.Pager[MetadataClientListResponse]

NewListPager - List of all metadata

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - MetadataClientListOptions contains the optional parameters for the MetadataClient.NewListPager method.
Example (GetAllMetadata)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/GetAllMetadata.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewMetadataClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.MetadataClientListOptions{Filter: nil,
	Orderby: nil,
	Top:     nil,
	Skip:    nil,
})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.MetadataList = armsecurityinsights.MetadataList{
	// 	Value: []*armsecurityinsights.MetadataModel{
	// 		{
	// 			Name: to.Ptr("metadataName1"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/metadata"),
	// 			ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1"),
	// 			Properties: &armsecurityinsights.MetadataProperties{
	// 				ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"),
	// 				Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule),
	// 				ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"),
	// 				Source: &armsecurityinsights.MetadataSource{
	// 					Name: to.Ptr("Contoso Solution 1.0"),
	// 					Kind: to.Ptr(armsecurityinsights.SourceKindSolution),
	// 					SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"),
	// 				},
	// 				Version: to.Ptr("1.0.0.0"),
	// 			},
	// 		},
	// 		{
	// 			Name: to.Ptr("metadataName2"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/metadata"),
	// 			ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2"),
	// 			Properties: &armsecurityinsights.MetadataProperties{
	// 				ContentID: to.Ptr("f5160682-0e10-4e23-8fcf-df3df49c5522"),
	// 				Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule),
	// 				ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2"),
	// 				Source: &armsecurityinsights.MetadataSource{
	// 					Name: to.Ptr("Contoso Solution 1.0"),
	// 					Kind: to.Ptr(armsecurityinsights.SourceKindSolution),
	// 					SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"),
	// 				},
	// 				Version: to.Ptr("1.0.0.0"),
	// 			},
	// 		},
	// 		{
	// 			Name: to.Ptr("metadataName3"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/metadata"),
	// 			ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName3"),
	// 			Properties: &armsecurityinsights.MetadataProperties{
	// 				ContentID: to.Ptr("f593501d-ec01-4057-8146-a1de35c461ef"),
	// 				Kind: to.Ptr(armsecurityinsights.KindWorkbook),
	// 				ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.Insights/workbooks/workbookName"),
	// 				Source: &armsecurityinsights.MetadataSource{
	// 					Name: to.Ptr("Contoso Solution 1.0"),
	// 					Kind: to.Ptr(armsecurityinsights.SourceKindSolution),
	// 					SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"),
	// 				},
	// 				Version: to.Ptr("1.0.0.0"),
	// 			},
	// 	}},
	// }
}

Output:
Example (GetAllMetadataWithODataFilterOrderbySkipTop)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/GetAllMetadataOData.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewMetadataClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.MetadataClientListOptions{Filter: nil,
	Orderby: nil,
	Top:     nil,
	Skip:    nil,
})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.MetadataList = armsecurityinsights.MetadataList{
	// 	Value: []*armsecurityinsights.MetadataModel{
	// 		{
	// 			Name: to.Ptr("metadataName1"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/metadata"),
	// 			ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName1"),
	// 			Properties: &armsecurityinsights.MetadataProperties{
	// 				ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"),
	// 				Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule),
	// 				ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName1"),
	// 				Source: &armsecurityinsights.MetadataSource{
	// 					Name: to.Ptr("Contoso Solution 1.0"),
	// 					Kind: to.Ptr(armsecurityinsights.SourceKindSolution),
	// 					SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"),
	// 				},
	// 				Version: to.Ptr("1.0.0.0"),
	// 			},
	// 		},
	// 		{
	// 			Name: to.Ptr("metadataName2"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/metadata"),
	// 			ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName2"),
	// 			Properties: &armsecurityinsights.MetadataProperties{
	// 				ContentID: to.Ptr("f5160682-0e10-4e23-8fcf-df3df49c5522"),
	// 				Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule),
	// 				ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName2"),
	// 				Source: &armsecurityinsights.MetadataSource{
	// 					Name: to.Ptr("Contoso Solution 1.0"),
	// 					Kind: to.Ptr(armsecurityinsights.SourceKindSolution),
	// 					SourceID: to.Ptr("b688a130-76f4-4a07-bf57-762222a3cadf"),
	// 				},
	// 				Version: to.Ptr("1.0.0.0"),
	// 			},
	// 	}},
	// }
}

Output:

func (*MetadataClient) Update 

func (client *MetadataClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, metadataName string, metadataPatch MetadataPatch, options *MetadataClientUpdateOptions) (MetadataClientUpdateResponse, error)

Update - Update an existing Metadata. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • metadataName - The Metadata name.
  • metadataPatch - Partial metadata request.
  • options - MetadataClientUpdateOptions contains the optional parameters for the MetadataClient.Update method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/metadata/PatchMetadata.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewMetadataClient().Update(ctx, "myRg", "myWorkspace", "metadataName", armsecurityinsights.MetadataPatch{
	Properties: &armsecurityinsights.MetadataPropertiesPatch{
		Author: &armsecurityinsights.MetadataAuthor{
			Name:  to.Ptr("User Name"),
			Email: to.Ptr("email@microsoft.com"),
		},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.MetadataModel = armsecurityinsights.MetadataModel{
// 	Name: to.Ptr("metadataName"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/metadata"),
// 	ID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/metadata/metadataName"),
// 	Properties: &armsecurityinsights.MetadataProperties{
// 		Author: &armsecurityinsights.MetadataAuthor{
// 			Name: to.Ptr("User Name"),
// 			Email: to.Ptr("email@microsoft.com"),
// 		},
// 		ContentID: to.Ptr("c00ee137-7475-47c8-9cce-ec6f0f1bedd0"),
// 		Kind: to.Ptr(armsecurityinsights.KindAnalyticsRule),
// 		ParentID: to.Ptr("/subscriptions/2e1dc338-d04d-4443-b721-037eff4fdcac/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/ruleName"),
// 	},
// }

Output:

type MetadataClientCreateOptions 

type MetadataClientCreateOptions struct {
}

MetadataClientCreateOptions contains the optional parameters for the MetadataClient.Create method.

type MetadataClientCreateResponse 

type MetadataClientCreateResponse struct {
	MetadataModel
}

MetadataClientCreateResponse contains the response from method MetadataClient.Create.

type MetadataClientDeleteOptions 

type MetadataClientDeleteOptions struct {
}

MetadataClientDeleteOptions contains the optional parameters for the MetadataClient.Delete method.

type MetadataClientDeleteResponse 

type MetadataClientDeleteResponse struct {
}

MetadataClientDeleteResponse contains the response from method MetadataClient.Delete.

type MetadataClientGetOptions 

type MetadataClientGetOptions struct {
}

MetadataClientGetOptions contains the optional parameters for the MetadataClient.Get method.

type MetadataClientGetResponse 

type MetadataClientGetResponse struct {
	MetadataModel
}

MetadataClientGetResponse contains the response from method MetadataClient.Get.

type MetadataClientListOptions 

type MetadataClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Used to skip n elements in the OData query (offset). Returns a nextLink to the next page of results if there are any left.
	Skip *int32
	// Returns only the first n results. Optional.
	Top *int32
}

MetadataClientListOptions contains the optional parameters for the MetadataClient.NewListPager method.

type MetadataClientListResponse 

type MetadataClientListResponse struct {
	MetadataList
}

MetadataClientListResponse contains the response from method MetadataClient.NewListPager.

type MetadataClientUpdateOptions 

type MetadataClientUpdateOptions struct {
}

MetadataClientUpdateOptions contains the optional parameters for the MetadataClient.Update method.

type MetadataClientUpdateResponse 

type MetadataClientUpdateResponse struct {
	MetadataModel
}

MetadataClientUpdateResponse contains the response from method MetadataClient.Update.

type MetadataDependencies 

type MetadataDependencies struct {
	// Id of the content item we depend on
	ContentID *string `json:"contentId,omitempty"`

	// This is the list of dependencies we must fulfill, according to the AND/OR operator
	Criteria []*MetadataDependencies `json:"criteria,omitempty"`

	// Type of the content item we depend on
	Kind *Kind `json:"kind,omitempty"`

	// Name of the content item
	Name *string `json:"name,omitempty"`

	// Operator used for list of dependencies in criteria array.
	Operator *Operator `json:"operator,omitempty"`

	// Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency.
	// If version does not match our defined numeric format then an exact match is
	// required.
	Version *string `json:"version,omitempty"`
}

MetadataDependencies - Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies.

func (MetadataDependencies) MarshalJSON 

func (m MetadataDependencies) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataDependencies.

func (*MetadataDependencies) UnmarshalJSON 

func (m *MetadataDependencies) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataDependencies.

type MetadataList 

type MetadataList struct {
	// REQUIRED; Array of metadata.
	Value []*MetadataModel `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next page of metadata.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

MetadataList - List of all the metadata.

func (MetadataList) MarshalJSON 

func (m MetadataList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataList.

func (*MetadataList) UnmarshalJSON 

func (m *MetadataList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataList.

type MetadataModel 

type MetadataModel struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Metadata properties
	Properties *MetadataProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MetadataModel - Metadata resource definition.

func (MetadataModel) MarshalJSON 

func (m MetadataModel) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataModel.

func (*MetadataModel) UnmarshalJSON 

func (m *MetadataModel) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataModel.

type MetadataPatch 

type MetadataPatch struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Metadata patch request body
	Properties *MetadataPropertiesPatch `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MetadataPatch - Metadata patch request body.

func (MetadataPatch) MarshalJSON 

func (m MetadataPatch) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataPatch.

func (*MetadataPatch) UnmarshalJSON 

func (m *MetadataPatch) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataPatch.

type MetadataProperties 

type MetadataProperties struct {
	// REQUIRED; The kind of content the metadata is for.
	Kind *Kind `json:"kind,omitempty"`

	// REQUIRED; Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope
	// (subscription and resource group)
	ParentID *string `json:"parentId,omitempty"`

	// The creator of the content item.
	Author *MetadataAuthor `json:"author,omitempty"`

	// Categories for the solution content item
	Categories *MetadataCategories `json:"categories,omitempty"`

	// Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for
	// out of the box content and solutions. Dynamic for user-created. This is the
	// resource name
	ContentID *string `json:"contentId,omitempty"`

	// Schema version of the content. Can be used to distinguish between different flow based on the schema version
	ContentSchemaVersion *string `json:"contentSchemaVersion,omitempty"`

	// The custom version of the content. A optional free text
	CustomVersion *string `json:"customVersion,omitempty"`

	// Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies
	// using a recursive/nested structure. For a single dependency an id/kind/version
	// can be supplied or operator/criteria for complex formats.
	Dependencies *MetadataDependencies `json:"dependencies,omitempty"`

	// first publish date solution content item
	FirstPublishDate *time.Time `json:"firstPublishDate,omitempty"`

	// the icon identifier. this id can later be fetched from the solution template
	Icon *string `json:"icon,omitempty"`

	// last publish date for the solution content item
	LastPublishDate *time.Time `json:"lastPublishDate,omitempty"`

	// preview image file names. These will be taken from the solution artifacts
	PreviewImages []*string `json:"previewImages,omitempty"`

	// preview image file names. These will be taken from the solution artifacts. used for dark theme support
	PreviewImagesDark []*string `json:"previewImagesDark,omitempty"`

	// Providers for the solution content item
	Providers []*string `json:"providers,omitempty"`

	// Source of the content. This is where/how it was created.
	Source *MetadataSource `json:"source,omitempty"`

	// Support information for the metadata - type, name, contact information
	Support *MetadataSupport `json:"support,omitempty"`

	// the tactics the resource covers
	ThreatAnalysisTactics []*string `json:"threatAnalysisTactics,omitempty"`

	// the techniques the resource covers, these have to be aligned with the tactics being used
	ThreatAnalysisTechniques []*string `json:"threatAnalysisTechniques,omitempty"`

	// Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template
	// best practices. Can also be any string, but then we cannot guarantee any version
	// checks
	Version *string `json:"version,omitempty"`
}

MetadataProperties - Metadata property bag.

func (MetadataProperties) MarshalJSON 

func (m MetadataProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataProperties.

func (*MetadataProperties) UnmarshalJSON 

func (m *MetadataProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataProperties.

type MetadataPropertiesPatch 

type MetadataPropertiesPatch struct {
	// The creator of the content item.
	Author *MetadataAuthor `json:"author,omitempty"`

	// Categories for the solution content item
	Categories *MetadataCategories `json:"categories,omitempty"`

	// Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for
	// out of the box content and solutions. Dynamic for user-created. This is the
	// resource name
	ContentID *string `json:"contentId,omitempty"`

	// Schema version of the content. Can be used to distinguish between different flow based on the schema version
	ContentSchemaVersion *string `json:"contentSchemaVersion,omitempty"`

	// The custom version of the content. A optional free text
	CustomVersion *string `json:"customVersion,omitempty"`

	// Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies
	// using a recursive/nested structure. For a single dependency an id/kind/version
	// can be supplied or operator/criteria for complex formats.
	Dependencies *MetadataDependencies `json:"dependencies,omitempty"`

	// first publish date solution content item
	FirstPublishDate *time.Time `json:"firstPublishDate,omitempty"`

	// the icon identifier. this id can later be fetched from the solution template
	Icon *string `json:"icon,omitempty"`

	// The kind of content the metadata is for.
	Kind *Kind `json:"kind,omitempty"`

	// last publish date for the solution content item
	LastPublishDate *time.Time `json:"lastPublishDate,omitempty"`

	// Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription
	// and resource group)
	ParentID *string `json:"parentId,omitempty"`

	// preview image file names. These will be taken from the solution artifacts
	PreviewImages []*string `json:"previewImages,omitempty"`

	// preview image file names. These will be taken from the solution artifacts. used for dark theme support
	PreviewImagesDark []*string `json:"previewImagesDark,omitempty"`

	// Providers for the solution content item
	Providers []*string `json:"providers,omitempty"`

	// Source of the content. This is where/how it was created.
	Source *MetadataSource `json:"source,omitempty"`

	// Support information for the metadata - type, name, contact information
	Support *MetadataSupport `json:"support,omitempty"`

	// the tactics the resource covers
	ThreatAnalysisTactics []*string `json:"threatAnalysisTactics,omitempty"`

	// the techniques the resource covers, these have to be aligned with the tactics being used
	ThreatAnalysisTechniques []*string `json:"threatAnalysisTechniques,omitempty"`

	// Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template
	// best practices. Can also be any string, but then we cannot guarantee any version
	// checks
	Version *string `json:"version,omitempty"`
}

MetadataPropertiesPatch - Metadata property bag for patch requests. This is the same as the MetadataProperties, but with nothing required

func (MetadataPropertiesPatch) MarshalJSON 

func (m MetadataPropertiesPatch) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataPropertiesPatch.

func (*MetadataPropertiesPatch) UnmarshalJSON 

func (m *MetadataPropertiesPatch) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataPropertiesPatch.

type MetadataSource 

type MetadataSource struct {
	// REQUIRED; Source type of the content
	Kind *SourceKind `json:"kind,omitempty"`

	// Name of the content source. The repo name, solution name, LA workspace name etc.
	Name *string `json:"name,omitempty"`

	// ID of the content source. The solution ID, workspace ID, etc
	SourceID *string `json:"sourceId,omitempty"`
}

MetadataSource - The original source of the content item, where it comes from.

func (MetadataSource) MarshalJSON 

func (m MetadataSource) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataSource.

func (*MetadataSource) UnmarshalJSON 

func (m *MetadataSource) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataSource.

type MetadataSupport 

type MetadataSupport struct {
	// REQUIRED; Type of support for content item
	Tier *SupportTier `json:"tier,omitempty"`

	// Email of support contact
	Email *string `json:"email,omitempty"`

	// Link for support help, like to support page to open a ticket etc.
	Link *string `json:"link,omitempty"`

	// Name of the support contact. Company or person.
	Name *string `json:"name,omitempty"`
}

MetadataSupport - Support information for the content item.

func (MetadataSupport) MarshalJSON 

func (m MetadataSupport) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MetadataSupport.

func (*MetadataSupport) UnmarshalJSON 

func (m *MetadataSupport) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MetadataSupport.

type MicrosoftSecurityIncidentCreationAlertRule 

type MicrosoftSecurityIncidentCreationAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// MicrosoftSecurityIncidentCreation rule properties
	Properties *MicrosoftSecurityIncidentCreationAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MicrosoftSecurityIncidentCreationAlertRule - Represents MicrosoftSecurityIncidentCreation rule.

func (*MicrosoftSecurityIncidentCreationAlertRule) GetAlertRule 

func (m *MicrosoftSecurityIncidentCreationAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type MicrosoftSecurityIncidentCreationAlertRule.

func (MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRule.

func (*MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRule.

type MicrosoftSecurityIncidentCreationAlertRuleProperties 

type MicrosoftSecurityIncidentCreationAlertRuleProperties struct {
	// REQUIRED; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; The alerts' productName on which the cases will be generated
	ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"`

	// The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// The description of the alert rule.
	Description *string `json:"description,omitempty"`

	// the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"`

	// the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"`

	// the alerts' severities on which the cases will be generated
	SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"`

	// READ-ONLY; The last time that this alert has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`
}

MicrosoftSecurityIncidentCreationAlertRuleProperties - MicrosoftSecurityIncidentCreation rule property bag.

func (MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties.

func (*MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleProperties.

type MicrosoftSecurityIncidentCreationAlertRuleTemplate 

type MicrosoftSecurityIncidentCreationAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// MicrosoftSecurityIncidentCreation rule template properties
	Properties *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplate - Represents MicrosoftSecurityIncidentCreation rule template.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) GetAlertRuleTemplate 

func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplate.

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties 

type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties struct {
	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// the alerts' displayNames on which the cases will not be generated
	DisplayNamesExcludeFilter []*string `json:"displayNamesExcludeFilter,omitempty"`

	// the alerts' displayNames on which the cases will be generated
	DisplayNamesFilter []*string `json:"displayNamesFilter,omitempty"`

	// The alerts' productName on which the cases will be generated
	ProductFilter *MicrosoftSecurityProductName `json:"productFilter,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// the alerts' severities on which the cases will be generated
	SeveritiesFilter []*AlertSeverity `json:"severitiesFilter,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties - MicrosoftSecurityIncidentCreation rule template properties

func (MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON 

func (m MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.

func (*MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON 

func (m *MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties.

type MicrosoftSecurityProductName 

type MicrosoftSecurityProductName string

MicrosoftSecurityProductName - The alerts' productName on which the cases will be generated 

const (
	MicrosoftSecurityProductNameAzureActiveDirectoryIdentityProtection    MicrosoftSecurityProductName = "Azure Active Directory Identity Protection"
	MicrosoftSecurityProductNameAzureAdvancedThreatProtection             MicrosoftSecurityProductName = "Azure Advanced Threat Protection"
	MicrosoftSecurityProductNameAzureSecurityCenter                       MicrosoftSecurityProductName = "Azure Security Center"
	MicrosoftSecurityProductNameAzureSecurityCenterForIoT                 MicrosoftSecurityProductName = "Azure Security Center for IoT"
	MicrosoftSecurityProductNameMicrosoftCloudAppSecurity                 MicrosoftSecurityProductName = "Microsoft Cloud App Security"
	MicrosoftSecurityProductNameMicrosoftDefenderAdvancedThreatProtection MicrosoftSecurityProductName = "Microsoft Defender Advanced Threat Protection"
	MicrosoftSecurityProductNameOffice365AdvancedThreatProtection         MicrosoftSecurityProductName = "Office 365 Advanced Threat Protection"
)

func PossibleMicrosoftSecurityProductNameValues 

func PossibleMicrosoftSecurityProductNameValues() []MicrosoftSecurityProductName

PossibleMicrosoftSecurityProductNameValues returns the possible values for the MicrosoftSecurityProductName const type.

type MtpCheckRequirements 

type MtpCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// MTP (Microsoft Threat Protection) requirements check properties.
	Properties *MTPCheckRequirementsProperties `json:"properties,omitempty"`
}

MtpCheckRequirements - Represents MTP (Microsoft Threat Protection) requirements check request.

func (*MtpCheckRequirements) GetDataConnectorsCheckRequirements 

func (m *MtpCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type MtpCheckRequirements.

func (MtpCheckRequirements) MarshalJSON 

func (m MtpCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type MtpCheckRequirements.

func (*MtpCheckRequirements) UnmarshalJSON 

func (m *MtpCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type MtpCheckRequirements.

type NicEntity 

type NicEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Network interface entity properties
	Properties *NicEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

NicEntity - Represents an network interface entity.

func (*NicEntity) GetEntity 

func (n *NicEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type NicEntity.

func (NicEntity) MarshalJSON 

func (n NicEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NicEntity.

func (*NicEntity) UnmarshalJSON 

func (n *NicEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NicEntity.

type NicEntityProperties 

type NicEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The IP entity id of this network interface
	IPAddressEntityID *string `json:"ipAddressEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The MAC address of this network interface
	MacAddress *string `json:"macAddress,omitempty" azure:"ro"`

	// READ-ONLY; A list of VLANs of the network interface entity.
	Vlans []*string `json:"vlans,omitempty" azure:"ro"`
}

NicEntityProperties - Nic entity property bag.

func (NicEntityProperties) MarshalJSON 

func (n NicEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NicEntityProperties.

func (*NicEntityProperties) UnmarshalJSON 

func (n *NicEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NicEntityProperties.

type NrtAlertRule 

type NrtAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// NRT alert rule properties
	Properties *NrtAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

NrtAlertRule - Represents NRT alert rule.

func (*NrtAlertRule) GetAlertRule 

func (n *NrtAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type NrtAlertRule.

func (NrtAlertRule) MarshalJSON 

func (n NrtAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NrtAlertRule.

func (*NrtAlertRule) UnmarshalJSON 

func (n *NrtAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRule.

type NrtAlertRuleProperties 

type NrtAlertRuleProperties struct {
	// REQUIRED; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`

	// REQUIRED; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`

	// REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`

	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`

	// The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails,omitempty"`

	// The description of the alert rule.
	Description *string `json:"description,omitempty"`

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping `json:"entityMappings,omitempty"`

	// The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`

	// The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The techniques of the alert rule
	Techniques []*string `json:"techniques,omitempty"`

	// The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0
	TemplateVersion *string `json:"templateVersion,omitempty"`

	// READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`
}

NrtAlertRuleProperties - Nrt alert rule base property bag.

func (NrtAlertRuleProperties) MarshalJSON 

func (n NrtAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleProperties.

func (*NrtAlertRuleProperties) UnmarshalJSON 

func (n *NrtAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleProperties.

type NrtAlertRuleTemplate 

type NrtAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// NRT alert rule template properties
	Properties *NrtAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

NrtAlertRuleTemplate - Represents NRT alert rule template.

func (*NrtAlertRuleTemplate) GetAlertRuleTemplate 

func (n *NrtAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type NrtAlertRuleTemplate.

func (NrtAlertRuleTemplate) MarshalJSON 

func (n NrtAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleTemplate.

func (*NrtAlertRuleTemplate) UnmarshalJSON 

func (n *NrtAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleTemplate.

type NrtAlertRuleTemplateProperties 

type NrtAlertRuleTemplateProperties struct {
	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping `json:"entityMappings,omitempty"`

	// The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`

	// The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The techniques of the alert rule
	Techniques []*string `json:"techniques,omitempty"`

	// The version of this template - in format , where all are numbers. For example .
	Version *string `json:"version,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

NrtAlertRuleTemplateProperties - NRT alert rule template properties

func (NrtAlertRuleTemplateProperties) MarshalJSON 

func (n NrtAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type NrtAlertRuleTemplateProperties.

func (*NrtAlertRuleTemplateProperties) UnmarshalJSON 

func (n *NrtAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type NrtAlertRuleTemplateProperties.

type OSFamily 

type OSFamily string

OSFamily - The operating system type. 

const (
	// OSFamilyLinux - Host with Linux operating system.
	OSFamilyLinux OSFamily = "Linux"
	// OSFamilyWindows - Host with Windows operating system.
	OSFamilyWindows OSFamily = "Windows"
	// OSFamilyAndroid - Host with Android operating system.
	OSFamilyAndroid OSFamily = "Android"
	// OSFamilyIOS - Host with IOS operating system.
	OSFamilyIOS OSFamily = "IOS"
	// OSFamilyUnknown - Host with Unknown operating system.
	OSFamilyUnknown OSFamily = "Unknown"
)

func PossibleOSFamilyValues 

func PossibleOSFamilyValues() []OSFamily

PossibleOSFamilyValues returns the possible values for the OSFamily const type.

type Office365ProjectCheckRequirements 

type Office365ProjectCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Office365 Project requirements check properties.
	Properties *Office365ProjectCheckRequirementsProperties `json:"properties,omitempty"`
}

Office365ProjectCheckRequirements - Represents Office365 Project requirements check request.

func (*Office365ProjectCheckRequirements) GetDataConnectorsCheckRequirements 

func (o *Office365ProjectCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type Office365ProjectCheckRequirements.

func (Office365ProjectCheckRequirements) MarshalJSON 

func (o Office365ProjectCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Office365ProjectCheckRequirements.

func (*Office365ProjectCheckRequirements) UnmarshalJSON 

func (o *Office365ProjectCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectCheckRequirements.

type Office365ProjectCheckRequirementsProperties 

type Office365ProjectCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

Office365ProjectCheckRequirementsProperties - Office365 Project requirements check properties.

func (Office365ProjectCheckRequirementsProperties) MarshalJSON 

func (o Office365ProjectCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Office365ProjectCheckRequirementsProperties.

func (*Office365ProjectCheckRequirementsProperties) UnmarshalJSON 

func (o *Office365ProjectCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectCheckRequirementsProperties.

type Office365ProjectConnectorDataTypes 

type Office365ProjectConnectorDataTypes struct {
	// REQUIRED; Logs data type.
	Logs *Office365ProjectConnectorDataTypesLogs `json:"logs,omitempty"`
}

Office365ProjectConnectorDataTypes - The available data types for Office Microsoft Project data connector.

func (Office365ProjectConnectorDataTypes) MarshalJSON 

func (o Office365ProjectConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Office365ProjectConnectorDataTypes.

func (*Office365ProjectConnectorDataTypes) UnmarshalJSON 

func (o *Office365ProjectConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectConnectorDataTypes.

type Office365ProjectConnectorDataTypesLogs 

type Office365ProjectConnectorDataTypesLogs struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

Office365ProjectConnectorDataTypesLogs - Logs data type.

func (Office365ProjectConnectorDataTypesLogs) MarshalJSON 

func (o Office365ProjectConnectorDataTypesLogs) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Office365ProjectConnectorDataTypesLogs.

func (*Office365ProjectConnectorDataTypesLogs) UnmarshalJSON 

func (o *Office365ProjectConnectorDataTypesLogs) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectConnectorDataTypesLogs.

type Office365ProjectDataConnector 

type Office365ProjectDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Office Microsoft Project data connector properties.
	Properties *Office365ProjectDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Office365ProjectDataConnector - Represents Office Microsoft Project data connector.

func (*Office365ProjectDataConnector) GetDataConnector 

func (o *Office365ProjectDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type Office365ProjectDataConnector.

func (Office365ProjectDataConnector) MarshalJSON 

func (o Office365ProjectDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Office365ProjectDataConnector.

func (*Office365ProjectDataConnector) UnmarshalJSON 

func (o *Office365ProjectDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectDataConnector.

type Office365ProjectDataConnectorProperties 

type Office365ProjectDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *Office365ProjectConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

Office365ProjectDataConnectorProperties - Office Microsoft Project data connector properties.

func (Office365ProjectDataConnectorProperties) MarshalJSON 

func (o Office365ProjectDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Office365ProjectDataConnectorProperties.

func (*Office365ProjectDataConnectorProperties) UnmarshalJSON 

func (o *Office365ProjectDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Office365ProjectDataConnectorProperties.

type OfficeATPCheckRequirements 

type OfficeATPCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.
	Properties *OfficeATPCheckRequirementsProperties `json:"properties,omitempty"`
}

OfficeATPCheckRequirements - Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request.

func (*OfficeATPCheckRequirements) GetDataConnectorsCheckRequirements 

func (o *OfficeATPCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficeATPCheckRequirements.

func (OfficeATPCheckRequirements) MarshalJSON 

func (o OfficeATPCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeATPCheckRequirements.

func (*OfficeATPCheckRequirements) UnmarshalJSON 

func (o *OfficeATPCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPCheckRequirements.

type OfficeATPCheckRequirementsProperties 

type OfficeATPCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeATPCheckRequirementsProperties - OfficeATP (Office 365 Advanced Threat Protection) requirements check properties.

func (OfficeATPCheckRequirementsProperties) MarshalJSON 

func (o OfficeATPCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeATPCheckRequirementsProperties.

func (*OfficeATPCheckRequirementsProperties) UnmarshalJSON 

func (o *OfficeATPCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPCheckRequirementsProperties.

type OfficeATPDataConnector 

type OfficeATPDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// OfficeATP (Office 365 Advanced Threat Protection) data connector properties.
	Properties *OfficeATPDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

OfficeATPDataConnector - Represents OfficeATP (Office 365 Advanced Threat Protection) data connector.

func (*OfficeATPDataConnector) GetDataConnector 

func (o *OfficeATPDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type OfficeATPDataConnector.

func (OfficeATPDataConnector) MarshalJSON 

func (o OfficeATPDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeATPDataConnector.

func (*OfficeATPDataConnector) UnmarshalJSON 

func (o *OfficeATPDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPDataConnector.

type OfficeATPDataConnectorProperties 

type OfficeATPDataConnectorProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

OfficeATPDataConnectorProperties - OfficeATP (Office 365 Advanced Threat Protection) data connector properties.

func (OfficeATPDataConnectorProperties) MarshalJSON 

func (o OfficeATPDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeATPDataConnectorProperties.

func (*OfficeATPDataConnectorProperties) UnmarshalJSON 

func (o *OfficeATPDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeATPDataConnectorProperties.

type OfficeConsent 

type OfficeConsent struct {
	// Office consent properties
	Properties *OfficeConsentProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

OfficeConsent - Consent for Office365 tenant that already made.

func (OfficeConsent) MarshalJSON 

func (o OfficeConsent) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeConsent.

func (*OfficeConsent) UnmarshalJSON 

func (o *OfficeConsent) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeConsent.

type OfficeConsentList 

type OfficeConsentList struct {
	// REQUIRED; Array of the consents.
	Value []*OfficeConsent `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of office consents.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

OfficeConsentList - List of all the office365 consents.

func (OfficeConsentList) MarshalJSON 

func (o OfficeConsentList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeConsentList.

func (*OfficeConsentList) UnmarshalJSON 

func (o *OfficeConsentList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeConsentList.

type OfficeConsentProperties 

type OfficeConsentProperties struct {
	// Help to easily cascade among the data layers.
	ConsentID *string `json:"consentId,omitempty"`

	// The tenantId of the Office365 with the consent.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeConsentProperties - Consent property bag.

func (OfficeConsentProperties) MarshalJSON 

func (o OfficeConsentProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeConsentProperties.

func (*OfficeConsentProperties) UnmarshalJSON 

func (o *OfficeConsentProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeConsentProperties.

type OfficeConsentsClient 

type OfficeConsentsClient struct {
	// contains filtered or unexported fields
}

OfficeConsentsClient contains the methods for the OfficeConsents group. Don't use this type directly, use NewOfficeConsentsClient() instead.

func NewOfficeConsentsClient 

func NewOfficeConsentsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*OfficeConsentsClient, error)

NewOfficeConsentsClient creates a new instance of OfficeConsentsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*OfficeConsentsClient) Delete 

func (client *OfficeConsentsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientDeleteOptions) (OfficeConsentsClientDeleteResponse, error)

Delete - Delete the office365 consent. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • consentID - consent ID
  • options - OfficeConsentsClientDeleteOptions contains the optional parameters for the OfficeConsentsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/officeConsents/DeleteOfficeConsents.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewOfficeConsentsClient().Delete(ctx, "myRg", "myWorkspace", "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*OfficeConsentsClient) Get 

func (client *OfficeConsentsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, consentID string, options *OfficeConsentsClientGetOptions) (OfficeConsentsClientGetResponse, error)

Get - Gets an office365 consent. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • consentID - consent ID
  • options - OfficeConsentsClientGetOptions contains the optional parameters for the OfficeConsentsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/officeConsents/GetOfficeConsentsById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewOfficeConsentsClient().Get(ctx, "myRg", "myWorkspace", "04e5fd05-ff86-4b97-b8d2-1c20933cb46c", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.OfficeConsent = armsecurityinsights.OfficeConsent{
// 	Name: to.Ptr("04e5fd05-ff86-4b97-b8d2-1c20933cb46c"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/officeConsents"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c"),
// 	Properties: &armsecurityinsights.OfficeConsentProperties{
// 		ConsentID: to.Ptr("04e5fd05-ff86-4b97-b8d2-1c20933cb46c"),
// 		TenantID: to.Ptr("5460b3d2-1e7b-4757-ad54-c858c7e3f252"),
// 	},
// }

Output:

func (*OfficeConsentsClient) NewListPager 

func (client *OfficeConsentsClient) NewListPager(resourceGroupName string, workspaceName string, options *OfficeConsentsClientListOptions) *runtime.Pager[OfficeConsentsClientListResponse]

NewListPager - Gets all office365 consents.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - OfficeConsentsClientListOptions contains the optional parameters for the OfficeConsentsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/officeConsents/GetOfficeConsents.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewOfficeConsentsClient().NewListPager("myRg", "myWorkspace", nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.OfficeConsentList = armsecurityinsights.OfficeConsentList{
	// 	Value: []*armsecurityinsights.OfficeConsent{
	// 		{
	// 			Name: to.Ptr("04e5fd05-ff86-4b97-b8d2-1c20933cb46c"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/officeConsents"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/officeConsents/04e5fd05-ff86-4b97-b8d2-1c20933cb46c"),
	// 			Properties: &armsecurityinsights.OfficeConsentProperties{
	// 				ConsentID: to.Ptr("04e5fd05-ff86-4b97-b8d2-1c20933cb46c"),
	// 				TenantID: to.Ptr("5460b3d2-1e7b-4757-ad54-c858c7e3f252"),
	// 			},
	// 	}},
	// }
}

Output:

type OfficeConsentsClientDeleteOptions 

type OfficeConsentsClientDeleteOptions struct {
}

OfficeConsentsClientDeleteOptions contains the optional parameters for the OfficeConsentsClient.Delete method.

type OfficeConsentsClientDeleteResponse 

type OfficeConsentsClientDeleteResponse struct {
}

OfficeConsentsClientDeleteResponse contains the response from method OfficeConsentsClient.Delete.

type OfficeConsentsClientGetOptions 

type OfficeConsentsClientGetOptions struct {
}

OfficeConsentsClientGetOptions contains the optional parameters for the OfficeConsentsClient.Get method.

type OfficeConsentsClientGetResponse 

type OfficeConsentsClientGetResponse struct {
	OfficeConsent
}

OfficeConsentsClientGetResponse contains the response from method OfficeConsentsClient.Get.

type OfficeConsentsClientListOptions 

type OfficeConsentsClientListOptions struct {
}

OfficeConsentsClientListOptions contains the optional parameters for the OfficeConsentsClient.NewListPager method.

type OfficeConsentsClientListResponse 

type OfficeConsentsClientListResponse struct {
	OfficeConsentList
}

OfficeConsentsClientListResponse contains the response from method OfficeConsentsClient.NewListPager.

type OfficeDataConnector 

type OfficeDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Office data connector properties.
	Properties *OfficeDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

OfficeDataConnector - Represents office data connector.

func (*OfficeDataConnector) GetDataConnector 

func (o *OfficeDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type OfficeDataConnector.

func (OfficeDataConnector) MarshalJSON 

func (o OfficeDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnector.

func (*OfficeDataConnector) UnmarshalJSON 

func (o *OfficeDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnector.

type OfficeDataConnectorDataTypes 

type OfficeDataConnectorDataTypes struct {
	// REQUIRED; Exchange data type connection.
	Exchange *OfficeDataConnectorDataTypesExchange `json:"exchange,omitempty"`

	// REQUIRED; SharePoint data type connection.
	SharePoint *OfficeDataConnectorDataTypesSharePoint `json:"sharePoint,omitempty"`

	// REQUIRED; Teams data type connection.
	Teams *OfficeDataConnectorDataTypesTeams `json:"teams,omitempty"`
}

OfficeDataConnectorDataTypes - The available data types for office data connector.

func (OfficeDataConnectorDataTypes) MarshalJSON 

func (o OfficeDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypes.

func (*OfficeDataConnectorDataTypes) UnmarshalJSON 

func (o *OfficeDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypes.

type OfficeDataConnectorDataTypesExchange 

type OfficeDataConnectorDataTypesExchange struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesExchange - Exchange data type connection.

func (OfficeDataConnectorDataTypesExchange) MarshalJSON 

func (o OfficeDataConnectorDataTypesExchange) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesExchange.

func (*OfficeDataConnectorDataTypesExchange) UnmarshalJSON 

func (o *OfficeDataConnectorDataTypesExchange) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesExchange.

type OfficeDataConnectorDataTypesSharePoint 

type OfficeDataConnectorDataTypesSharePoint struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesSharePoint - SharePoint data type connection.

func (OfficeDataConnectorDataTypesSharePoint) MarshalJSON 

func (o OfficeDataConnectorDataTypesSharePoint) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesSharePoint.

func (*OfficeDataConnectorDataTypesSharePoint) UnmarshalJSON 

func (o *OfficeDataConnectorDataTypesSharePoint) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesSharePoint.

type OfficeDataConnectorDataTypesTeams 

type OfficeDataConnectorDataTypesTeams struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

OfficeDataConnectorDataTypesTeams - Teams data type connection.

func (OfficeDataConnectorDataTypesTeams) MarshalJSON 

func (o OfficeDataConnectorDataTypesTeams) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorDataTypesTeams.

func (*OfficeDataConnectorDataTypesTeams) UnmarshalJSON 

func (o *OfficeDataConnectorDataTypesTeams) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorDataTypesTeams.

type OfficeDataConnectorProperties 

type OfficeDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *OfficeDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeDataConnectorProperties - Office data connector properties.

func (OfficeDataConnectorProperties) MarshalJSON 

func (o OfficeDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeDataConnectorProperties.

func (*OfficeDataConnectorProperties) UnmarshalJSON 

func (o *OfficeDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeDataConnectorProperties.

type OfficeIRMCheckRequirements 

type OfficeIRMCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// OfficeIRM (Microsoft Insider Risk Management) requirements check properties.
	Properties *OfficeIRMCheckRequirementsProperties `json:"properties,omitempty"`
}

OfficeIRMCheckRequirements - Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request.

func (*OfficeIRMCheckRequirements) GetDataConnectorsCheckRequirements 

func (o *OfficeIRMCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficeIRMCheckRequirements.

func (OfficeIRMCheckRequirements) MarshalJSON 

func (o OfficeIRMCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeIRMCheckRequirements.

func (*OfficeIRMCheckRequirements) UnmarshalJSON 

func (o *OfficeIRMCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMCheckRequirements.

type OfficeIRMCheckRequirementsProperties 

type OfficeIRMCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficeIRMCheckRequirementsProperties - OfficeIRM (Microsoft Insider Risk Management) requirements check properties.

func (OfficeIRMCheckRequirementsProperties) MarshalJSON 

func (o OfficeIRMCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeIRMCheckRequirementsProperties.

func (*OfficeIRMCheckRequirementsProperties) UnmarshalJSON 

func (o *OfficeIRMCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMCheckRequirementsProperties.

type OfficeIRMDataConnector 

type OfficeIRMDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// OfficeIRM (Microsoft Insider Risk Management) data connector properties.
	Properties *OfficeIRMDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

OfficeIRMDataConnector - Represents OfficeIRM (Microsoft Insider Risk Management) data connector.

func (*OfficeIRMDataConnector) GetDataConnector 

func (o *OfficeIRMDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type OfficeIRMDataConnector.

func (OfficeIRMDataConnector) MarshalJSON 

func (o OfficeIRMDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeIRMDataConnector.

func (*OfficeIRMDataConnector) UnmarshalJSON 

func (o *OfficeIRMDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMDataConnector.

type OfficeIRMDataConnectorProperties 

type OfficeIRMDataConnectorProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The available data types for the connector.
	DataTypes *AlertsDataTypeOfDataConnector `json:"dataTypes,omitempty"`
}

OfficeIRMDataConnectorProperties - OfficeIRM (Microsoft Insider Risk Management) data connector properties.

func (OfficeIRMDataConnectorProperties) MarshalJSON 

func (o OfficeIRMDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficeIRMDataConnectorProperties.

func (*OfficeIRMDataConnectorProperties) UnmarshalJSON 

func (o *OfficeIRMDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficeIRMDataConnectorProperties.

type OfficePowerBICheckRequirements 

type OfficePowerBICheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Office Power BI requirements check properties.
	Properties *OfficePowerBICheckRequirementsProperties `json:"properties,omitempty"`
}

OfficePowerBICheckRequirements - Represents Office PowerBI requirements check request.

func (*OfficePowerBICheckRequirements) GetDataConnectorsCheckRequirements 

func (o *OfficePowerBICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type OfficePowerBICheckRequirements.

func (OfficePowerBICheckRequirements) MarshalJSON 

func (o OfficePowerBICheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficePowerBICheckRequirements.

func (*OfficePowerBICheckRequirements) UnmarshalJSON 

func (o *OfficePowerBICheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBICheckRequirements.

type OfficePowerBICheckRequirementsProperties 

type OfficePowerBICheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficePowerBICheckRequirementsProperties - Office PowerBI requirements check properties.

func (OfficePowerBICheckRequirementsProperties) MarshalJSON 

func (o OfficePowerBICheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficePowerBICheckRequirementsProperties.

func (*OfficePowerBICheckRequirementsProperties) UnmarshalJSON 

func (o *OfficePowerBICheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBICheckRequirementsProperties.

type OfficePowerBIConnectorDataTypes 

type OfficePowerBIConnectorDataTypes struct {
	// REQUIRED; Logs data type.
	Logs *OfficePowerBIConnectorDataTypesLogs `json:"logs,omitempty"`
}

OfficePowerBIConnectorDataTypes - The available data types for Office Microsoft PowerBI data connector.

func (OfficePowerBIConnectorDataTypes) MarshalJSON 

func (o OfficePowerBIConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficePowerBIConnectorDataTypes.

func (*OfficePowerBIConnectorDataTypes) UnmarshalJSON 

func (o *OfficePowerBIConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBIConnectorDataTypes.

type OfficePowerBIConnectorDataTypesLogs 

type OfficePowerBIConnectorDataTypesLogs struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

OfficePowerBIConnectorDataTypesLogs - Logs data type.

func (OfficePowerBIConnectorDataTypesLogs) MarshalJSON 

func (o OfficePowerBIConnectorDataTypesLogs) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficePowerBIConnectorDataTypesLogs.

func (*OfficePowerBIConnectorDataTypesLogs) UnmarshalJSON 

func (o *OfficePowerBIConnectorDataTypesLogs) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBIConnectorDataTypesLogs.

type OfficePowerBIDataConnector 

type OfficePowerBIDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Office Microsoft PowerBI data connector properties.
	Properties *OfficePowerBIDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

OfficePowerBIDataConnector - Represents Office Microsoft PowerBI data connector.

func (*OfficePowerBIDataConnector) GetDataConnector 

func (o *OfficePowerBIDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type OfficePowerBIDataConnector.

func (OfficePowerBIDataConnector) MarshalJSON 

func (o OfficePowerBIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficePowerBIDataConnector.

func (*OfficePowerBIDataConnector) UnmarshalJSON 

func (o *OfficePowerBIDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBIDataConnector.

type OfficePowerBIDataConnectorProperties 

type OfficePowerBIDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *OfficePowerBIConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

OfficePowerBIDataConnectorProperties - Office Microsoft PowerBI data connector properties.

func (OfficePowerBIDataConnectorProperties) MarshalJSON 

func (o OfficePowerBIDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OfficePowerBIDataConnectorProperties.

func (*OfficePowerBIDataConnectorProperties) UnmarshalJSON 

func (o *OfficePowerBIDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OfficePowerBIDataConnectorProperties.

type Operation 

type Operation struct {
	// Properties of the operation
	Display *OperationDisplay `json:"display,omitempty"`

	// Indicates whether the operation is a data action
	IsDataAction *bool `json:"isDataAction,omitempty"`

	// Name of the operation
	Name *string `json:"name,omitempty"`

	// The origin of the operation
	Origin *string `json:"origin,omitempty"`
}

Operation provided by provider

func (Operation) MarshalJSON 

func (o Operation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Operation.

func (*Operation) UnmarshalJSON 

func (o *Operation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Operation.

type OperationDisplay 

type OperationDisplay struct {
	// Description of the operation
	Description *string `json:"description,omitempty"`

	// Operation name
	Operation *string `json:"operation,omitempty"`

	// Provider name
	Provider *string `json:"provider,omitempty"`

	// Resource name
	Resource *string `json:"resource,omitempty"`
}

OperationDisplay - Properties of the operation

func (OperationDisplay) MarshalJSON 

func (o OperationDisplay) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OperationDisplay.

func (*OperationDisplay) UnmarshalJSON 

func (o *OperationDisplay) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OperationDisplay.

type OperationsClient 

type OperationsClient struct {
	// contains filtered or unexported fields
}

OperationsClient contains the methods for the Operations group. Don't use this type directly, use NewOperationsClient() instead.

func NewOperationsClient 

func NewOperationsClient(credential azcore.TokenCredential, options *arm.ClientOptions) (*OperationsClient, error)

NewOperationsClient creates a new instance of OperationsClient with the specified values.

  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*OperationsClient) NewListPager 

func (client *OperationsClient) NewListPager(options *OperationsClientListOptions) *runtime.Pager[OperationsClientListResponse]

NewListPager - Lists all operations available Azure Security Insights Resource Provider.

Generated from API version 2022-09-01-preview

  • options - OperationsClientListOptions contains the optional parameters for the OperationsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/operations/ListOperations.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewOperationsClient().NewListPager(nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.OperationsList = armsecurityinsights.OperationsList{
	// 	Value: []*armsecurityinsights.Operation{
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/operations/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets operations"),
	// 				Operation: to.Ptr("Get Operations"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Operations"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/automationRules/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets an automation rule"),
	// 				Operation: to.Ptr("Get Automation Rules"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("AutomationRules"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/automationRules/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates an automation rule"),
	// 				Operation: to.Ptr("Update Automation Rules"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("AutomationRules"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/automationRules/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes an automation rule"),
	// 				Operation: to.Ptr("Delete Automation Rules"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("AutomationRules"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets bookmarks"),
	// 				Operation: to.Ptr("Get Bookmarks"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Bookmarks"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates bookmarks"),
	// 				Operation: to.Ptr("Update Bookmarks"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Bookmarks"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes bookmarks"),
	// 				Operation: to.Ptr("Delete Bookmarks"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Bookmarks"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/Bookmarks/expand/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets related entities of an entity by a specific expansion"),
	// 				Operation: to.Ptr("Expand on entity"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Bookmarks"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets a bookmark relation"),
	// 				Operation: to.Ptr("Get Bookmark Relations"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Bookmark Relations"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates a bookmark relation"),
	// 				Operation: to.Ptr("Update Bookmark Relations"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Bookmark Relations"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/bookmarks/relations/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes a bookmark relation"),
	// 				Operation: to.Ptr("Delete Bookmark Relations"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Bookmark Relations"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets the alert rules"),
	// 				Operation: to.Ptr("Get Alert Rules"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Alert Rules"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates alert rules"),
	// 				Operation: to.Ptr("Update Alert Rules"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Alert Rules"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes alert rules"),
	// 				Operation: to.Ptr("Delete Alert Rules"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Alert Rules"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/actions/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets the response actions of an alert rule"),
	// 				Operation: to.Ptr("Get Alert Rule Response Actions"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Alert Rules Actions"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/actions/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates the response actions of an alert rule"),
	// 				Operation: to.Ptr("Update Alert Rule Response Actions"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Alert Rules Actions"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/alertRules/actions/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes the response actions of an alert rule"),
	// 				Operation: to.Ptr("Delete Alert Rule Response Actions"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Alert Rules Actions"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/dataConnectors/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets the data connectors"),
	// 				Operation: to.Ptr("Get Data Connectors"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("DataConnectors"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/dataConnectors/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates a data connector"),
	// 				Operation: to.Ptr("Update Data Connectors"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("DataConnectors"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/dataConnectors/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes a data connector"),
	// 				Operation: to.Ptr("Delete a Data Connector"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("DataConnectors"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Check user authorization and license"),
	// 				Operation: to.Ptr("Check user authorization and license"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("DataConnectorsCheckRequirements"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets an incident"),
	// 				Operation: to.Ptr("Get Incidents"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Incidents"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates an incident"),
	// 				Operation: to.Ptr("Update Incidents"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Incidents"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes an incident"),
	// 				Operation: to.Ptr("Delete Incidents"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Incidents"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/comments/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets the incident comments"),
	// 				Operation: to.Ptr("Get Incident Comments"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Incident Comments"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/comments/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Creates a comment on the incident"),
	// 				Operation: to.Ptr("Create Incident Comments"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Incident Comments"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/comments/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes a comment on the incident"),
	// 				Operation: to.Ptr("Delete Incident Comment"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Incident Comments"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/relations/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets a relation between the incident and related resources"),
	// 				Operation: to.Ptr("Get Incident Relations"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Incident Relations"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/relations/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates a relation between the incident and related resources"),
	// 				Operation: to.Ptr("Update Incident Relations"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Incident Relations"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/incidents/relations/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes a relation between the incident and related resources"),
	// 				Operation: to.Ptr("Delete Incident Relations"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Incident Relations"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets Threat Intelligence"),
	// 				Operation: to.Ptr("Get Threat Intelligence"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates Threat Intelligence"),
	// 				Operation: to.Ptr("Update Threat Intelligence"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes Threat Intelligence"),
	// 				Operation: to.Ptr("Delete Threat Intelligence"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/query/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Query Threat Intelligence"),
	// 				Operation: to.Ptr("Query Threat Intelligence"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/metrics/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Collect Threat Intelligence Metrics"),
	// 				Operation: to.Ptr("Collect Threat Intelligence Metrics"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/bulkDelete/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Bulk Delete Threat Intelligence"),
	// 				Operation: to.Ptr("Bulk Delete Threat Intelligence"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/bulkTag/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Bulk Tags Threat Intelligence"),
	// 				Operation: to.Ptr("Bulk Tags Threat Intelligence"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates Threat Intelligence Indicators"),
	// 				Operation: to.Ptr("Update Threat Intelligence Indicators"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes Threat Intelligence Indicators"),
	// 				Operation: to.Ptr("Delete Threat Intelligence Indicators"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/query/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Query Threat Intelligence Indicators"),
	// 				Operation: to.Ptr("Query Threat Intelligence Indicators"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Get Threat Intelligence Indicator Metrics"),
	// 				Operation: to.Ptr("Get Threat Intelligence Indicator Metrics"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Bulk Delete Threat Intelligence Indicators"),
	// 				Operation: to.Ptr("Bulk Delete Threat Intelligence Indicators"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Bulk Tags Threat Intelligence Indicators"),
	// 				Operation: to.Ptr("Bulk Tags Threat Intelligence Indicators"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets Threat Intelligence Indicators"),
	// 				Operation: to.Ptr("Get Threat Intelligence Indicators"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/metrics/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Collect Threat Intelligence Metrics"),
	// 				Operation: to.Ptr("Collect Threat Intelligence Metrics"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/createIndicator/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Create Threat Intelligence Indicator"),
	// 				Operation: to.Ptr("Create Threat Intelligence Indicator"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Append tags to Threat Intelligence Indicator"),
	// 				Operation: to.Ptr("Append tags to Threat Intelligence Indicator"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Replace Tags of Threat Intelligence Indicator"),
	// 				Operation: to.Ptr("Replace Tags of Threat Intelligence Indicator"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/threatintelligence/queryIndicators/action"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Query Threat Intelligence Indicators"),
	// 				Operation: to.Ptr("Query Threat Intelligence Indicators"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("ThreatIntelligence"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/Watchlists/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets Watchlists"),
	// 				Operation: to.Ptr("Get Watchlists"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Watchlists"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/Watchlists/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Create Watchlists"),
	// 				Operation: to.Ptr("Create Watchlists"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Watchlists"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/Watchlists/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes Watchlists"),
	// 				Operation: to.Ptr("Delete Watchlists"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Watchlists"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/onboardingStates/read"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Gets an onboarding state"),
	// 				Operation: to.Ptr("Get Onboarding States"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Onboarding States"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/onboardingStates/write"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Updates an onboarding state"),
	// 				Operation: to.Ptr("Update Onboarding States"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Onboarding States"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 		},
	// 		{
	// 			Name: to.Ptr("Microsoft.SecurityInsights/onboardingStates/delete"),
	// 			Display: &armsecurityinsights.OperationDisplay{
	// 				Description: to.Ptr("Deletes an onboarding state"),
	// 				Operation: to.Ptr("Delete Onboarding States"),
	// 				Provider: to.Ptr("Microsoft Security Insights"),
	// 				Resource: to.Ptr("Onboarding States"),
	// 			},
	// 			Origin: to.Ptr("user"),
	// 	}},
	// }
}

Output:

type OperationsClientListOptions 

type OperationsClientListOptions struct {
}

OperationsClientListOptions contains the optional parameters for the OperationsClient.NewListPager method.

type OperationsClientListResponse 

type OperationsClientListResponse struct {
	OperationsList
}

OperationsClientListResponse contains the response from method OperationsClient.NewListPager.

type OperationsList 

type OperationsList struct {
	// REQUIRED; Array of operations
	Value []*Operation `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of operations.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

OperationsList - Lists the operations available in the SecurityInsights RP.

func (OperationsList) MarshalJSON 

func (o OperationsList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type OperationsList.

func (*OperationsList) UnmarshalJSON 

func (o *OperationsList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type OperationsList.

type Operator 

type Operator string

Operator - Operator used for list of dependencies in criteria array. 

const (
	OperatorAND Operator = "AND"
	OperatorOR  Operator = "OR"
)

func PossibleOperatorValues 

func PossibleOperatorValues() []Operator

PossibleOperatorValues returns the possible values for the Operator const type.

type OutputType 

type OutputType string

OutputType - Insights Column type. 

const (
	OutputTypeDate   OutputType = "Date"
	OutputTypeEntity OutputType = "Entity"
	OutputTypeNumber OutputType = "Number"
	OutputTypeString OutputType = "String"
)

func PossibleOutputTypeValues 

func PossibleOutputTypeValues() []OutputType

PossibleOutputTypeValues returns the possible values for the OutputType const type.

type OwnerType 

type OwnerType string

OwnerType - The type of the owner the incident is assigned to. 

const (
	// OwnerTypeGroup - The incident owner type is an AAD group
	OwnerTypeGroup OwnerType = "Group"
	// OwnerTypeUnknown - The incident owner type is unknown
	OwnerTypeUnknown OwnerType = "Unknown"
	// OwnerTypeUser - The incident owner type is an AAD user
	OwnerTypeUser OwnerType = "User"
)

func PossibleOwnerTypeValues 

func PossibleOwnerTypeValues() []OwnerType

PossibleOwnerTypeValues returns the possible values for the OwnerType const type.

type PermissionProviderScope 

type PermissionProviderScope string

PermissionProviderScope - Permission provider scope 

const (
	PermissionProviderScopeResourceGroup PermissionProviderScope = "ResourceGroup"
	PermissionProviderScopeSubscription  PermissionProviderScope = "Subscription"
	PermissionProviderScopeWorkspace     PermissionProviderScope = "Workspace"
)

func PossiblePermissionProviderScopeValues 

func PossiblePermissionProviderScopeValues() []PermissionProviderScope

PossiblePermissionProviderScopeValues returns the possible values for the PermissionProviderScope const type.

type Permissions 

type Permissions struct {
	// Customs permissions required for the connector
	Customs []*PermissionsCustomsItem `json:"customs,omitempty"`

	// Resource provider permissions required for the connector
	ResourceProvider []*PermissionsResourceProviderItem `json:"resourceProvider,omitempty"`
}

Permissions required for the connector

func (Permissions) MarshalJSON 

func (p Permissions) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Permissions.

func (*Permissions) UnmarshalJSON 

func (p *Permissions) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Permissions.

type PermissionsCustomsItem 

type PermissionsCustomsItem struct {
	// Customs permissions description
	Description *string `json:"description,omitempty"`

	// Customs permissions name
	Name *string `json:"name,omitempty"`
}

func (PermissionsCustomsItem) MarshalJSON 

func (p PermissionsCustomsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type PermissionsCustomsItem.

func (*PermissionsCustomsItem) UnmarshalJSON 

func (p *PermissionsCustomsItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type PermissionsCustomsItem.

type PermissionsResourceProviderItem 

type PermissionsResourceProviderItem struct {
	// Permission description text
	PermissionsDisplayText *string `json:"permissionsDisplayText,omitempty"`

	// Provider name
	Provider *ProviderName `json:"provider,omitempty"`

	// Permission provider display name
	ProviderDisplayName *string `json:"providerDisplayName,omitempty"`

	// Required permissions for the connector
	RequiredPermissions *RequiredPermissions `json:"requiredPermissions,omitempty"`

	// Permission provider scope
	Scope *PermissionProviderScope `json:"scope,omitempty"`
}

func (PermissionsResourceProviderItem) MarshalJSON 

func (p PermissionsResourceProviderItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type PermissionsResourceProviderItem.

func (*PermissionsResourceProviderItem) UnmarshalJSON 

func (p *PermissionsResourceProviderItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type PermissionsResourceProviderItem.

type PlaybookActionProperties 

type PlaybookActionProperties struct {
	// The resource id of the playbook resource.
	LogicAppResourceID *string `json:"logicAppResourceId,omitempty"`

	// The tenant id of the playbook resource.
	TenantID *string `json:"tenantId,omitempty"`
}

func (PlaybookActionProperties) MarshalJSON 

func (p PlaybookActionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type PlaybookActionProperties.

func (*PlaybookActionProperties) UnmarshalJSON 

func (p *PlaybookActionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type PlaybookActionProperties.

type PollingFrequency 

type PollingFrequency string

PollingFrequency - The polling frequency for the TAXII server. 

const (
	// PollingFrequencyOnceADay - Once a day
	PollingFrequencyOnceADay PollingFrequency = "OnceADay"
	// PollingFrequencyOnceAMinute - Once a minute
	PollingFrequencyOnceAMinute PollingFrequency = "OnceAMinute"
	// PollingFrequencyOnceAnHour - Once an hour
	PollingFrequencyOnceAnHour PollingFrequency = "OnceAnHour"
)

func PossiblePollingFrequencyValues 

func PossiblePollingFrequencyValues() []PollingFrequency

PossiblePollingFrequencyValues returns the possible values for the PollingFrequency const type.

type ProcessEntity 

type ProcessEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Process entity properties
	Properties *ProcessEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ProcessEntity - Represents a process entity.

func (*ProcessEntity) GetEntity 

func (p *ProcessEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type ProcessEntity.

func (ProcessEntity) MarshalJSON 

func (p ProcessEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ProcessEntity.

func (*ProcessEntity) UnmarshalJSON 

func (p *ProcessEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntity.

type ProcessEntityProperties 

type ProcessEntityProperties struct {
	// The elevation token associated with the process.
	ElevationToken *ElevationToken `json:"elevationToken,omitempty"`

	// READ-ONLY; The account entity id running the processes.
	AccountEntityID *string `json:"accountEntityId,omitempty" azure:"ro"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The command line used to create the process
	CommandLine *string `json:"commandLine,omitempty" azure:"ro"`

	// READ-ONLY; The time when the process started to run
	CreationTimeUTC *time.Time `json:"creationTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The host entity id on which the process was running
	HostEntityID *string `json:"hostEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The session entity id in which the process was running
	HostLogonSessionEntityID *string `json:"hostLogonSessionEntityId,omitempty" azure:"ro"`

	// READ-ONLY; Image file entity id
	ImageFileEntityID *string `json:"imageFileEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The parent process entity id.
	ParentProcessEntityID *string `json:"parentProcessEntityId,omitempty" azure:"ro"`

	// READ-ONLY; The process ID
	ProcessID *string `json:"processId,omitempty" azure:"ro"`
}

ProcessEntityProperties - Process entity property bag.

func (ProcessEntityProperties) MarshalJSON 

func (p ProcessEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ProcessEntityProperties.

func (*ProcessEntityProperties) UnmarshalJSON 

func (p *ProcessEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ProcessEntityProperties.

type ProductSettingsClient 

type ProductSettingsClient struct {
	// contains filtered or unexported fields
}

ProductSettingsClient contains the methods for the ProductSettings group. Don't use this type directly, use NewProductSettingsClient() instead.

func NewProductSettingsClient 

func NewProductSettingsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ProductSettingsClient, error)

NewProductSettingsClient creates a new instance of ProductSettingsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ProductSettingsClient) Delete 

func (client *ProductSettingsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientDeleteOptions) (ProductSettingsClientDeleteResponse, error)

Delete - Delete setting of the product. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba
  • options - ProductSettingsClientDeleteOptions contains the optional parameters for the ProductSettingsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/settings/DeleteEyesOnSetting.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewProductSettingsClient().Delete(ctx, "myRg", "myWorkspace", "EyesOn", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*ProductSettingsClient) Get 

func (client *ProductSettingsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, options *ProductSettingsClientGetOptions) (ProductSettingsClientGetResponse, error)

Get - Gets a setting. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba
  • options - ProductSettingsClientGetOptions contains the optional parameters for the ProductSettingsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/settings/GetEyesOnSetting.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewProductSettingsClient().Get(ctx, "myRg", "myWorkspace", "EyesOn", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.ProductSettingsClientGetResponse{
// 	                            SettingsClassification: &armsecurityinsights.EyesOn{
// 		Name: to.Ptr("EyesOn"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/settings"),
// 		ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn"),
// 		Kind: to.Ptr(armsecurityinsights.SettingKindEyesOn),
// 		Properties: &armsecurityinsights.EyesOnSettingsProperties{
// 			IsEnabled: to.Ptr(true),
// 		},
// 	},
// 	                        }

Output:

func (*ProductSettingsClient) List 

func (client *ProductSettingsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *ProductSettingsClientListOptions) (ProductSettingsClientListResponse, error)

List - List of all the settings If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - ProductSettingsClientListOptions contains the optional parameters for the ProductSettingsClient.List method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/settings/GetAllSettings.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewProductSettingsClient().List(ctx, "myRg", "myWorkspace", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.SettingList = armsecurityinsights.SettingList{
// 	Value: []armsecurityinsights.SettingsClassification{
// 		&armsecurityinsights.EyesOn{
// 			Name: to.Ptr("EyesOn"),
// 			Type: to.Ptr("Microsoft.SecurityInsights/settings"),
// 			ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn"),
// 			Kind: to.Ptr(armsecurityinsights.SettingKindEyesOn),
// 			Properties: &armsecurityinsights.EyesOnSettingsProperties{
// 				IsEnabled: to.Ptr(true),
// 			},
// 	}},
// }

Output:

func (*ProductSettingsClient) Update 

func (client *ProductSettingsClient) Update(ctx context.Context, resourceGroupName string, workspaceName string, settingsName string, settings SettingsClassification, options *ProductSettingsClientUpdateOptions) (ProductSettingsClientUpdateResponse, error)

Update - Updates setting. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • settingsName - The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba
  • settings - The setting
  • options - ProductSettingsClientUpdateOptions contains the optional parameters for the ProductSettingsClient.Update method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/settings/UpdateEyesOnSetting.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewProductSettingsClient().Update(ctx, "myRg", "myWorkspace", "EyesOn", &armsecurityinsights.EyesOn{
	Etag:       to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Kind:       to.Ptr(armsecurityinsights.SettingKindEyesOn),
	Properties: &armsecurityinsights.EyesOnSettingsProperties{},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.ProductSettingsClientUpdateResponse{
// 	                            SettingsClassification: &armsecurityinsights.EyesOn{
// 		Name: to.Ptr("EyesOn"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/settings"),
// 		ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/mms-eus/providers/Microsoft.OperationalInsights/workspaces/avdvirInt/providers/Microsoft.SecurityInsights/settings/EyesOn"),
// 		Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 		Kind: to.Ptr(armsecurityinsights.SettingKindEyesOn),
// 		Properties: &armsecurityinsights.EyesOnSettingsProperties{
// 			IsEnabled: to.Ptr(true),
// 		},
// 	},
// 	                        }

Output:

type ProductSettingsClientDeleteOptions 

type ProductSettingsClientDeleteOptions struct {
}

ProductSettingsClientDeleteOptions contains the optional parameters for the ProductSettingsClient.Delete method.

type ProductSettingsClientDeleteResponse 

type ProductSettingsClientDeleteResponse struct {
}

ProductSettingsClientDeleteResponse contains the response from method ProductSettingsClient.Delete.

type ProductSettingsClientGetOptions 

type ProductSettingsClientGetOptions struct {
}

ProductSettingsClientGetOptions contains the optional parameters for the ProductSettingsClient.Get method.

type ProductSettingsClientGetResponse 

type ProductSettingsClientGetResponse struct {
	SettingsClassification
}

ProductSettingsClientGetResponse contains the response from method ProductSettingsClient.Get.

func (*ProductSettingsClientGetResponse) UnmarshalJSON 

func (p *ProductSettingsClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ProductSettingsClientGetResponse.

type ProductSettingsClientListOptions 

type ProductSettingsClientListOptions struct {
}

ProductSettingsClientListOptions contains the optional parameters for the ProductSettingsClient.List method.

type ProductSettingsClientListResponse 

type ProductSettingsClientListResponse struct {
	SettingList
}

ProductSettingsClientListResponse contains the response from method ProductSettingsClient.List.

type ProductSettingsClientUpdateOptions 

type ProductSettingsClientUpdateOptions struct {
}

ProductSettingsClientUpdateOptions contains the optional parameters for the ProductSettingsClient.Update method.

type ProductSettingsClientUpdateResponse 

type ProductSettingsClientUpdateResponse struct {
	SettingsClassification
}

ProductSettingsClientUpdateResponse contains the response from method ProductSettingsClient.Update.

func (*ProductSettingsClientUpdateResponse) UnmarshalJSON 

func (p *ProductSettingsClientUpdateResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ProductSettingsClientUpdateResponse.

type PropertyArrayChangedConditionProperties 

type PropertyArrayChangedConditionProperties struct {
	// REQUIRED
	ConditionType       *ConditionType                                     `json:"conditionType,omitempty"`
	ConditionProperties *AutomationRulePropertyArrayChangedValuesCondition `json:"conditionProperties,omitempty"`
}

PropertyArrayChangedConditionProperties - Describes an automation rule condition that evaluates an array property's value change

func (*PropertyArrayChangedConditionProperties) GetAutomationRuleCondition 

func (p *PropertyArrayChangedConditionProperties) GetAutomationRuleCondition() *AutomationRuleCondition

GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type PropertyArrayChangedConditionProperties.

func (PropertyArrayChangedConditionProperties) MarshalJSON 

func (p PropertyArrayChangedConditionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type PropertyArrayChangedConditionProperties.

func (*PropertyArrayChangedConditionProperties) UnmarshalJSON 

func (p *PropertyArrayChangedConditionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type PropertyArrayChangedConditionProperties.

type PropertyArrayConditionProperties 

type PropertyArrayConditionProperties struct {
	// REQUIRED
	ConditionType       *ConditionType                              `json:"conditionType,omitempty"`
	ConditionProperties *AutomationRulePropertyArrayValuesCondition `json:"conditionProperties,omitempty"`
}

PropertyArrayConditionProperties - Describes an automation rule condition that evaluates an array property's value

func (*PropertyArrayConditionProperties) GetAutomationRuleCondition 

func (p *PropertyArrayConditionProperties) GetAutomationRuleCondition() *AutomationRuleCondition

GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type PropertyArrayConditionProperties.

func (PropertyArrayConditionProperties) MarshalJSON 

func (p PropertyArrayConditionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type PropertyArrayConditionProperties.

func (*PropertyArrayConditionProperties) UnmarshalJSON 

func (p *PropertyArrayConditionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type PropertyArrayConditionProperties.

type PropertyChangedConditionProperties 

type PropertyChangedConditionProperties struct {
	// REQUIRED
	ConditionType       *ConditionType                                `json:"conditionType,omitempty"`
	ConditionProperties *AutomationRulePropertyValuesChangedCondition `json:"conditionProperties,omitempty"`
}

PropertyChangedConditionProperties - Describes an automation rule condition that evaluates a property's value change

func (*PropertyChangedConditionProperties) GetAutomationRuleCondition 

func (p *PropertyChangedConditionProperties) GetAutomationRuleCondition() *AutomationRuleCondition

GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type PropertyChangedConditionProperties.

func (PropertyChangedConditionProperties) MarshalJSON 

func (p PropertyChangedConditionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type PropertyChangedConditionProperties.

func (*PropertyChangedConditionProperties) UnmarshalJSON 

func (p *PropertyChangedConditionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type PropertyChangedConditionProperties.

type PropertyConditionProperties 

type PropertyConditionProperties struct {
	// REQUIRED
	ConditionType       *ConditionType                         `json:"conditionType,omitempty"`
	ConditionProperties *AutomationRulePropertyValuesCondition `json:"conditionProperties,omitempty"`
}

PropertyConditionProperties - Describes an automation rule condition that evaluates a property's value

func (*PropertyConditionProperties) GetAutomationRuleCondition 

func (p *PropertyConditionProperties) GetAutomationRuleCondition() *AutomationRuleCondition

GetAutomationRuleCondition implements the AutomationRuleConditionClassification interface for type PropertyConditionProperties.

func (PropertyConditionProperties) MarshalJSON 

func (p PropertyConditionProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type PropertyConditionProperties.

func (*PropertyConditionProperties) UnmarshalJSON 

func (p *PropertyConditionProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type PropertyConditionProperties.

type ProviderName 

type ProviderName string

ProviderName - Provider name 

const (
	ProviderNameMicrosoftAadiamDiagnosticSettings                 ProviderName = "microsoft.aadiam/diagnosticSettings"
	ProviderNameMicrosoftAuthorizationPolicyAssignments           ProviderName = "Microsoft.Authorization/policyAssignments"
	ProviderNameMicrosoftOperationalInsightsSolutions             ProviderName = "Microsoft.OperationalInsights/solutions"
	ProviderNameMicrosoftOperationalInsightsWorkspaces            ProviderName = "Microsoft.OperationalInsights/workspaces"
	ProviderNameMicrosoftOperationalInsightsWorkspacesDatasources ProviderName = "Microsoft.OperationalInsights/workspaces/datasources"
	ProviderNameMicrosoftOperationalInsightsWorkspacesSharedKeys  ProviderName = "Microsoft.OperationalInsights/workspaces/sharedKeys"
)

func PossibleProviderNameValues 

func PossibleProviderNameValues() []ProviderName

PossibleProviderNameValues returns the possible values for the ProviderName const type.

type RegistryHive 

type RegistryHive string

RegistryHive - the hive that holds the registry key. 

const (
	// RegistryHiveHKEYA - HKEY_A
	RegistryHiveHKEYA RegistryHive = "HKEY_A"
	// RegistryHiveHKEYCLASSESROOT - HKEY_CLASSES_ROOT
	RegistryHiveHKEYCLASSESROOT RegistryHive = "HKEY_CLASSES_ROOT"
	// RegistryHiveHKEYCURRENTCONFIG - HKEY_CURRENT_CONFIG
	RegistryHiveHKEYCURRENTCONFIG RegistryHive = "HKEY_CURRENT_CONFIG"
	// RegistryHiveHKEYCURRENTUSER - HKEY_CURRENT_USER
	RegistryHiveHKEYCURRENTUSER RegistryHive = "HKEY_CURRENT_USER"
	// RegistryHiveHKEYCURRENTUSERLOCALSETTINGS - HKEY_CURRENT_USER_LOCAL_SETTINGS
	RegistryHiveHKEYCURRENTUSERLOCALSETTINGS RegistryHive = "HKEY_CURRENT_USER_LOCAL_SETTINGS"
	// RegistryHiveHKEYLOCALMACHINE - HKEY_LOCAL_MACHINE
	RegistryHiveHKEYLOCALMACHINE RegistryHive = "HKEY_LOCAL_MACHINE"
	// RegistryHiveHKEYPERFORMANCEDATA - HKEY_PERFORMANCE_DATA
	RegistryHiveHKEYPERFORMANCEDATA RegistryHive = "HKEY_PERFORMANCE_DATA"
	// RegistryHiveHKEYPERFORMANCENLSTEXT - HKEY_PERFORMANCE_NLSTEXT
	RegistryHiveHKEYPERFORMANCENLSTEXT RegistryHive = "HKEY_PERFORMANCE_NLSTEXT"
	// RegistryHiveHKEYPERFORMANCETEXT - HKEY_PERFORMANCE_TEXT
	RegistryHiveHKEYPERFORMANCETEXT RegistryHive = "HKEY_PERFORMANCE_TEXT"
	// RegistryHiveHKEYUSERS - HKEY_USERS
	RegistryHiveHKEYUSERS RegistryHive = "HKEY_USERS"
)

func PossibleRegistryHiveValues 

func PossibleRegistryHiveValues() []RegistryHive

PossibleRegistryHiveValues returns the possible values for the RegistryHive const type.

type RegistryKeyEntity 

type RegistryKeyEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// RegistryKey entity properties
	Properties *RegistryKeyEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

RegistryKeyEntity - Represents a registry key entity.

func (*RegistryKeyEntity) GetEntity 

func (r *RegistryKeyEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type RegistryKeyEntity.

func (RegistryKeyEntity) MarshalJSON 

func (r RegistryKeyEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntity.

func (*RegistryKeyEntity) UnmarshalJSON 

func (r *RegistryKeyEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RegistryKeyEntity.

type RegistryKeyEntityProperties 

type RegistryKeyEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; the hive that holds the registry key.
	Hive *RegistryHive `json:"hive,omitempty" azure:"ro"`

	// READ-ONLY; The registry key path.
	Key *string `json:"key,omitempty" azure:"ro"`
}

RegistryKeyEntityProperties - RegistryKey entity property bag.

func (RegistryKeyEntityProperties) MarshalJSON 

func (r RegistryKeyEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryKeyEntityProperties.

func (*RegistryKeyEntityProperties) UnmarshalJSON 

func (r *RegistryKeyEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RegistryKeyEntityProperties.

type RegistryValueEntity 

type RegistryValueEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// RegistryKey entity properties
	Properties *RegistryValueEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

RegistryValueEntity - Represents a registry value entity.

func (*RegistryValueEntity) GetEntity 

func (r *RegistryValueEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type RegistryValueEntity.

func (RegistryValueEntity) MarshalJSON 

func (r RegistryValueEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryValueEntity.

func (*RegistryValueEntity) UnmarshalJSON 

func (r *RegistryValueEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RegistryValueEntity.

type RegistryValueEntityProperties 

type RegistryValueEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The registry key entity id.
	KeyEntityID *string `json:"keyEntityId,omitempty" azure:"ro"`

	// READ-ONLY; String formatted representation of the value data.
	ValueData *string `json:"valueData,omitempty" azure:"ro"`

	// READ-ONLY; The registry value name.
	ValueName *string `json:"valueName,omitempty" azure:"ro"`

	// READ-ONLY; Specifies the data types to use when storing values in the registry, or identifies the data type of a value
	// in the registry.
	ValueType *RegistryValueKind `json:"valueType,omitempty" azure:"ro"`
}

RegistryValueEntityProperties - RegistryValue entity property bag.

func (RegistryValueEntityProperties) MarshalJSON 

func (r RegistryValueEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RegistryValueEntityProperties.

func (*RegistryValueEntityProperties) UnmarshalJSON 

func (r *RegistryValueEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RegistryValueEntityProperties.

type RegistryValueKind 

type RegistryValueKind string

RegistryValueKind - Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. 

const (
	// RegistryValueKindBinary - Binary value type
	RegistryValueKindBinary RegistryValueKind = "Binary"
	// RegistryValueKindDWord - DWord value type
	RegistryValueKindDWord RegistryValueKind = "DWord"
	// RegistryValueKindExpandString - ExpandString value type
	RegistryValueKindExpandString RegistryValueKind = "ExpandString"
	// RegistryValueKindMultiString - MultiString value type
	RegistryValueKindMultiString RegistryValueKind = "MultiString"
	// RegistryValueKindNone - None
	RegistryValueKindNone RegistryValueKind = "None"
	// RegistryValueKindQWord - QWord value type
	RegistryValueKindQWord RegistryValueKind = "QWord"
	// RegistryValueKindString - String value type
	RegistryValueKindString RegistryValueKind = "String"
	// RegistryValueKindUnknown - Unknown value type
	RegistryValueKindUnknown RegistryValueKind = "Unknown"
)

func PossibleRegistryValueKindValues 

func PossibleRegistryValueKindValues() []RegistryValueKind

PossibleRegistryValueKindValues returns the possible values for the RegistryValueKind const type.

type Relation 

type Relation struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Relation properties
	Properties *RelationProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Relation - Represents a relation between two resources

func (Relation) MarshalJSON 

func (r Relation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Relation.

func (*Relation) UnmarshalJSON 

func (r *Relation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Relation.

type RelationList 

type RelationList struct {
	// REQUIRED; Array of relations.
	Value []*Relation `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of relations.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

RelationList - List of relations.

func (RelationList) MarshalJSON 

func (r RelationList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RelationList.

func (*RelationList) UnmarshalJSON 

func (r *RelationList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RelationList.

type RelationProperties 

type RelationProperties struct {
	// REQUIRED; The resource ID of the related resource
	RelatedResourceID *string `json:"relatedResourceId,omitempty"`

	// READ-ONLY; The resource kind of the related resource
	RelatedResourceKind *string `json:"relatedResourceKind,omitempty" azure:"ro"`

	// READ-ONLY; The name of the related resource
	RelatedResourceName *string `json:"relatedResourceName,omitempty" azure:"ro"`

	// READ-ONLY; The resource type of the related resource
	RelatedResourceType *string `json:"relatedResourceType,omitempty" azure:"ro"`
}

RelationProperties - Relation property bag.

func (RelationProperties) MarshalJSON 

func (r RelationProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RelationProperties.

func (*RelationProperties) UnmarshalJSON 

func (r *RelationProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RelationProperties.

type Repo 

type Repo struct {
	// Array of branches.
	Branches []*string `json:"branches,omitempty"`

	// The name of the repository.
	FullName *string `json:"fullName,omitempty"`

	// The url to access the repository.
	URL *string `json:"url,omitempty"`
}

Repo - Represents a repository.

func (Repo) MarshalJSON 

func (r Repo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Repo.

func (*Repo) UnmarshalJSON 

func (r *Repo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Repo.

type RepoList 

type RepoList struct {
	// REQUIRED; Array of repositories.
	Value []*Repo `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of repositories.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

RepoList - List all the source controls.

func (RepoList) MarshalJSON 

func (r RepoList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RepoList.

func (*RepoList) UnmarshalJSON 

func (r *RepoList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RepoList.

type RepoType 

type RepoType string

RepoType - The type of repository. 

const (
	RepoTypeDevOps RepoType = "DevOps"
	RepoTypeGithub RepoType = "Github"
)

func PossibleRepoTypeValues 

func PossibleRepoTypeValues() []RepoType

PossibleRepoTypeValues returns the possible values for the RepoType const type.

type Repository 

type Repository struct {
	// Branch name of repository.
	Branch *string `json:"branch,omitempty"`

	// Url to access repository action logs.
	DeploymentLogsURL *string `json:"deploymentLogsUrl,omitempty"`

	// Display url of repository.
	DisplayURL *string `json:"displayUrl,omitempty"`

	// Dictionary of source control content type and path mapping.
	PathMapping []*ContentPathMap `json:"pathMapping,omitempty"`

	// Url of repository.
	URL *string `json:"url,omitempty"`
}

Repository - metadata of a repository.

func (Repository) MarshalJSON 

func (r Repository) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Repository.

func (*Repository) UnmarshalJSON 

func (r *Repository) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Repository.

type RepositoryResourceInfo 

type RepositoryResourceInfo struct {
	// Resources created in Azure DevOps for this source-control.
	AzureDevOpsResourceInfo *AzureDevOpsResourceInfo `json:"azureDevOpsResourceInfo,omitempty"`

	// Resources created in GitHub for this source-control.
	GitHubResourceInfo *GitHubResourceInfo `json:"gitHubResourceInfo,omitempty"`

	// The webhook object created for the source-control.
	Webhook *Webhook `json:"webhook,omitempty"`
}

RepositoryResourceInfo - Resources created in user's repository for the source-control.

func (RepositoryResourceInfo) MarshalJSON 

func (r RepositoryResourceInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RepositoryResourceInfo.

func (*RepositoryResourceInfo) UnmarshalJSON 

func (r *RepositoryResourceInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RepositoryResourceInfo.

type RequiredPermissions 

type RequiredPermissions struct {
	// action permission
	Action *bool `json:"action,omitempty"`

	// delete permission
	Delete *bool `json:"delete,omitempty"`

	// read permission
	Read *bool `json:"read,omitempty"`

	// write permission
	Write *bool `json:"write,omitempty"`
}

RequiredPermissions - Required permissions for the connector

func (RequiredPermissions) MarshalJSON 

func (r RequiredPermissions) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type RequiredPermissions.

func (*RequiredPermissions) UnmarshalJSON 

func (r *RequiredPermissions) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type RequiredPermissions.

type ScheduledAlertRule 

type ScheduledAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Scheduled alert rule properties
	Properties *ScheduledAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ScheduledAlertRule - Represents scheduled alert rule.

func (*ScheduledAlertRule) GetAlertRule 

func (s *ScheduledAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type ScheduledAlertRule.

func (ScheduledAlertRule) MarshalJSON 

func (s ScheduledAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRule.

func (*ScheduledAlertRule) UnmarshalJSON 

func (s *ScheduledAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRule.

type ScheduledAlertRuleProperties 

type ScheduledAlertRuleProperties struct {
	// REQUIRED; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// REQUIRED; The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
	SuppressionDuration *string `json:"suppressionDuration,omitempty"`

	// REQUIRED; Determines whether the suppression for this alert rule is enabled or disabled.
	SuppressionEnabled *bool `json:"suppressionEnabled,omitempty"`

	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`

	// The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails,omitempty"`

	// The description of the alert rule.
	Description *string `json:"description,omitempty"`

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping `json:"entityMappings,omitempty"`

	// The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`

	// The settings of the incidents that created from alerts triggered by this analytics rule
	IncidentConfiguration *IncidentConfiguration `json:"incidentConfiguration,omitempty"`

	// The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`

	// The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`

	// The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The techniques of the alert rule
	Techniques []*string `json:"techniques,omitempty"`

	// The version of the alert rule template used to create this rule - in format , where all are numbers, for example 0
	TemplateVersion *string `json:"templateVersion,omitempty"`

	// The operation against the threshold that triggers alert rule.
	TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"`

	// The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`

	// READ-ONLY; The last time that this alert rule has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`
}

ScheduledAlertRuleProperties - Scheduled alert rule base property bag.

func (ScheduledAlertRuleProperties) MarshalJSON 

func (s ScheduledAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleProperties.

func (*ScheduledAlertRuleProperties) UnmarshalJSON 

func (s *ScheduledAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleProperties.

type ScheduledAlertRuleTemplate 

type ScheduledAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Scheduled alert rule template properties
	Properties *ScheduledAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ScheduledAlertRuleTemplate - Represents scheduled alert rule template.

func (*ScheduledAlertRuleTemplate) GetAlertRuleTemplate 

func (s *ScheduledAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type ScheduledAlertRuleTemplate.

func (ScheduledAlertRuleTemplate) MarshalJSON 

func (s ScheduledAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplate.

func (*ScheduledAlertRuleTemplate) UnmarshalJSON 

func (s *ScheduledAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplate.

type ScheduledAlertRuleTemplateProperties 

type ScheduledAlertRuleTemplateProperties struct {
	// The alert details override settings
	AlertDetailsOverride *AlertDetailsOverride `json:"alertDetailsOverride,omitempty"`

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// Dictionary of string key-value pairs of columns to be attached to the alert
	CustomDetails map[string]*string `json:"customDetails,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// Array of the entity mappings of the alert rule
	EntityMappings []*EntityMapping `json:"entityMappings,omitempty"`

	// The event grouping settings.
	EventGroupingSettings *EventGroupingSettings `json:"eventGroupingSettings,omitempty"`

	// The query that creates alerts for this rule.
	Query *string `json:"query,omitempty"`

	// The frequency (in ISO 8601 duration format) for this alert rule to run.
	QueryFrequency *string `json:"queryFrequency,omitempty"`

	// The period (in ISO 8601 duration format) that this alert rule looks at.
	QueryPeriod *string `json:"queryPeriod,omitempty"`

	// The required data connectors for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// The tactics of the alert rule template
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The techniques of the alert rule
	Techniques []*string `json:"techniques,omitempty"`

	// The operation against the threshold that triggers alert rule.
	TriggerOperator *TriggerOperator `json:"triggerOperator,omitempty"`

	// The threshold triggers this alert rule.
	TriggerThreshold *int32 `json:"triggerThreshold,omitempty"`

	// The version of this template - in format , where all are numbers. For example .
	Version *string `json:"version,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The time that this alert rule template was last updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

ScheduledAlertRuleTemplateProperties - Scheduled alert rule template properties

func (ScheduledAlertRuleTemplateProperties) MarshalJSON 

func (s ScheduledAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ScheduledAlertRuleTemplateProperties.

func (*ScheduledAlertRuleTemplateProperties) UnmarshalJSON 

func (s *ScheduledAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ScheduledAlertRuleTemplateProperties.

type SecurityAlert 

type SecurityAlert struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// SecurityAlert entity properties
	Properties *SecurityAlertProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SecurityAlert - Represents a security alert entity.

func (*SecurityAlert) GetEntity 

func (s *SecurityAlert) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type SecurityAlert.

func (SecurityAlert) MarshalJSON 

func (s SecurityAlert) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityAlert.

func (*SecurityAlert) UnmarshalJSON 

func (s *SecurityAlert) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlert.

type SecurityAlertProperties 

type SecurityAlertProperties struct {
	// The severity of the alert
	Severity *AlertSeverity `json:"severity,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The display name of the alert.
	AlertDisplayName *string `json:"alertDisplayName,omitempty" azure:"ro"`

	// READ-ONLY; The uri link of the alert.
	AlertLink *string `json:"alertLink,omitempty" azure:"ro"`

	// READ-ONLY; The type name of the alert.
	AlertType *string `json:"alertType,omitempty" azure:"ro"`

	// READ-ONLY; Display name of the main entity being reported on.
	CompromisedEntity *string `json:"compromisedEntity,omitempty" azure:"ro"`

	// READ-ONLY; The confidence level of this alert.
	ConfidenceLevel *ConfidenceLevel `json:"confidenceLevel,omitempty" azure:"ro"`

	// READ-ONLY; The confidence reasons
	ConfidenceReasons []*SecurityAlertPropertiesConfidenceReasonsItem `json:"confidenceReasons,omitempty" azure:"ro"`

	// READ-ONLY; The confidence score of the alert.
	ConfidenceScore *float64 `json:"confidenceScore,omitempty" azure:"ro"`

	// READ-ONLY; The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not
	// applicable or final.
	ConfidenceScoreStatus *ConfidenceScoreStatus `json:"confidenceScoreStatus,omitempty" azure:"ro"`

	// READ-ONLY; Alert description.
	Description *string `json:"description,omitempty" azure:"ro"`

	// READ-ONLY; The impact end time of the alert (the time of the last event contributing to the alert).
	EndTimeUTC *time.Time `json:"endTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; Holds the alert intent stage(s) mapping for this alert.
	Intent *KillChainIntent `json:"intent,omitempty" azure:"ro"`

	// READ-ONLY; The time the alert was made available for consumption.
	ProcessingEndTime *time.Time `json:"processingEndTime,omitempty" azure:"ro"`

	// READ-ONLY; The name of a component inside the product which generated the alert.
	ProductComponentName *string `json:"productComponentName,omitempty" azure:"ro"`

	// READ-ONLY; The name of the product which published this alert.
	ProductName *string `json:"productName,omitempty" azure:"ro"`

	// READ-ONLY; The version of the product generating the alert.
	ProductVersion *string `json:"productVersion,omitempty" azure:"ro"`

	// READ-ONLY; The identifier of the alert inside the product which generated the alert.
	ProviderAlertID *string `json:"providerAlertId,omitempty" azure:"ro"`

	// READ-ONLY; Manual action items to take to remediate the alert.
	RemediationSteps []*string `json:"remediationSteps,omitempty" azure:"ro"`

	// READ-ONLY; The list of resource identifiers of the alert.
	ResourceIdentifiers []any `json:"resourceIdentifiers,omitempty" azure:"ro"`

	// READ-ONLY; The impact start time of the alert (the time of the first event contributing to the alert).
	StartTimeUTC *time.Time `json:"startTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; The lifecycle status of the alert.
	Status *AlertStatus `json:"status,omitempty" azure:"ro"`

	// READ-ONLY; Holds the product identifier of the alert for the product.
	SystemAlertID *string `json:"systemAlertId,omitempty" azure:"ro"`

	// READ-ONLY; The tactics of the alert
	Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"`

	// READ-ONLY; The time the alert was generated.
	TimeGenerated *time.Time `json:"timeGenerated,omitempty" azure:"ro"`

	// READ-ONLY; The name of the vendor that raise the alert.
	VendorName *string `json:"vendorName,omitempty" azure:"ro"`
}

SecurityAlertProperties - SecurityAlert entity property bag.

func (SecurityAlertProperties) MarshalJSON 

func (s SecurityAlertProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityAlertProperties.

func (*SecurityAlertProperties) UnmarshalJSON 

func (s *SecurityAlertProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertProperties.

type SecurityAlertPropertiesConfidenceReasonsItem 

type SecurityAlertPropertiesConfidenceReasonsItem struct {
	// READ-ONLY; The reason's description
	Reason *string `json:"reason,omitempty" azure:"ro"`

	// READ-ONLY; The type (category) of the reason
	ReasonType *string `json:"reasonType,omitempty" azure:"ro"`
}

SecurityAlertPropertiesConfidenceReasonsItem - confidence reason item

func (SecurityAlertPropertiesConfidenceReasonsItem) MarshalJSON 

func (s SecurityAlertPropertiesConfidenceReasonsItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityAlertPropertiesConfidenceReasonsItem.

func (*SecurityAlertPropertiesConfidenceReasonsItem) UnmarshalJSON 

func (s *SecurityAlertPropertiesConfidenceReasonsItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertPropertiesConfidenceReasonsItem.

type SecurityAlertTimelineItem 

type SecurityAlertTimelineItem struct {
	// REQUIRED; The name of the alert type.
	AlertType *string `json:"alertType,omitempty"`

	// REQUIRED; The alert azure resource id.
	AzureResourceID *string `json:"azureResourceId,omitempty"`

	// REQUIRED; The alert name.
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The alert end time.
	EndTimeUTC *time.Time `json:"endTimeUtc,omitempty"`

	// REQUIRED; The entity query kind type.
	Kind *EntityTimelineKind `json:"kind,omitempty"`

	// REQUIRED; The alert severity.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// REQUIRED; The alert start time.
	StartTimeUTC *time.Time `json:"startTimeUtc,omitempty"`

	// REQUIRED; The alert generated time.
	TimeGenerated *time.Time `json:"timeGenerated,omitempty"`

	// The alert description.
	Description *string `json:"description,omitempty"`

	// The alert product name.
	ProductName *string `json:"productName,omitempty"`
}

SecurityAlertTimelineItem - Represents security alert timeline item.

func (*SecurityAlertTimelineItem) GetEntityTimelineItem 

func (s *SecurityAlertTimelineItem) GetEntityTimelineItem() *EntityTimelineItem

GetEntityTimelineItem implements the EntityTimelineItemClassification interface for type SecurityAlertTimelineItem.

func (SecurityAlertTimelineItem) MarshalJSON 

func (s SecurityAlertTimelineItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityAlertTimelineItem.

func (*SecurityAlertTimelineItem) UnmarshalJSON 

func (s *SecurityAlertTimelineItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityAlertTimelineItem.

type SecurityGroupEntity 

type SecurityGroupEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// SecurityGroup entity properties
	Properties *SecurityGroupEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SecurityGroupEntity - Represents a security group entity.

func (*SecurityGroupEntity) GetEntity 

func (s *SecurityGroupEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type SecurityGroupEntity.

func (SecurityGroupEntity) MarshalJSON 

func (s SecurityGroupEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntity.

func (*SecurityGroupEntity) UnmarshalJSON 

func (s *SecurityGroupEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityGroupEntity.

type SecurityGroupEntityProperties 

type SecurityGroupEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The group distinguished name
	DistinguishedName *string `json:"distinguishedName,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; A single-value attribute that is the unique identifier for the object, assigned by active directory.
	ObjectGUID *string `json:"objectGuid,omitempty" azure:"ro"`

	// READ-ONLY; The SID attribute is a single-value attribute that specifies the security identifier (SID) of the group
	Sid *string `json:"sid,omitempty" azure:"ro"`
}

SecurityGroupEntityProperties - SecurityGroup entity property bag.

func (SecurityGroupEntityProperties) MarshalJSON 

func (s SecurityGroupEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityGroupEntityProperties.

func (*SecurityGroupEntityProperties) UnmarshalJSON 

func (s *SecurityGroupEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityGroupEntityProperties.

type SecurityMLAnalyticsSetting 

type SecurityMLAnalyticsSetting struct {
	// REQUIRED; The kind of security ML Analytics Settings
	Kind *SecurityMLAnalyticsSettingsKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SecurityMLAnalyticsSetting - Security ML Analytics Setting

func (*SecurityMLAnalyticsSetting) GetSecurityMLAnalyticsSetting 

func (s *SecurityMLAnalyticsSetting) GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting

GetSecurityMLAnalyticsSetting implements the SecurityMLAnalyticsSettingClassification interface for type SecurityMLAnalyticsSetting.

func (SecurityMLAnalyticsSetting) MarshalJSON 

func (s SecurityMLAnalyticsSetting) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityMLAnalyticsSetting.

func (*SecurityMLAnalyticsSetting) UnmarshalJSON 

func (s *SecurityMLAnalyticsSetting) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSetting.

type SecurityMLAnalyticsSettingClassification 

type SecurityMLAnalyticsSettingClassification interface {
	// GetSecurityMLAnalyticsSetting returns the SecurityMLAnalyticsSetting content of the underlying type.
	GetSecurityMLAnalyticsSetting() *SecurityMLAnalyticsSetting
}

SecurityMLAnalyticsSettingClassification provides polymorphic access to related types. Call the interface's GetSecurityMLAnalyticsSetting() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *AnomalySecurityMLAnalyticsSettings, *SecurityMLAnalyticsSetting

type SecurityMLAnalyticsSettingsClient 

type SecurityMLAnalyticsSettingsClient struct {
	// contains filtered or unexported fields
}

SecurityMLAnalyticsSettingsClient contains the methods for the SecurityMLAnalyticsSettings group. Don't use this type directly, use NewSecurityMLAnalyticsSettingsClient() instead.

func NewSecurityMLAnalyticsSettingsClient 

func NewSecurityMLAnalyticsSettingsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SecurityMLAnalyticsSettingsClient, error)

NewSecurityMLAnalyticsSettingsClient creates a new instance of SecurityMLAnalyticsSettingsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*SecurityMLAnalyticsSettingsClient) CreateOrUpdate 

func (client *SecurityMLAnalyticsSettingsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, settingsResourceName string, securityMLAnalyticsSetting SecurityMLAnalyticsSettingClassification, options *SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions) (SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates the Security ML Analytics Settings. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • settingsResourceName - Security ML Analytics Settings resource name
  • securityMLAnalyticsSetting - The security ML Analytics setting
  • options - SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/securityMLAnalyticsSettings/CreateAnomalySecurityMLAnalyticsSetting.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSecurityMLAnalyticsSettingsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "f209187f-1d17-4431-94af-c141bf5f23db", &armsecurityinsights.AnomalySecurityMLAnalyticsSettings{
	Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""),
	Kind: to.Ptr(armsecurityinsights.SecurityMLAnalyticsSettingsKindAnomaly),
	Properties: &armsecurityinsights.AnomalySecurityMLAnalyticsSettingsProperties{
		Description:            to.Ptr("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."),
		AnomalySettingsVersion: to.Ptr[int32](0),
		AnomalyVersion:         to.Ptr("1.0.5"),
		CustomizableObservations: map[string]any{
			"multiSelectObservations":       nil,
			"prioritizeExcludeObservations": nil,
			"singleSelectObservations": []any{
				map[string]any{
					"name":           "Device vendor",
					"description":    "Select device vendor of network connection logs from CommonSecurityLog",
					"rerun":          "RerunAlways",
					"sequenceNumber": float64(1),
					"supportedValues": []any{
						"Palo Alto Networks",
						"Fortinet",
						"Check Point",
					},
					"supportedValuesKql": nil,
					"value": []any{
						"Palo Alto Networks",
					},
					"valuesKql": nil,
				},
			},
			"singleValueObservations": nil,
			"thresholdObservations": []any{
				map[string]any{
					"name":           "Daily data transfer threshold in MB",
					"description":    "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
					"maximum":        "100",
					"minimum":        "1",
					"rerun":          "RerunAlways",
					"sequenceNumber": float64(1),
					"value":          "25",
				},
				map[string]any{
					"name":           "Number of standard deviations",
					"description":    "Triggers anomalies when number of standard deviations is greater than the chosen value",
					"maximum":        "10",
					"minimum":        "2",
					"rerun":          "RerunAlways",
					"sequenceNumber": float64(2),
					"value":          "3",
				},
			},
		},
		DisplayName:       to.Ptr("Login from unusual region"),
		Enabled:           to.Ptr(true),
		Frequency:         to.Ptr("PT1H"),
		IsDefaultSettings: to.Ptr(true),
		RequiredDataConnectors: []*armsecurityinsights.SecurityMLAnalyticsSettingsDataSource{
			{
				ConnectorID: to.Ptr("AWS"),
				DataTypes: []*string{
					to.Ptr("AWSCloudTrail")},
			}},
		SettingsDefinitionID: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"),
		SettingsStatus:       to.Ptr(armsecurityinsights.SettingsStatusProduction),
		Tactics: []*armsecurityinsights.AttackTactic{
			to.Ptr(armsecurityinsights.AttackTacticExfiltration),
			to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)},
		Techniques: []*string{
			to.Ptr("T1037"),
			to.Ptr("T1021")},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse{
// 	                            SecurityMLAnalyticsSettingClassification: &armsecurityinsights.AnomalySecurityMLAnalyticsSettings{
// 		Name: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/securityMLAnalyticsSettings"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db"),
// 		Etag: to.Ptr("\"01005144-0000-0d00-0000-6058632c0000\""),
// 		Kind: to.Ptr(armsecurityinsights.SecurityMLAnalyticsSettingsKindAnomaly),
// 		Properties: &armsecurityinsights.AnomalySecurityMLAnalyticsSettingsProperties{
// 			Description: to.Ptr("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."),
// 			AnomalySettingsVersion: to.Ptr[int32](0),
// 			AnomalyVersion: to.Ptr("1.0.5"),
// 			CustomizableObservations: map[string]any{
// 				"multiSelectObservations": nil,
// 				"prioritizeExcludeObservations": nil,
// 				"singleSelectObservations":[]any{
// 					map[string]any{
// 						"name": "Device vendor",
// 						"description": "Select device vendor of network connection logs from CommonSecurityLog",
// 						"rerun": "RerunAlways",
// 						"sequenceNumber": float64(1),
// 						"supportedValues":[]any{
// 							"Palo Alto Networks",
// 							"Fortinet",
// 							"Check Point",
// 						},
// 						"supportedValuesKql": nil,
// 						"value":[]any{
// 							"Palo Alto Networks",
// 						},
// 						"valuesKql": nil,
// 					},
// 				},
// 				"singleValueObservations": nil,
// 				"thresholdObservations":[]any{
// 					map[string]any{
// 						"name": "Daily data transfer threshold in MB",
// 						"description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
// 						"maximum": "100",
// 						"minimum": "1",
// 						"rerun": "RerunAlways",
// 						"sequenceNumber": float64(1),
// 						"value": "25",
// 					},
// 					map[string]any{
// 						"name": "Number of standard deviations",
// 						"description": "Triggers anomalies when number of standard deviations is greater than the chosen value",
// 						"maximum": "10",
// 						"minimum": "2",
// 						"rerun": "RerunAlways",
// 						"sequenceNumber": float64(2),
// 						"value": "3",
// 					},
// 				},
// 			},
// 			DisplayName: to.Ptr("Login from unusual region"),
// 			Enabled: to.Ptr(true),
// 			Frequency: to.Ptr("PT1H"),
// 			IsDefaultSettings: to.Ptr(true),
// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-20T13:17:11.5340061Z"); return t}()),
// 			RequiredDataConnectors: []*armsecurityinsights.SecurityMLAnalyticsSettingsDataSource{
// 				{
// 					ConnectorID: to.Ptr("AWS"),
// 					DataTypes: []*string{
// 						to.Ptr("AWSCloudTrail")},
// 				}},
// 				SettingsDefinitionID: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"),
// 				SettingsStatus: to.Ptr(armsecurityinsights.SettingsStatusProduction),
// 				Tactics: []*armsecurityinsights.AttackTactic{
// 					to.Ptr(armsecurityinsights.AttackTacticExfiltration),
// 					to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)},
// 					Techniques: []*string{
// 						to.Ptr("T1037"),
// 						to.Ptr("T1021")},
// 					},
// 				},
// 				                        }

Output:

func (*SecurityMLAnalyticsSettingsClient) Delete 

func (client *SecurityMLAnalyticsSettingsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, settingsResourceName string, options *SecurityMLAnalyticsSettingsClientDeleteOptions) (SecurityMLAnalyticsSettingsClientDeleteResponse, error)

Delete - Delete the Security ML Analytics Settings. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • settingsResourceName - Security ML Analytics Settings resource name
  • options - SecurityMLAnalyticsSettingsClientDeleteOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/securityMLAnalyticsSettings/DeleteSecurityMLAnalyticsSetting.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewSecurityMLAnalyticsSettingsClient().Delete(ctx, "myRg", "myWorkspace", "f209187f-1d17-4431-94af-c141bf5f23db", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*SecurityMLAnalyticsSettingsClient) Get 

func (client *SecurityMLAnalyticsSettingsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, settingsResourceName string, options *SecurityMLAnalyticsSettingsClientGetOptions) (SecurityMLAnalyticsSettingsClientGetResponse, error)

Get - Gets the Security ML Analytics Settings. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • settingsResourceName - Security ML Analytics Settings resource name
  • options - SecurityMLAnalyticsSettingsClientGetOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/securityMLAnalyticsSettings/GetAnomalySecurityMLAnalyticsSetting.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSecurityMLAnalyticsSettingsClient().Get(ctx, "myRg", "myWorkspace", "myFirstAnomalySettings", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.SecurityMLAnalyticsSettingsClientGetResponse{
// 	                            SecurityMLAnalyticsSettingClassification: &armsecurityinsights.AnomalySecurityMLAnalyticsSettings{
// 		Name: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/securityMLAnalyticsSettings"),
// 		ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db"),
// 		Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""),
// 		Kind: to.Ptr(armsecurityinsights.SecurityMLAnalyticsSettingsKindAnomaly),
// 		Properties: &armsecurityinsights.AnomalySecurityMLAnalyticsSettingsProperties{
// 			Description: to.Ptr("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."),
// 			AnomalySettingsVersion: to.Ptr[int32](0),
// 			AnomalyVersion: to.Ptr("1.0.5"),
// 			CustomizableObservations: map[string]any{
// 				"multiSelectObservations": nil,
// 				"prioritizeExcludeObservations": nil,
// 				"singleSelectObservations":[]any{
// 					map[string]any{
// 						"name": "Device vendor",
// 						"description": "Select device vendor of network connection logs from CommonSecurityLog",
// 						"rerun": "RerunAlways",
// 						"sequenceNumber": float64(1),
// 						"supportedValues":[]any{
// 							"Palo Alto Networks",
// 							"Fortinet",
// 							"Check Point",
// 						},
// 						"supportedValuesKql": nil,
// 						"value":[]any{
// 							"Palo Alto Networks",
// 						},
// 						"valuesKql": nil,
// 					},
// 				},
// 				"singleValueObservations": nil,
// 				"thresholdObservations":[]any{
// 					map[string]any{
// 						"name": "Daily data transfer threshold in MB",
// 						"description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
// 						"maximum": "100",
// 						"minimum": "1",
// 						"rerun": "RerunAlways",
// 						"sequenceNumber": float64(1),
// 						"value": "25",
// 					},
// 					map[string]any{
// 						"name": "Number of standard deviations",
// 						"description": "Triggers anomalies when number of standard deviations is greater than the chosen value",
// 						"maximum": "10",
// 						"minimum": "2",
// 						"rerun": "RerunAlways",
// 						"sequenceNumber": float64(2),
// 						"value": "3",
// 					},
// 				},
// 			},
// 			DisplayName: to.Ptr("Login from unusual region"),
// 			Enabled: to.Ptr(true),
// 			Frequency: to.Ptr("PT1H"),
// 			IsDefaultSettings: to.Ptr(true),
// 			LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-20T13:13:11.5340061Z"); return t}()),
// 			RequiredDataConnectors: []*armsecurityinsights.SecurityMLAnalyticsSettingsDataSource{
// 				{
// 					ConnectorID: to.Ptr("AWS"),
// 					DataTypes: []*string{
// 						to.Ptr("AWSCloudTrail")},
// 				}},
// 				SettingsDefinitionID: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"),
// 				SettingsStatus: to.Ptr(armsecurityinsights.SettingsStatusProduction),
// 				Tactics: []*armsecurityinsights.AttackTactic{
// 					to.Ptr(armsecurityinsights.AttackTacticExfiltration),
// 					to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)},
// 					Techniques: []*string{
// 						to.Ptr("T1037"),
// 						to.Ptr("T1021")},
// 					},
// 				},
// 				                        }

Output:

func (*SecurityMLAnalyticsSettingsClient) NewListPager 

func (client *SecurityMLAnalyticsSettingsClient) NewListPager(resourceGroupName string, workspaceName string, options *SecurityMLAnalyticsSettingsClientListOptions) *runtime.Pager[SecurityMLAnalyticsSettingsClientListResponse]

NewListPager - Gets all Security ML Analytics Settings.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - SecurityMLAnalyticsSettingsClientListOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/securityMLAnalyticsSettings/GetAllSecurityMLAnalyticsSettings.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewSecurityMLAnalyticsSettingsClient().NewListPager("myRg", "myWorkspace", nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.SecurityMLAnalyticsSettingsList = armsecurityinsights.SecurityMLAnalyticsSettingsList{
	// 	Value: []armsecurityinsights.SecurityMLAnalyticsSettingClassification{
	// 		&armsecurityinsights.AnomalySecurityMLAnalyticsSettings{
	// 			Name: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/securityMLAnalyticsSettings"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db"),
	// 			Etag: to.Ptr("\"260090e2-0000-0d00-0000-5d6fb8670000\""),
	// 			Kind: to.Ptr(armsecurityinsights.SecurityMLAnalyticsSettingsKindAnomaly),
	// 			Properties: &armsecurityinsights.AnomalySecurityMLAnalyticsSettingsProperties{
	// 				Description: to.Ptr("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."),
	// 				AnomalySettingsVersion: to.Ptr[int32](0),
	// 				AnomalyVersion: to.Ptr("1.0.5"),
	// 				CustomizableObservations: map[string]any{
	// 					"multiSelectObservations": nil,
	// 					"prioritizeExcludeObservations": nil,
	// 					"singleSelectObservations":[]any{
	// 						map[string]any{
	// 							"name": "Device vendor",
	// 							"description": "Select device vendor of network connection logs from CommonSecurityLog",
	// 							"rerun": "RerunAlways",
	// 							"sequenceNumber": float64(1),
	// 							"supportedValues":[]any{
	// 								"Palo Alto Networks",
	// 								"Fortinet",
	// 								"Check Point",
	// 							},
	// 							"supportedValuesKql": nil,
	// 							"value":[]any{
	// 								"Palo Alto Networks",
	// 							},
	// 							"valuesKql": nil,
	// 						},
	// 					},
	// 					"singleValueObservations": nil,
	// 					"thresholdObservations":[]any{
	// 						map[string]any{
	// 							"name": "Daily data transfer threshold in MB",
	// 							"description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
	// 							"maximum": "100",
	// 							"minimum": "1",
	// 							"rerun": "RerunAlways",
	// 							"sequenceNumber": float64(1),
	// 							"value": "25",
	// 						},
	// 						map[string]any{
	// 							"name": "Number of standard deviations",
	// 							"description": "Triggers anomalies when number of standard deviations is greater than the chosen value",
	// 							"maximum": "10",
	// 							"minimum": "2",
	// 							"rerun": "RerunAlways",
	// 							"sequenceNumber": float64(2),
	// 							"value": "3",
	// 						},
	// 					},
	// 				},
	// 				DisplayName: to.Ptr("Login from unusual region"),
	// 				Enabled: to.Ptr(true),
	// 				Frequency: to.Ptr("PT1H"),
	// 				IsDefaultSettings: to.Ptr(true),
	// 				LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-10-20T13:13:11.5340061Z"); return t}()),
	// 				RequiredDataConnectors: []*armsecurityinsights.SecurityMLAnalyticsSettingsDataSource{
	// 					{
	// 						ConnectorID: to.Ptr("AWS"),
	// 						DataTypes: []*string{
	// 							to.Ptr("AWSCloudTrail")},
	// 					}},
	// 					SettingsDefinitionID: to.Ptr("f209187f-1d17-4431-94af-c141bf5f23db"),
	// 					SettingsStatus: to.Ptr(armsecurityinsights.SettingsStatusProduction),
	// 					Tactics: []*armsecurityinsights.AttackTactic{
	// 						to.Ptr(armsecurityinsights.AttackTacticExfiltration),
	// 						to.Ptr(armsecurityinsights.AttackTacticCommandAndControl)},
	// 						Techniques: []*string{
	// 							to.Ptr("T1037"),
	// 							to.Ptr("T1021")},
	// 						},
	// 				}},
	// 			}
}

Output:

type SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions 

type SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions struct {
}

SecurityMLAnalyticsSettingsClientCreateOrUpdateOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.CreateOrUpdate method.

type SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse 

type SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse struct {
	SecurityMLAnalyticsSettingClassification
}

SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse contains the response from method SecurityMLAnalyticsSettingsClient.CreateOrUpdate.

func (*SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse) UnmarshalJSON 

func (s *SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsClientCreateOrUpdateResponse.

type SecurityMLAnalyticsSettingsClientDeleteOptions 

type SecurityMLAnalyticsSettingsClientDeleteOptions struct {
}

SecurityMLAnalyticsSettingsClientDeleteOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.Delete method.

type SecurityMLAnalyticsSettingsClientDeleteResponse 

type SecurityMLAnalyticsSettingsClientDeleteResponse struct {
}

SecurityMLAnalyticsSettingsClientDeleteResponse contains the response from method SecurityMLAnalyticsSettingsClient.Delete.

type SecurityMLAnalyticsSettingsClientGetOptions 

type SecurityMLAnalyticsSettingsClientGetOptions struct {
}

SecurityMLAnalyticsSettingsClientGetOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.Get method.

type SecurityMLAnalyticsSettingsClientGetResponse 

type SecurityMLAnalyticsSettingsClientGetResponse struct {
	SecurityMLAnalyticsSettingClassification
}

SecurityMLAnalyticsSettingsClientGetResponse contains the response from method SecurityMLAnalyticsSettingsClient.Get.

func (*SecurityMLAnalyticsSettingsClientGetResponse) UnmarshalJSON 

func (s *SecurityMLAnalyticsSettingsClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsClientGetResponse.

type SecurityMLAnalyticsSettingsClientListOptions 

type SecurityMLAnalyticsSettingsClientListOptions struct {
}

SecurityMLAnalyticsSettingsClientListOptions contains the optional parameters for the SecurityMLAnalyticsSettingsClient.NewListPager method.

type SecurityMLAnalyticsSettingsClientListResponse 

type SecurityMLAnalyticsSettingsClientListResponse struct {
	SecurityMLAnalyticsSettingsList
}

SecurityMLAnalyticsSettingsClientListResponse contains the response from method SecurityMLAnalyticsSettingsClient.NewListPager.

type SecurityMLAnalyticsSettingsDataSource 

type SecurityMLAnalyticsSettingsDataSource struct {
	// The connector id that provides the following data types
	ConnectorID *string `json:"connectorId,omitempty"`

	// The data types used by the security ml analytics settings
	DataTypes []*string `json:"dataTypes,omitempty"`
}

SecurityMLAnalyticsSettingsDataSource - security ml analytics settings data sources

func (SecurityMLAnalyticsSettingsDataSource) MarshalJSON 

func (s SecurityMLAnalyticsSettingsDataSource) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityMLAnalyticsSettingsDataSource.

func (*SecurityMLAnalyticsSettingsDataSource) UnmarshalJSON 

func (s *SecurityMLAnalyticsSettingsDataSource) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsDataSource.

type SecurityMLAnalyticsSettingsKind 

type SecurityMLAnalyticsSettingsKind string

SecurityMLAnalyticsSettingsKind - The kind of security ML analytics settings 

const (
	SecurityMLAnalyticsSettingsKindAnomaly SecurityMLAnalyticsSettingsKind = "Anomaly"
)

func PossibleSecurityMLAnalyticsSettingsKindValues 

func PossibleSecurityMLAnalyticsSettingsKindValues() []SecurityMLAnalyticsSettingsKind

PossibleSecurityMLAnalyticsSettingsKindValues returns the possible values for the SecurityMLAnalyticsSettingsKind const type.

type SecurityMLAnalyticsSettingsList 

type SecurityMLAnalyticsSettingsList struct {
	// REQUIRED; Array of SecurityMLAnalyticsSettings
	Value []SecurityMLAnalyticsSettingClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of SecurityMLAnalyticsSettings.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

SecurityMLAnalyticsSettingsList - List all the SecurityMLAnalyticsSettings

func (SecurityMLAnalyticsSettingsList) MarshalJSON 

func (s SecurityMLAnalyticsSettingsList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SecurityMLAnalyticsSettingsList.

func (*SecurityMLAnalyticsSettingsList) UnmarshalJSON 

func (s *SecurityMLAnalyticsSettingsList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SecurityMLAnalyticsSettingsList.

type SentinelOnboardingState 

type SentinelOnboardingState struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// The Sentinel onboarding state object
	Properties *SentinelOnboardingStateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SentinelOnboardingState - Sentinel onboarding state

func (SentinelOnboardingState) MarshalJSON 

func (s SentinelOnboardingState) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingState.

func (*SentinelOnboardingState) UnmarshalJSON 

func (s *SentinelOnboardingState) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingState.

type SentinelOnboardingStateProperties 

type SentinelOnboardingStateProperties struct {
	// Flag that indicates the status of the CMK setting
	CustomerManagedKey *bool `json:"customerManagedKey,omitempty"`
}

SentinelOnboardingStateProperties - The Sentinel onboarding state properties

func (SentinelOnboardingStateProperties) MarshalJSON 

func (s SentinelOnboardingStateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingStateProperties.

func (*SentinelOnboardingStateProperties) UnmarshalJSON 

func (s *SentinelOnboardingStateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingStateProperties.

type SentinelOnboardingStatesClient 

type SentinelOnboardingStatesClient struct {
	// contains filtered or unexported fields
}

SentinelOnboardingStatesClient contains the methods for the SentinelOnboardingStates group. Don't use this type directly, use NewSentinelOnboardingStatesClient() instead.

func NewSentinelOnboardingStatesClient 

func NewSentinelOnboardingStatesClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SentinelOnboardingStatesClient, error)

NewSentinelOnboardingStatesClient creates a new instance of SentinelOnboardingStatesClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*SentinelOnboardingStatesClient) Create 

func (client *SentinelOnboardingStatesClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientCreateOptions) (SentinelOnboardingStatesClientCreateResponse, error)

Create - Create Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default
  • options - SentinelOnboardingStatesClientCreateOptions contains the optional parameters for the SentinelOnboardingStatesClient.Create method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/onboardingStates/CreateSentinelOnboardingState.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSentinelOnboardingStatesClient().Create(ctx, "myRg", "myWorkspace", "default", &armsecurityinsights.SentinelOnboardingStatesClientCreateOptions{SentinelOnboardingStateParameter: &armsecurityinsights.SentinelOnboardingState{
	Properties: &armsecurityinsights.SentinelOnboardingStateProperties{
		CustomerManagedKey: to.Ptr(false),
	},
},
})
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.SentinelOnboardingState = armsecurityinsights.SentinelOnboardingState{
// 	Name: to.Ptr("default"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/onboardingStates"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default"),
// 	Properties: &armsecurityinsights.SentinelOnboardingStateProperties{
// 		CustomerManagedKey: to.Ptr(false),
// 	},
// }

Output:

func (*SentinelOnboardingStatesClient) Delete 

func (client *SentinelOnboardingStatesClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientDeleteOptions) (SentinelOnboardingStatesClientDeleteResponse, error)

Delete - Delete Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default
  • options - SentinelOnboardingStatesClientDeleteOptions contains the optional parameters for the SentinelOnboardingStatesClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/onboardingStates/DeleteSentinelOnboardingState.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewSentinelOnboardingStatesClient().Delete(ctx, "myRg", "myWorkspace", "default", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*SentinelOnboardingStatesClient) Get 

func (client *SentinelOnboardingStatesClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, sentinelOnboardingStateName string, options *SentinelOnboardingStatesClientGetOptions) (SentinelOnboardingStatesClientGetResponse, error)

Get - Get Sentinel onboarding state If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • sentinelOnboardingStateName - The Sentinel onboarding state name. Supports - default
  • options - SentinelOnboardingStatesClientGetOptions contains the optional parameters for the SentinelOnboardingStatesClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/onboardingStates/GetSentinelOnboardingState.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSentinelOnboardingStatesClient().Get(ctx, "myRg", "myWorkspace", "default", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.SentinelOnboardingState = armsecurityinsights.SentinelOnboardingState{
// 	Name: to.Ptr("default"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/onboardingStates"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default"),
// 	Properties: &armsecurityinsights.SentinelOnboardingStateProperties{
// 		CustomerManagedKey: to.Ptr(false),
// 	},
// }

Output:

func (*SentinelOnboardingStatesClient) List 

func (client *SentinelOnboardingStatesClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *SentinelOnboardingStatesClientListOptions) (SentinelOnboardingStatesClientListResponse, error)

List - Gets all Sentinel onboarding states If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/onboardingStates/GetAllSentinelOnboardingStates.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSentinelOnboardingStatesClient().List(ctx, "myRg", "myWorkspace", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.SentinelOnboardingStatesList = armsecurityinsights.SentinelOnboardingStatesList{
// 	Value: []*armsecurityinsights.SentinelOnboardingState{
// 		{
// 			Name: to.Ptr("default"),
// 			Type: to.Ptr("Microsoft.SecurityInsights/onboardingStates"),
// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/onboardingStates/default"),
// 			Properties: &armsecurityinsights.SentinelOnboardingStateProperties{
// 				CustomerManagedKey: to.Ptr(false),
// 			},
// 	}},
// }

Output:

type SentinelOnboardingStatesClientCreateOptions 

type SentinelOnboardingStatesClientCreateOptions struct {
	// The Sentinel onboarding state parameter
	SentinelOnboardingStateParameter *SentinelOnboardingState
}

SentinelOnboardingStatesClientCreateOptions contains the optional parameters for the SentinelOnboardingStatesClient.Create method.

type SentinelOnboardingStatesClientCreateResponse 

type SentinelOnboardingStatesClientCreateResponse struct {
	SentinelOnboardingState
}

SentinelOnboardingStatesClientCreateResponse contains the response from method SentinelOnboardingStatesClient.Create.

type SentinelOnboardingStatesClientDeleteOptions 

type SentinelOnboardingStatesClientDeleteOptions struct {
}

SentinelOnboardingStatesClientDeleteOptions contains the optional parameters for the SentinelOnboardingStatesClient.Delete method.

type SentinelOnboardingStatesClientDeleteResponse 

type SentinelOnboardingStatesClientDeleteResponse struct {
}

SentinelOnboardingStatesClientDeleteResponse contains the response from method SentinelOnboardingStatesClient.Delete.

type SentinelOnboardingStatesClientGetOptions 

type SentinelOnboardingStatesClientGetOptions struct {
}

SentinelOnboardingStatesClientGetOptions contains the optional parameters for the SentinelOnboardingStatesClient.Get method.

type SentinelOnboardingStatesClientGetResponse 

type SentinelOnboardingStatesClientGetResponse struct {
	SentinelOnboardingState
}

SentinelOnboardingStatesClientGetResponse contains the response from method SentinelOnboardingStatesClient.Get.

type SentinelOnboardingStatesClientListOptions 

type SentinelOnboardingStatesClientListOptions struct {
}

SentinelOnboardingStatesClientListOptions contains the optional parameters for the SentinelOnboardingStatesClient.List method.

type SentinelOnboardingStatesClientListResponse 

type SentinelOnboardingStatesClientListResponse struct {
	SentinelOnboardingStatesList
}

SentinelOnboardingStatesClientListResponse contains the response from method SentinelOnboardingStatesClient.List.

type SentinelOnboardingStatesList 

type SentinelOnboardingStatesList struct {
	// REQUIRED; Array of Sentinel onboarding states
	Value []*SentinelOnboardingState `json:"value,omitempty"`
}

SentinelOnboardingStatesList - List of the Sentinel onboarding states

func (SentinelOnboardingStatesList) MarshalJSON 

func (s SentinelOnboardingStatesList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SentinelOnboardingStatesList.

func (*SentinelOnboardingStatesList) UnmarshalJSON 

func (s *SentinelOnboardingStatesList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SentinelOnboardingStatesList.

type SettingKind 

type SettingKind string

SettingKind - The kind of the setting 

const (
	SettingKindAnomalies       SettingKind = "Anomalies"
	SettingKindEntityAnalytics SettingKind = "EntityAnalytics"
	SettingKindEyesOn          SettingKind = "EyesOn"
	SettingKindUeba            SettingKind = "Ueba"
)

func PossibleSettingKindValues 

func PossibleSettingKindValues() []SettingKind

PossibleSettingKindValues returns the possible values for the SettingKind const type.

type SettingList 

type SettingList struct {
	// REQUIRED; Array of settings.
	Value []SettingsClassification `json:"value,omitempty"`
}

SettingList - List of all the settings.

func (SettingList) MarshalJSON 

func (s SettingList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SettingList.

func (*SettingList) UnmarshalJSON 

func (s *SettingList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SettingList.

type SettingType 

type SettingType string

SettingType - The kind of the setting 

const (
	SettingTypeCopyableLabel         SettingType = "CopyableLabel"
	SettingTypeInfoMessage           SettingType = "InfoMessage"
	SettingTypeInstructionStepsGroup SettingType = "InstructionStepsGroup"
)

func PossibleSettingTypeValues 

func PossibleSettingTypeValues() []SettingType

PossibleSettingTypeValues returns the possible values for the SettingType const type.

type Settings 

type Settings struct {
	// REQUIRED; The kind of the setting
	Kind *SettingKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Settings - The Setting.

func (*Settings) GetSettings 

func (s *Settings) GetSettings() *Settings

GetSettings implements the SettingsClassification interface for type Settings.

func (Settings) MarshalJSON 

func (s Settings) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Settings.

func (*Settings) UnmarshalJSON 

func (s *Settings) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Settings.

type SettingsClassification 

type SettingsClassification interface {
	// GetSettings returns the Settings content of the underlying type.
	GetSettings() *Settings
}

SettingsClassification provides polymorphic access to related types. Call the interface's GetSettings() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *Anomalies, *EntityAnalytics, *EyesOn, *Settings, *Ueba

type SettingsStatus 

type SettingsStatus string

SettingsStatus - The anomaly SecurityMLAnalyticsSettings status 

const (
	// SettingsStatusFlighting - Anomaly settings status in Flighting mode
	SettingsStatusFlighting SettingsStatus = "Flighting"
	// SettingsStatusProduction - Anomaly settings status in Production mode
	SettingsStatusProduction SettingsStatus = "Production"
)

func PossibleSettingsStatusValues 

func PossibleSettingsStatusValues() []SettingsStatus

PossibleSettingsStatusValues returns the possible values for the SettingsStatus const type.

type SourceControl 

type SourceControl struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// source control properties
	Properties *SourceControlProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SourceControl - Represents a SourceControl in Azure Security Insights.

func (SourceControl) MarshalJSON 

func (s SourceControl) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SourceControl.

func (*SourceControl) UnmarshalJSON 

func (s *SourceControl) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SourceControl.

type SourceControlClient 

type SourceControlClient struct {
	// contains filtered or unexported fields
}

SourceControlClient contains the methods for the SourceControl group. Don't use this type directly, use NewSourceControlClient() instead.

func NewSourceControlClient 

func NewSourceControlClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SourceControlClient, error)

NewSourceControlClient creates a new instance of SourceControlClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*SourceControlClient) NewListRepositoriesPager 

func (client *SourceControlClient) NewListRepositoriesPager(resourceGroupName string, workspaceName string, repoType RepoType, options *SourceControlClientListRepositoriesOptions) *runtime.Pager[SourceControlClientListRepositoriesResponse]

NewListRepositoriesPager - Gets a list of repositories metadata.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • repoType - The repo type.
  • options - SourceControlClientListRepositoriesOptions contains the optional parameters for the SourceControlClient.NewListRepositoriesPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/repositories/GetRepositories.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewSourceControlClient().NewListRepositoriesPager("myRg", "myWorkspace", armsecurityinsights.RepoTypeGithub, nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.RepoList = armsecurityinsights.RepoList{
	// 	Value: []*armsecurityinsights.Repo{
	// 		{
	// 			Branches: []*string{
	// 				to.Ptr("master"),
	// 				to.Ptr("develop")},
	// 				FullName: to.Ptr("reponame"),
	// 				URL: to.Ptr("https://api.github.com/repos/user/reponame"),
	// 		}},
	// 	}
}

Output:

type SourceControlClientListRepositoriesOptions 

type SourceControlClientListRepositoriesOptions struct {
}

SourceControlClientListRepositoriesOptions contains the optional parameters for the SourceControlClient.NewListRepositoriesPager method.

type SourceControlClientListRepositoriesResponse 

type SourceControlClientListRepositoriesResponse struct {
	RepoList
}

SourceControlClientListRepositoriesResponse contains the response from method SourceControlClient.NewListRepositoriesPager.

type SourceControlList 

type SourceControlList struct {
	// REQUIRED; Array of source controls.
	Value []*SourceControl `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of source controls.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

SourceControlList - List all the source controls.

func (SourceControlList) MarshalJSON 

func (s SourceControlList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SourceControlList.

func (*SourceControlList) UnmarshalJSON 

func (s *SourceControlList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SourceControlList.

type SourceControlProperties 

type SourceControlProperties struct {
	// REQUIRED; Array of source control content types.
	ContentTypes []*ContentType `json:"contentTypes,omitempty"`

	// REQUIRED; The display name of the source control
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The repository type of the source control
	RepoType *RepoType `json:"repoType,omitempty"`

	// REQUIRED; Repository metadata.
	Repository *Repository `json:"repository,omitempty"`

	// A description of the source control
	Description *string `json:"description,omitempty"`

	// The id (a Guid) of the source control
	ID *string `json:"id,omitempty"`

	// Information regarding the latest deployment for the source control.
	LastDeploymentInfo *DeploymentInfo `json:"lastDeploymentInfo,omitempty"`

	// Information regarding the resources created in user's repository.
	RepositoryResourceInfo *RepositoryResourceInfo `json:"repositoryResourceInfo,omitempty"`

	// The version number associated with the source control
	Version *Version `json:"version,omitempty"`
}

SourceControlProperties - Describes source control properties

func (SourceControlProperties) MarshalJSON 

func (s SourceControlProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SourceControlProperties.

func (*SourceControlProperties) UnmarshalJSON 

func (s *SourceControlProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SourceControlProperties.

type SourceControlsClient 

type SourceControlsClient struct {
	// contains filtered or unexported fields
}

SourceControlsClient contains the methods for the SourceControls group. Don't use this type directly, use NewSourceControlsClient() instead.

func NewSourceControlsClient 

func NewSourceControlsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*SourceControlsClient, error)

NewSourceControlsClient creates a new instance of SourceControlsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*SourceControlsClient) Create 

func (client *SourceControlsClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, sourceControl SourceControl, options *SourceControlsClientCreateOptions) (SourceControlsClientCreateResponse, error)

Create - Creates a source control. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • sourceControlID - Source control Id
  • sourceControl - The SourceControl
  • options - SourceControlsClientCreateOptions contains the optional parameters for the SourceControlsClient.Create method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/sourcecontrols/CreateSourceControl.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSourceControlsClient().Create(ctx, "myRg", "myWorkspace", "789e0c1f-4a3d-43ad-809c-e713b677b04a", armsecurityinsights.SourceControl{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Properties: &armsecurityinsights.SourceControlProperties{
		Description: to.Ptr("This is a source control"),
		ContentTypes: []*armsecurityinsights.ContentType{
			to.Ptr(armsecurityinsights.ContentType("AnalyticRules")),
			to.Ptr(armsecurityinsights.ContentTypeWorkbook)},
		DisplayName: to.Ptr("My Source Control"),
		RepoType:    to.Ptr(armsecurityinsights.RepoTypeGithub),
		Repository: &armsecurityinsights.Repository{
			Branch:     to.Ptr("master"),
			DisplayURL: to.Ptr("https://github.com/user/repo"),
			PathMapping: []*armsecurityinsights.ContentPathMap{
				{
					Path:        to.Ptr("path/to/rules"),
					ContentType: to.Ptr(armsecurityinsights.ContentType("AnalyticRules")),
				},
				{
					Path:        to.Ptr("path/to/workbooks"),
					ContentType: to.Ptr(armsecurityinsights.ContentTypeWorkbook),
				}},
			URL: to.Ptr("https://github.com/user/repo"),
		},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.SourceControl = armsecurityinsights.SourceControl{
// 	Name: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/SourceControls"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a"),
// 	SystemData: &armsecurityinsights.SystemData{
// 		CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.1234567Z"); return t}()),
// 		CreatedBy: to.Ptr("user1"),
// 		CreatedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser),
// 		LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-02T17:18:19.1234567Z"); return t}()),
// 		LastModifiedBy: to.Ptr("user2"),
// 		LastModifiedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser),
// 	},
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.SourceControlProperties{
// 		Description: to.Ptr("this is a source control"),
// 		ContentTypes: []*armsecurityinsights.ContentType{
// 			to.Ptr(armsecurityinsights.ContentType("AnalyticRules")),
// 			to.Ptr(armsecurityinsights.ContentTypeWorkbook)},
// 			DisplayName: to.Ptr("My Source Control"),
// 			ID: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"),
// 			LastDeploymentInfo: &armsecurityinsights.DeploymentInfo{
// 				Deployment: &armsecurityinsights.Deployment{
// 					DeploymentID: to.Ptr("4985046420"),
// 					DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"),
// 					DeploymentResult: to.Ptr(armsecurityinsights.DeploymentResultSuccess),
// 					DeploymentState: to.Ptr(armsecurityinsights.DeploymentStateCompleted),
// 					DeploymentTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.1234567Z"); return t}()),
// 				},
// 				DeploymentFetchStatus: to.Ptr(armsecurityinsights.DeploymentFetchStatusSuccess),
// 				Message: to.Ptr("Successful deployment"),
// 			},
// 			RepoType: to.Ptr(armsecurityinsights.RepoTypeGithub),
// 			Repository: &armsecurityinsights.Repository{
// 				Branch: to.Ptr("master"),
// 				DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"),
// 				DisplayURL: to.Ptr("https://github.com/user/repo"),
// 				PathMapping: []*armsecurityinsights.ContentPathMap{
// 					{
// 						Path: to.Ptr("path/to/rules"),
// 						ContentType: to.Ptr(armsecurityinsights.ContentType("AnalyticRules")),
// 					},
// 					{
// 						Path: to.Ptr("path/to/workbooks"),
// 						ContentType: to.Ptr(armsecurityinsights.ContentTypeWorkbook),
// 				}},
// 				URL: to.Ptr("https://github.com/user/repo"),
// 			},
// 			RepositoryResourceInfo: &armsecurityinsights.RepositoryResourceInfo{
// 				GitHubResourceInfo: &armsecurityinsights.GitHubResourceInfo{
// 					AppInstallationID: to.Ptr("123"),
// 				},
// 				Webhook: &armsecurityinsights.Webhook{
// 					WebhookID: to.Ptr("342768323"),
// 					WebhookSecretUpdateTime: to.Ptr("2021-01-01T17:18:19.1234567Z"),
// 					WebhookURL: to.Ptr("https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a"),
// 				},
// 			},
// 		},
// 	}

Output:

func (*SourceControlsClient) Delete 

func (client *SourceControlsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientDeleteOptions) (SourceControlsClientDeleteResponse, error)

Delete - Delete a source control. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • sourceControlID - Source control Id
  • options - SourceControlsClientDeleteOptions contains the optional parameters for the SourceControlsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/sourcecontrols/DeleteSourceControl.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewSourceControlsClient().Delete(ctx, "myRg", "myWorkspace", "789e0c1f-4a3d-43ad-809c-e713b677b04a", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*SourceControlsClient) Get 

func (client *SourceControlsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, sourceControlID string, options *SourceControlsClientGetOptions) (SourceControlsClientGetResponse, error)

Get - Gets a source control byt its identifier. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • sourceControlID - Source control Id
  • options - SourceControlsClientGetOptions contains the optional parameters for the SourceControlsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/sourcecontrols/GetSourceControlById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewSourceControlsClient().Get(ctx, "myRg", "myWorkspace", "789e0c1f-4a3d-43ad-809c-e713b677b04a", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.SourceControl = armsecurityinsights.SourceControl{
// 	Name: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/SourceControls"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a"),
// 	SystemData: &armsecurityinsights.SystemData{
// 		CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.1234567Z"); return t}()),
// 		CreatedBy: to.Ptr("user1"),
// 		CreatedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser),
// 		LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-02T17:18:19.1234567Z"); return t}()),
// 		LastModifiedBy: to.Ptr("user2"),
// 		LastModifiedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser),
// 	},
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.SourceControlProperties{
// 		Description: to.Ptr("this is a source control"),
// 		ContentTypes: []*armsecurityinsights.ContentType{
// 			to.Ptr(armsecurityinsights.ContentType("AnalyticRules")),
// 			to.Ptr(armsecurityinsights.ContentTypeWorkbook)},
// 			DisplayName: to.Ptr("My Source Control"),
// 			ID: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"),
// 			LastDeploymentInfo: &armsecurityinsights.DeploymentInfo{
// 				Deployment: &armsecurityinsights.Deployment{
// 					DeploymentID: to.Ptr("4985046420"),
// 					DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"),
// 					DeploymentResult: to.Ptr(armsecurityinsights.DeploymentResultSuccess),
// 					DeploymentState: to.Ptr(armsecurityinsights.DeploymentStateCompleted),
// 					DeploymentTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.1234567Z"); return t}()),
// 				},
// 				DeploymentFetchStatus: to.Ptr(armsecurityinsights.DeploymentFetchStatusSuccess),
// 				Message: to.Ptr("Successful deployment"),
// 			},
// 			RepoType: to.Ptr(armsecurityinsights.RepoTypeGithub),
// 			Repository: &armsecurityinsights.Repository{
// 				Branch: to.Ptr("master"),
// 				DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"),
// 				DisplayURL: to.Ptr("https://github.com/user/repo"),
// 				PathMapping: []*armsecurityinsights.ContentPathMap{
// 					{
// 						Path: to.Ptr("path/to/rules"),
// 						ContentType: to.Ptr(armsecurityinsights.ContentType("AnalyticRules")),
// 					},
// 					{
// 						Path: to.Ptr("path/to/workbooks"),
// 						ContentType: to.Ptr(armsecurityinsights.ContentTypeWorkbook),
// 				}},
// 				URL: to.Ptr("https://github.com/user/repo"),
// 			},
// 			RepositoryResourceInfo: &armsecurityinsights.RepositoryResourceInfo{
// 				GitHubResourceInfo: &armsecurityinsights.GitHubResourceInfo{
// 					AppInstallationID: to.Ptr("123"),
// 				},
// 				Webhook: &armsecurityinsights.Webhook{
// 					WebhookID: to.Ptr("342768323"),
// 					WebhookSecretUpdateTime: to.Ptr("2021-01-01T17:18:19.1234567Z"),
// 					WebhookURL: to.Ptr("https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a"),
// 				},
// 			},
// 		},
// 	}

Output:

func (*SourceControlsClient) NewListPager 

func (client *SourceControlsClient) NewListPager(resourceGroupName string, workspaceName string, options *SourceControlsClientListOptions) *runtime.Pager[SourceControlsClientListResponse]

NewListPager - Gets all source controls, without source control items.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - SourceControlsClientListOptions contains the optional parameters for the SourceControlsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/sourcecontrols/GetSourceControls.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewSourceControlsClient().NewListPager("myRg", "myWorkspace", nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.SourceControlList = armsecurityinsights.SourceControlList{
	// 	Value: []*armsecurityinsights.SourceControl{
	// 		{
	// 			Name: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/SourceControls"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/sourcecontrols/789e0c1f-4a3d-43ad-809c-e713b677b04a"),
	// 			SystemData: &armsecurityinsights.SystemData{
	// 				CreatedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.1234567Z"); return t}()),
	// 				CreatedBy: to.Ptr("user1"),
	// 				CreatedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser),
	// 				LastModifiedAt: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-02T17:18:19.1234567Z"); return t}()),
	// 				LastModifiedBy: to.Ptr("user2"),
	// 				LastModifiedByType: to.Ptr(armsecurityinsights.CreatedByTypeUser),
	// 			},
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Properties: &armsecurityinsights.SourceControlProperties{
	// 				Description: to.Ptr("this is a source control"),
	// 				ContentTypes: []*armsecurityinsights.ContentType{
	// 					to.Ptr(armsecurityinsights.ContentType("AnalyticRules")),
	// 					to.Ptr(armsecurityinsights.ContentTypeWorkbook)},
	// 					DisplayName: to.Ptr("My Source Control"),
	// 					ID: to.Ptr("789e0c1f-4a3d-43ad-809c-e713b677b04a"),
	// 					LastDeploymentInfo: &armsecurityinsights.DeploymentInfo{
	// 						Deployment: &armsecurityinsights.Deployment{
	// 							DeploymentID: to.Ptr("4985046420"),
	// 							DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"),
	// 							DeploymentResult: to.Ptr(armsecurityinsights.DeploymentResultSuccess),
	// 							DeploymentState: to.Ptr(armsecurityinsights.DeploymentStateCompleted),
	// 							DeploymentTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-01-01T17:18:19.1234567Z"); return t}()),
	// 						},
	// 						DeploymentFetchStatus: to.Ptr(armsecurityinsights.DeploymentFetchStatusSuccess),
	// 						Message: to.Ptr("Successful deployment"),
	// 					},
	// 					RepoType: to.Ptr(armsecurityinsights.RepoTypeGithub),
	// 					Repository: &armsecurityinsights.Repository{
	// 						Branch: to.Ptr("master"),
	// 						DeploymentLogsURL: to.Ptr("https://github.com/user/repo/actions"),
	// 						DisplayURL: to.Ptr("https://github.com/user/repo"),
	// 						PathMapping: []*armsecurityinsights.ContentPathMap{
	// 							{
	// 								Path: to.Ptr("path/to/rules"),
	// 								ContentType: to.Ptr(armsecurityinsights.ContentType("AnalyticRules")),
	// 							},
	// 							{
	// 								Path: to.Ptr("path/to/workbooks"),
	// 								ContentType: to.Ptr(armsecurityinsights.ContentTypeWorkbook),
	// 						}},
	// 						URL: to.Ptr("https://github.com/user/repo"),
	// 					},
	// 					RepositoryResourceInfo: &armsecurityinsights.RepositoryResourceInfo{
	// 						GitHubResourceInfo: &armsecurityinsights.GitHubResourceInfo{
	// 							AppInstallationID: to.Ptr("123"),
	// 						},
	// 						Webhook: &armsecurityinsights.Webhook{
	// 							WebhookID: to.Ptr("342768323"),
	// 							WebhookSecretUpdateTime: to.Ptr("2021-01-01T17:18:19.1234567Z"),
	// 							WebhookURL: to.Ptr("https://cac.sentinel.azure.com/workspaces/b7c525e9-1bfa-4435-88c0-817e13abb088/webhooks/ado/sourceControl/789e0c1f-4a3d-43ad-809c-e713b677b04a"),
	// 						},
	// 					},
	// 				},
	// 		}},
	// 	}
}

Output:

type SourceControlsClientCreateOptions 

type SourceControlsClientCreateOptions struct {
}

SourceControlsClientCreateOptions contains the optional parameters for the SourceControlsClient.Create method.

type SourceControlsClientCreateResponse 

type SourceControlsClientCreateResponse struct {
	SourceControl
}

SourceControlsClientCreateResponse contains the response from method SourceControlsClient.Create.

type SourceControlsClientDeleteOptions 

type SourceControlsClientDeleteOptions struct {
}

SourceControlsClientDeleteOptions contains the optional parameters for the SourceControlsClient.Delete method.

type SourceControlsClientDeleteResponse 

type SourceControlsClientDeleteResponse struct {
}

SourceControlsClientDeleteResponse contains the response from method SourceControlsClient.Delete.

type SourceControlsClientGetOptions 

type SourceControlsClientGetOptions struct {
}

SourceControlsClientGetOptions contains the optional parameters for the SourceControlsClient.Get method.

type SourceControlsClientGetResponse 

type SourceControlsClientGetResponse struct {
	SourceControl
}

SourceControlsClientGetResponse contains the response from method SourceControlsClient.Get.

type SourceControlsClientListOptions 

type SourceControlsClientListOptions struct {
}

SourceControlsClientListOptions contains the optional parameters for the SourceControlsClient.NewListPager method.

type SourceControlsClientListResponse 

type SourceControlsClientListResponse struct {
	SourceControlList
}

SourceControlsClientListResponse contains the response from method SourceControlsClient.NewListPager.

type SourceKind 

type SourceKind string

SourceKind - Source type of the content 

const (
	SourceKindCommunity        SourceKind = "Community"
	SourceKindLocalWorkspace   SourceKind = "LocalWorkspace"
	SourceKindSolution         SourceKind = "Solution"
	SourceKindSourceRepository SourceKind = "SourceRepository"
)

func PossibleSourceKindValues 

func PossibleSourceKindValues() []SourceKind

PossibleSourceKindValues returns the possible values for the SourceKind const type.

type SourceType 

type SourceType string

SourceType - The sourceType of the watchlist 

const (
	SourceTypeLocalFile     SourceType = "Local file"
	SourceTypeRemoteStorage SourceType = "Remote storage"
)

func PossibleSourceTypeValues 

func PossibleSourceTypeValues() []SourceType

PossibleSourceTypeValues returns the possible values for the SourceType const type.

type SubmissionMailEntity 

type SubmissionMailEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Submission mail entity properties
	Properties *SubmissionMailEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

SubmissionMailEntity - Represents a submission mail entity.

func (*SubmissionMailEntity) GetEntity 

func (s *SubmissionMailEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type SubmissionMailEntity.

func (SubmissionMailEntity) MarshalJSON 

func (s SubmissionMailEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntity.

func (*SubmissionMailEntity) UnmarshalJSON 

func (s *SubmissionMailEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntity.

type SubmissionMailEntityProperties 

type SubmissionMailEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; The network message id of email to which submission belongs
	NetworkMessageID *string `json:"networkMessageId,omitempty" azure:"ro"`

	// READ-ONLY; The recipient of the mail
	Recipient *string `json:"recipient,omitempty" azure:"ro"`

	// READ-ONLY; The submission type for the given instance. This maps to Junk, Phish, Malware or NotJunk.
	ReportType *string `json:"reportType,omitempty" azure:"ro"`

	// READ-ONLY; The sender of the mail
	Sender *string `json:"sender,omitempty" azure:"ro"`

	// READ-ONLY; The sender's IP
	SenderIP *string `json:"senderIp,omitempty" azure:"ro"`

	// READ-ONLY; The subject of submission mail
	Subject *string `json:"subject,omitempty" azure:"ro"`

	// READ-ONLY; The submission date
	SubmissionDate *time.Time `json:"submissionDate,omitempty" azure:"ro"`

	// READ-ONLY; The submission id
	SubmissionID *string `json:"submissionId,omitempty" azure:"ro"`

	// READ-ONLY; The submitter
	Submitter *string `json:"submitter,omitempty" azure:"ro"`

	// READ-ONLY; The Time stamp when the message is received (Mail)
	Timestamp *time.Time `json:"timestamp,omitempty" azure:"ro"`
}

SubmissionMailEntityProperties - Submission mail entity property bag.

func (SubmissionMailEntityProperties) MarshalJSON 

func (s SubmissionMailEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SubmissionMailEntityProperties.

func (*SubmissionMailEntityProperties) UnmarshalJSON 

func (s *SubmissionMailEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SubmissionMailEntityProperties.

type SupportTier 

type SupportTier string

SupportTier - Type of support for content item 

const (
	SupportTierCommunity SupportTier = "Community"
	SupportTierMicrosoft SupportTier = "Microsoft"
	SupportTierPartner   SupportTier = "Partner"
)

func PossibleSupportTierValues 

func PossibleSupportTierValues() []SupportTier

PossibleSupportTierValues returns the possible values for the SupportTier const type.

type SystemData 

type SystemData struct {
	// The timestamp of resource creation (UTC).
	CreatedAt *time.Time `json:"createdAt,omitempty"`

	// The identity that created the resource.
	CreatedBy *string `json:"createdBy,omitempty"`

	// The type of identity that created the resource.
	CreatedByType *CreatedByType `json:"createdByType,omitempty"`

	// The timestamp of resource last modification (UTC)
	LastModifiedAt *time.Time `json:"lastModifiedAt,omitempty"`

	// The identity that last modified the resource.
	LastModifiedBy *string `json:"lastModifiedBy,omitempty"`

	// The type of identity that last modified the resource.
	LastModifiedByType *CreatedByType `json:"lastModifiedByType,omitempty"`
}

SystemData - Metadata pertaining to creation and last modification of the resource.

func (SystemData) MarshalJSON 

func (s SystemData) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type SystemData.

func (*SystemData) UnmarshalJSON 

func (s *SystemData) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type SystemData.

type TICheckRequirements 

type TICheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Threat Intelligence Platforms data connector check required properties
	Properties *TICheckRequirementsProperties `json:"properties,omitempty"`
}

TICheckRequirements - Threat Intelligence Platforms data connector check requirements

func (*TICheckRequirements) GetDataConnectorsCheckRequirements 

func (t *TICheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type TICheckRequirements.

func (TICheckRequirements) MarshalJSON 

func (t TICheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TICheckRequirements.

func (*TICheckRequirements) UnmarshalJSON 

func (t *TICheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TICheckRequirements.

type TICheckRequirementsProperties 

type TICheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TICheckRequirementsProperties - Threat Intelligence Platforms data connector required properties.

func (TICheckRequirementsProperties) MarshalJSON 

func (t TICheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TICheckRequirementsProperties.

func (*TICheckRequirementsProperties) UnmarshalJSON 

func (t *TICheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TICheckRequirementsProperties.

type TIDataConnector 

type TIDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// TI (Threat Intelligence) data connector properties.
	Properties *TIDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

TIDataConnector - Represents threat intelligence data connector.

func (*TIDataConnector) GetDataConnector 

func (t *TIDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type TIDataConnector.

func (TIDataConnector) MarshalJSON 

func (t TIDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TIDataConnector.

func (*TIDataConnector) UnmarshalJSON 

func (t *TIDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnector.

type TIDataConnectorDataTypes 

type TIDataConnectorDataTypes struct {
	// REQUIRED; Data type for indicators connection.
	Indicators *TIDataConnectorDataTypesIndicators `json:"indicators,omitempty"`
}

TIDataConnectorDataTypes - The available data types for TI (Threat Intelligence) data connector.

func (TIDataConnectorDataTypes) MarshalJSON 

func (t TIDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TIDataConnectorDataTypes.

func (*TIDataConnectorDataTypes) UnmarshalJSON 

func (t *TIDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorDataTypes.

type TIDataConnectorDataTypesIndicators 

type TIDataConnectorDataTypesIndicators struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

TIDataConnectorDataTypesIndicators - Data type for indicators connection.

func (TIDataConnectorDataTypesIndicators) MarshalJSON 

func (t TIDataConnectorDataTypesIndicators) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TIDataConnectorDataTypesIndicators.

func (*TIDataConnectorDataTypesIndicators) UnmarshalJSON 

func (t *TIDataConnectorDataTypesIndicators) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorDataTypesIndicators.

type TIDataConnectorProperties 

type TIDataConnectorProperties struct {
	// REQUIRED; The available data types for the connector.
	DataTypes *TIDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The lookback period for the feed to be imported.
	TipLookbackPeriod *time.Time `json:"tipLookbackPeriod,omitempty"`
}

TIDataConnectorProperties - TI (Threat Intelligence) data connector properties.

func (TIDataConnectorProperties) MarshalJSON 

func (t TIDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TIDataConnectorProperties.

func (*TIDataConnectorProperties) UnmarshalJSON 

func (t *TIDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TIDataConnectorProperties.

type TeamInformation 

type TeamInformation struct {
	// READ-ONLY; The description of the team
	Description *string `json:"description,omitempty" azure:"ro"`

	// READ-ONLY; The name of the team
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; The primary channel URL of the team
	PrimaryChannelURL *string `json:"primaryChannelUrl,omitempty" azure:"ro"`

	// READ-ONLY; The time the team was created
	TeamCreationTimeUTC *time.Time `json:"teamCreationTimeUtc,omitempty" azure:"ro"`

	// READ-ONLY; Team ID
	TeamID *string `json:"teamId,omitempty" azure:"ro"`
}

TeamInformation - Describes team information

func (TeamInformation) MarshalJSON 

func (t TeamInformation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TeamInformation.

func (*TeamInformation) UnmarshalJSON 

func (t *TeamInformation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TeamInformation.

type TeamProperties 

type TeamProperties struct {
	// REQUIRED; The name of the team
	TeamName *string `json:"teamName,omitempty"`

	// List of group IDs to add their members to the team
	GroupIDs []*string `json:"groupIds,omitempty"`

	// List of member IDs to add to the team
	MemberIDs []*string `json:"memberIds,omitempty"`

	// The description of the team
	TeamDescription *string `json:"teamDescription,omitempty"`
}

TeamProperties - Describes team properties

func (TeamProperties) MarshalJSON 

func (t TeamProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TeamProperties.

func (*TeamProperties) UnmarshalJSON 

func (t *TeamProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TeamProperties.

type TemplateStatus 

type TemplateStatus string

TemplateStatus - The alert rule template status. 

const (
	// TemplateStatusAvailable - Alert rule template is available.
	TemplateStatusAvailable TemplateStatus = "Available"
	// TemplateStatusInstalled - Alert rule template installed. and can not use more then once
	TemplateStatusInstalled TemplateStatus = "Installed"
	// TemplateStatusNotAvailable - Alert rule template is not available
	TemplateStatusNotAvailable TemplateStatus = "NotAvailable"
)

func PossibleTemplateStatusValues 

func PossibleTemplateStatusValues() []TemplateStatus

PossibleTemplateStatusValues returns the possible values for the TemplateStatus const type.

type ThreatIntelligence 

type ThreatIntelligence struct {
	// READ-ONLY; Confidence (must be between 0 and 1)
	Confidence *float64 `json:"confidence,omitempty" azure:"ro"`

	// READ-ONLY; Name of the provider from whom this Threat Intelligence information was received
	ProviderName *string `json:"providerName,omitempty" azure:"ro"`

	// READ-ONLY; Report link
	ReportLink *string `json:"reportLink,omitempty" azure:"ro"`

	// READ-ONLY; Threat description (free text)
	ThreatDescription *string `json:"threatDescription,omitempty" azure:"ro"`

	// READ-ONLY; Threat name (e.g. "Jedobot malware")
	ThreatName *string `json:"threatName,omitempty" azure:"ro"`

	// READ-ONLY; Threat type (e.g. "Botnet")
	ThreatType *string `json:"threatType,omitempty" azure:"ro"`
}

ThreatIntelligence property bag.

func (ThreatIntelligence) MarshalJSON 

func (t ThreatIntelligence) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligence.

func (*ThreatIntelligence) UnmarshalJSON 

func (t *ThreatIntelligence) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligence.

type ThreatIntelligenceAlertRule 

type ThreatIntelligenceAlertRule struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Threat Intelligence alert rule properties
	Properties *ThreatIntelligenceAlertRuleProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ThreatIntelligenceAlertRule - Represents Threat Intelligence alert rule.

func (*ThreatIntelligenceAlertRule) GetAlertRule 

func (t *ThreatIntelligenceAlertRule) GetAlertRule() *AlertRule

GetAlertRule implements the AlertRuleClassification interface for type ThreatIntelligenceAlertRule.

func (ThreatIntelligenceAlertRule) MarshalJSON 

func (t ThreatIntelligenceAlertRule) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRule.

func (*ThreatIntelligenceAlertRule) UnmarshalJSON 

func (t *ThreatIntelligenceAlertRule) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRule.

type ThreatIntelligenceAlertRuleProperties 

type ThreatIntelligenceAlertRuleProperties struct {
	// REQUIRED; The Name of the alert rule template used to create this rule.
	AlertRuleTemplateName *string `json:"alertRuleTemplateName,omitempty"`

	// REQUIRED; Determines whether this alert rule is enabled or disabled.
	Enabled *bool `json:"enabled,omitempty"`

	// READ-ONLY; The description of the alert rule.
	Description *string `json:"description,omitempty" azure:"ro"`

	// READ-ONLY; The display name for alerts created by this alert rule.
	DisplayName *string `json:"displayName,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert has been modified.
	LastModifiedUTC *time.Time `json:"lastModifiedUtc,omitempty" azure:"ro"`

	// READ-ONLY; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty" azure:"ro"`

	// READ-ONLY; The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty" azure:"ro"`

	// READ-ONLY; The techniques of the alert rule
	Techniques []*string `json:"techniques,omitempty" azure:"ro"`
}

ThreatIntelligenceAlertRuleProperties - Threat Intelligence alert rule base property bag.

func (ThreatIntelligenceAlertRuleProperties) MarshalJSON 

func (t ThreatIntelligenceAlertRuleProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleProperties.

func (*ThreatIntelligenceAlertRuleProperties) UnmarshalJSON 

func (t *ThreatIntelligenceAlertRuleProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleProperties.

type ThreatIntelligenceAlertRuleTemplate 

type ThreatIntelligenceAlertRuleTemplate struct {
	// REQUIRED; The kind of the alert rule
	Kind *AlertRuleKind `json:"kind,omitempty"`

	// Threat Intelligence alert rule template properties
	Properties *ThreatIntelligenceAlertRuleTemplateProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ThreatIntelligenceAlertRuleTemplate - Represents Threat Intelligence alert rule template.

func (*ThreatIntelligenceAlertRuleTemplate) GetAlertRuleTemplate 

func (t *ThreatIntelligenceAlertRuleTemplate) GetAlertRuleTemplate() *AlertRuleTemplate

GetAlertRuleTemplate implements the AlertRuleTemplateClassification interface for type ThreatIntelligenceAlertRuleTemplate.

func (ThreatIntelligenceAlertRuleTemplate) MarshalJSON 

func (t ThreatIntelligenceAlertRuleTemplate) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleTemplate.

func (*ThreatIntelligenceAlertRuleTemplate) UnmarshalJSON 

func (t *ThreatIntelligenceAlertRuleTemplate) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleTemplate.

type ThreatIntelligenceAlertRuleTemplateProperties 

type ThreatIntelligenceAlertRuleTemplateProperties struct {
	// REQUIRED; The severity for alerts created by this alert rule.
	Severity *AlertSeverity `json:"severity,omitempty"`

	// the number of alert rules that were created by this template
	AlertRulesCreatedByTemplateCount *int32 `json:"alertRulesCreatedByTemplateCount,omitempty"`

	// The description of the alert rule template.
	Description *string `json:"description,omitempty"`

	// The display name for alert rule template.
	DisplayName *string `json:"displayName,omitempty"`

	// The required data sources for this template
	RequiredDataConnectors []*AlertRuleTemplateDataSource `json:"requiredDataConnectors,omitempty"`

	// The alert rule template status.
	Status *TemplateStatus `json:"status,omitempty"`

	// The tactics of the alert rule
	Tactics []*AttackTactic `json:"tactics,omitempty"`

	// The techniques of the alert rule
	Techniques []*string `json:"techniques,omitempty"`

	// READ-ONLY; The time that this alert rule template has been added.
	CreatedDateUTC *time.Time `json:"createdDateUTC,omitempty" azure:"ro"`

	// READ-ONLY; The last time that this alert rule template has been updated.
	LastUpdatedDateUTC *time.Time `json:"lastUpdatedDateUTC,omitempty" azure:"ro"`
}

ThreatIntelligenceAlertRuleTemplateProperties - Threat Intelligence alert rule template properties

func (ThreatIntelligenceAlertRuleTemplateProperties) MarshalJSON 

func (t ThreatIntelligenceAlertRuleTemplateProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAlertRuleTemplateProperties.

func (*ThreatIntelligenceAlertRuleTemplateProperties) UnmarshalJSON 

func (t *ThreatIntelligenceAlertRuleTemplateProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAlertRuleTemplateProperties.

type ThreatIntelligenceAppendTags 

type ThreatIntelligenceAppendTags struct {
	// List of tags to be appended.
	ThreatIntelligenceTags []*string `json:"threatIntelligenceTags,omitempty"`
}

ThreatIntelligenceAppendTags - Array of tags to be appended to the threat intelligence indicator.

func (ThreatIntelligenceAppendTags) MarshalJSON 

func (t ThreatIntelligenceAppendTags) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceAppendTags.

func (*ThreatIntelligenceAppendTags) UnmarshalJSON 

func (t *ThreatIntelligenceAppendTags) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceAppendTags.

type ThreatIntelligenceExternalReference 

type ThreatIntelligenceExternalReference struct {
	// External reference description
	Description *string `json:"description,omitempty"`

	// External reference ID
	ExternalID *string `json:"externalId,omitempty"`

	// External reference hashes
	Hashes map[string]*string `json:"hashes,omitempty"`

	// External reference source name
	SourceName *string `json:"sourceName,omitempty"`

	// External reference URL
	URL *string `json:"url,omitempty"`
}

ThreatIntelligenceExternalReference - Describes external reference

func (ThreatIntelligenceExternalReference) MarshalJSON 

func (t ThreatIntelligenceExternalReference) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceExternalReference.

func (*ThreatIntelligenceExternalReference) UnmarshalJSON 

func (t *ThreatIntelligenceExternalReference) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceExternalReference.

type ThreatIntelligenceFilteringCriteria 

type ThreatIntelligenceFilteringCriteria struct {
	// Ids of threat intelligence indicators
	IDs []*string `json:"ids,omitempty"`

	// Parameter to include/exclude disabled indicators.
	IncludeDisabled *bool `json:"includeDisabled,omitempty"`

	// Keywords for searching threat intelligence indicators
	Keywords []*string `json:"keywords,omitempty"`

	// Maximum confidence.
	MaxConfidence *int32 `json:"maxConfidence,omitempty"`

	// End time for ValidUntil filter.
	MaxValidUntil *string `json:"maxValidUntil,omitempty"`

	// Minimum confidence.
	MinConfidence *int32 `json:"minConfidence,omitempty"`

	// Start time for ValidUntil filter.
	MinValidUntil *string `json:"minValidUntil,omitempty"`

	// Page size
	PageSize *int32 `json:"pageSize,omitempty"`

	// Pattern types
	PatternTypes []*string `json:"patternTypes,omitempty"`

	// Skip token.
	SkipToken *string `json:"skipToken,omitempty"`

	// Columns to sort by and sorting order
	SortBy []*ThreatIntelligenceSortingCriteria `json:"sortBy,omitempty"`

	// Sources of threat intelligence indicators
	Sources []*string `json:"sources,omitempty"`

	// Threat types of threat intelligence indicators
	ThreatTypes []*string `json:"threatTypes,omitempty"`
}

ThreatIntelligenceFilteringCriteria - Filtering criteria for querying threat intelligence indicators.

func (ThreatIntelligenceFilteringCriteria) MarshalJSON 

func (t ThreatIntelligenceFilteringCriteria) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceFilteringCriteria.

func (*ThreatIntelligenceFilteringCriteria) UnmarshalJSON 

func (t *ThreatIntelligenceFilteringCriteria) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceFilteringCriteria.

type ThreatIntelligenceGranularMarkingModel 

type ThreatIntelligenceGranularMarkingModel struct {
	// Language granular marking model
	Language *string `json:"language,omitempty"`

	// marking reference granular marking model
	MarkingRef *int32 `json:"markingRef,omitempty"`

	// granular marking model selectors
	Selectors []*string `json:"selectors,omitempty"`
}

ThreatIntelligenceGranularMarkingModel - Describes threat granular marking model entity

func (ThreatIntelligenceGranularMarkingModel) MarshalJSON 

func (t ThreatIntelligenceGranularMarkingModel) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceGranularMarkingModel.

func (*ThreatIntelligenceGranularMarkingModel) UnmarshalJSON 

func (t *ThreatIntelligenceGranularMarkingModel) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceGranularMarkingModel.

type ThreatIntelligenceIndicatorClient 

type ThreatIntelligenceIndicatorClient struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorClient contains the methods for the ThreatIntelligenceIndicator group. Don't use this type directly, use NewThreatIntelligenceIndicatorClient() instead.

func NewThreatIntelligenceIndicatorClient 

func NewThreatIntelligenceIndicatorClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ThreatIntelligenceIndicatorClient, error)

NewThreatIntelligenceIndicatorClient creates a new instance of ThreatIntelligenceIndicatorClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ThreatIntelligenceIndicatorClient) AppendTags 

func (client *ThreatIntelligenceIndicatorClient) AppendTags(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceAppendTags ThreatIntelligenceAppendTags, options *ThreatIntelligenceIndicatorClientAppendTagsOptions) (ThreatIntelligenceIndicatorClientAppendTagsResponse, error)

AppendTags - Append tags to a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • name - Threat intelligence indicator name field.
  • threatIntelligenceAppendTags - The threat intelligence append tags request body
  • options - ThreatIntelligenceIndicatorClientAppendTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.AppendTags method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/AppendTagsThreatIntelligence.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewThreatIntelligenceIndicatorClient().AppendTags(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceAppendTags{
	ThreatIntelligenceTags: []*string{
		to.Ptr("tag1"),
		to.Ptr("tag2")},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*ThreatIntelligenceIndicatorClient) Create 

func (client *ThreatIntelligenceIndicatorClient) Create(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceProperties ThreatIntelligenceIndicatorModel, options *ThreatIntelligenceIndicatorClientCreateOptions) (ThreatIntelligenceIndicatorClientCreateResponse, error)

Create - Update a threat Intelligence indicator. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • name - Threat intelligence indicator name field.
  • threatIntelligenceProperties - Properties of threat intelligence indicators to create and update.
  • options - ThreatIntelligenceIndicatorClientCreateOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Create method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/UpdateThreatIntelligence.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewThreatIntelligenceIndicatorClient().Create(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceIndicatorModel{
	Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
	Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
		Description:        to.Ptr("debugging indicators"),
		Confidence:         to.Ptr[int32](78),
		CreatedByRef:       to.Ptr("contoso@contoso.com"),
		DisplayName:        to.Ptr("new schema"),
		ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{},
		GranularMarkings:   []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{},
		KillChainPhases:    []*armsecurityinsights.ThreatIntelligenceKillChainPhase{},
		Labels:             []*string{},
		Modified:           to.Ptr(""),
		Pattern:            to.Ptr("[url:value = 'https://www.contoso.com']"),
		PatternType:        to.Ptr("url"),
		Revoked:            to.Ptr(false),
		Source:             to.Ptr("Azure Sentinel"),
		ThreatIntelligenceTags: []*string{
			to.Ptr("new schema")},
		ThreatTypes: []*string{
			to.Ptr("compromised")},
		ValidFrom:  to.Ptr("2020-04-15T17:44:00.114052Z"),
		ValidUntil: to.Ptr(""),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.ThreatIntelligenceIndicatorClientCreateResponse{
// 	                            ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{
// 		Name: to.Ptr("180105c7-a28d-b1a2-4a78-234f6ec80fd6"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
// 		ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6"),
// 		Etag: to.Ptr("\"0000322c-0000-0800-0000-5e976c960000\""),
// 		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
// 		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
// 			Description: to.Ptr("debugging indicators"),
// 			Confidence: to.Ptr[int32](78),
// 			Created: to.Ptr("2021-04-15T20:20:38.6160949Z"),
// 			CreatedByRef: to.Ptr("contoso@contoso.com"),
// 			DisplayName: to.Ptr("new schema"),
// 			ExternalID: to.Ptr("indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7"),
// 			ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
// 			},
// 			GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
// 			},
// 			KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
// 			},
// 			LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:20:38.6161887Z"),
// 			Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
// 			PatternType: to.Ptr("url"),
// 			Revoked: to.Ptr(false),
// 			Source: to.Ptr("Azure Sentinel"),
// 			ThreatIntelligenceTags: []*string{
// 				to.Ptr("new schema")},
// 				ThreatTypes: []*string{
// 					to.Ptr("compromised")},
// 					ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"),
// 				},
// 			},
// 			                        }

Output:

func (*ThreatIntelligenceIndicatorClient) CreateIndicator 

func (client *ThreatIntelligenceIndicatorClient) CreateIndicator(ctx context.Context, resourceGroupName string, workspaceName string, threatIntelligenceProperties ThreatIntelligenceIndicatorModel, options *ThreatIntelligenceIndicatorClientCreateIndicatorOptions) (ThreatIntelligenceIndicatorClientCreateIndicatorResponse, error)

CreateIndicator - Create a new threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • threatIntelligenceProperties - Properties of threat intelligence indicators to create and update.
  • options - ThreatIntelligenceIndicatorClientCreateIndicatorOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.CreateIndicator method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/CreateThreatIntelligence.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewThreatIntelligenceIndicatorClient().CreateIndicator(ctx, "myRg", "myWorkspace", armsecurityinsights.ThreatIntelligenceIndicatorModel{
	Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
	Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
		Description:        to.Ptr("debugging indicators"),
		Confidence:         to.Ptr[int32](78),
		CreatedByRef:       to.Ptr("contoso@contoso.com"),
		DisplayName:        to.Ptr("new schema"),
		ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{},
		GranularMarkings:   []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{},
		KillChainPhases:    []*armsecurityinsights.ThreatIntelligenceKillChainPhase{},
		Labels:             []*string{},
		Modified:           to.Ptr(""),
		Pattern:            to.Ptr("[url:value = 'https://www.contoso.com']"),
		PatternType:        to.Ptr("url"),
		Revoked:            to.Ptr(false),
		Source:             to.Ptr("Azure Sentinel"),
		ThreatIntelligenceTags: []*string{
			to.Ptr("new schema")},
		ThreatTypes: []*string{
			to.Ptr("compromised")},
		ValidFrom:  to.Ptr("2021-09-15T17:44:00.114052Z"),
		ValidUntil: to.Ptr(""),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.ThreatIntelligenceIndicatorClientCreateIndicatorResponse{
// 	                            ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{
// 		Name: to.Ptr("180105c7-a28d-b1a2-4a78-234f6ec80fd6"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
// 		ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/180105c7-a28d-b1a2-4a78-234f6ec80fd6"),
// 		Etag: to.Ptr("\"0000322c-0000-0800-0000-5e976c960000\""),
// 		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
// 		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
// 			Description: to.Ptr("debugging indicators"),
// 			Confidence: to.Ptr[int32](78),
// 			Created: to.Ptr("2021-09-15T20:20:38.6160949Z"),
// 			CreatedByRef: to.Ptr("contoso@contoso.com"),
// 			DisplayName: to.Ptr("new schema"),
// 			ExternalID: to.Ptr("indicator--a2b6a95e-2108-4a38-bd49-ef95811bbcd7"),
// 			ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
// 			},
// 			GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
// 			},
// 			KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
// 			},
// 			LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:20:38.6161887Z"),
// 			Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
// 			PatternType: to.Ptr("url"),
// 			Revoked: to.Ptr(false),
// 			Source: to.Ptr("Azure Sentinel"),
// 			ThreatIntelligenceTags: []*string{
// 				to.Ptr("new schema")},
// 				ThreatTypes: []*string{
// 					to.Ptr("compromised")},
// 					ValidFrom: to.Ptr("2021-09-15T17:44:00.114052Z"),
// 				},
// 			},
// 			                        }

Output:

func (*ThreatIntelligenceIndicatorClient) Delete 

func (client *ThreatIntelligenceIndicatorClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, name string, options *ThreatIntelligenceIndicatorClientDeleteOptions) (ThreatIntelligenceIndicatorClientDeleteResponse, error)

Delete - Delete a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • name - Threat intelligence indicator name field.
  • options - ThreatIntelligenceIndicatorClientDeleteOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/DeleteThreatIntelligence.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewThreatIntelligenceIndicatorClient().Delete(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*ThreatIntelligenceIndicatorClient) Get 

func (client *ThreatIntelligenceIndicatorClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, name string, options *ThreatIntelligenceIndicatorClientGetOptions) (ThreatIntelligenceIndicatorClientGetResponse, error)

Get - View a threat intelligence indicator by name. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • name - Threat intelligence indicator name field.
  • options - ThreatIntelligenceIndicatorClientGetOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/GetThreatIntelligenceById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewThreatIntelligenceIndicatorClient().Get(ctx, "myRg", "myWorkspace", "e16ef847-962e-d7b6-9c8b-a33e4bd30e47", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.ThreatIntelligenceIndicatorClientGetResponse{
// 	                            ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{
// 		Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
// 		ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
// 		Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""),
// 		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
// 		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
// 			Description: to.Ptr("debugging indicators"),
// 			Confidence: to.Ptr[int32](78),
// 			Created: to.Ptr("2021-04-15T19:51:17.1050923Z"),
// 			CreatedByRef: to.Ptr("aztestConnectors@dataconnector.ccsctp.net"),
// 			DisplayName: to.Ptr("updated indicator"),
// 			ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"),
// 			ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
// 			},
// 			GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
// 			},
// 			KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
// 			},
// 			LastUpdatedTimeUTC: to.Ptr("2021-04-15T20:18:49.2259902Z"),
// 			Pattern: to.Ptr("[url:value = 'https://abc.com']"),
// 			PatternType: to.Ptr("url"),
// 			Revoked: to.Ptr(false),
// 			Source: to.Ptr("Azure Sentinel"),
// 			ThreatIntelligenceTags: []*string{
// 				to.Ptr("patching tags")},
// 				ThreatTypes: []*string{
// 					to.Ptr("compromised")},
// 					ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"),
// 				},
// 			},
// 			                        }

Output:

func (*ThreatIntelligenceIndicatorClient) NewQueryIndicatorsPager 

func (client *ThreatIntelligenceIndicatorClient) NewQueryIndicatorsPager(resourceGroupName string, workspaceName string, threatIntelligenceFilteringCriteria ThreatIntelligenceFilteringCriteria, options *ThreatIntelligenceIndicatorClientQueryIndicatorsOptions) *runtime.Pager[ThreatIntelligenceIndicatorClientQueryIndicatorsResponse]

NewQueryIndicatorsPager - Query threat intelligence indicators as per filtering criteria.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • threatIntelligenceFilteringCriteria - Filtering criteria for querying threat intelligence indicators.
  • options - ThreatIntelligenceIndicatorClientQueryIndicatorsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.NewQueryIndicatorsPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/QueryThreatIntelligence.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewThreatIntelligenceIndicatorClient().NewQueryIndicatorsPager("myRg", "myWorkspace", armsecurityinsights.ThreatIntelligenceFilteringCriteria{
	MaxConfidence: to.Ptr[int32](80),
	MaxValidUntil: to.Ptr("2021-04-25T17:44:00.114052Z"),
	MinConfidence: to.Ptr[int32](25),
	MinValidUntil: to.Ptr("2021-04-05T17:44:00.114052Z"),
	PageSize:      to.Ptr[int32](100),
	SortBy: []*armsecurityinsights.ThreatIntelligenceSortingCriteria{
		{
			ItemKey:   to.Ptr("lastUpdatedTimeUtc"),
			SortOrder: to.Ptr(armsecurityinsights.ThreatIntelligenceSortingCriteriaEnumDescending),
		}},
	Sources: []*string{
		to.Ptr("Azure Sentinel")},
}, nil)
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.ThreatIntelligenceInformationList = armsecurityinsights.ThreatIntelligenceInformationList{
	// 	Value: []armsecurityinsights.ThreatIntelligenceInformationClassification{
	// 		&armsecurityinsights.ThreatIntelligenceIndicatorModel{
	// 			Name: to.Ptr("27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
	// 			ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"),
	// 			Etag: to.Ptr("\"00002f2c-0000-0800-0000-5e976a8e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
	// 			Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
	// 				Description: to.Ptr("debugging indicators 2"),
	// 				Confidence: to.Ptr[int32](90),
	// 				Created: to.Ptr("2021-04-15T20:11:57.9666134Z"),
	// 				CreatedByRef: to.Ptr("contoso@contoso.com"),
	// 				DisplayName: to.Ptr("new schema 2"),
	// 				ExternalID: to.Ptr("indicator--8516d567-0daa-4614-8745-e3591e1b48cf"),
	// 				ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
	// 				},
	// 				GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
	// 				},
	// 				KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
	// 				},
	// 				LastUpdatedTimeUTC: to.Ptr("2020-04-15T20:15:11.0746926Z"),
	// 				ParsedPattern: []*armsecurityinsights.ThreatIntelligenceParsedPattern{
	// 					{
	// 						PatternTypeKey: to.Ptr("network-traffic"),
	// 						PatternTypeValues: []*armsecurityinsights.ThreatIntelligenceParsedPatternTypeValue{
	// 							{
	// 								Value: to.Ptr("SSH-2.0-PuTTY_Release_0.64"),
	// 								ValueType: to.Ptr("0"),
	// 							},
	// 							{
	// 								Value: to.Ptr("194.88.106.146"),
	// 								ValueType: to.Ptr("1"),
	// 						}},
	// 				}},
	// 				Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
	// 				PatternType: to.Ptr("url"),
	// 				Revoked: to.Ptr(false),
	// 				Source: to.Ptr("Azure Sentinel"),
	// 				ThreatIntelligenceTags: []*string{
	// 					to.Ptr("new schema")},
	// 					ThreatTypes: []*string{
	// 						to.Ptr("compromised")},
	// 						ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"),
	// 					},
	// 				},
	// 				&armsecurityinsights.ThreatIntelligenceIndicatorModel{
	// 					Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
	// 					Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
	// 					ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
	// 					Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""),
	// 					Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
	// 					Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
	// 						Description: to.Ptr("debugging indicators"),
	// 						Confidence: to.Ptr[int32](78),
	// 						Created: to.Ptr("2021-04-15T19:51:17.1050923Z"),
	// 						CreatedByRef: to.Ptr("contoso@contoso.com"),
	// 						DisplayName: to.Ptr("updated indicator"),
	// 						ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"),
	// 						ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
	// 						},
	// 						GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
	// 						},
	// 						KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
	// 						},
	// 						LastUpdatedTimeUTC: to.Ptr("2021-04-15T20:15:11.074903Z"),
	// 						Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
	// 						PatternType: to.Ptr("url"),
	// 						Revoked: to.Ptr(false),
	// 						Source: to.Ptr("Azure Sentinel"),
	// 						ThreatIntelligenceTags: []*string{
	// 							to.Ptr("patching tags")},
	// 							ThreatTypes: []*string{
	// 								to.Ptr("compromised")},
	// 								ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"),
	// 							},
	// 					}},
	// 				}
}

Output:

func (*ThreatIntelligenceIndicatorClient) ReplaceTags 

func (client *ThreatIntelligenceIndicatorClient) ReplaceTags(ctx context.Context, resourceGroupName string, workspaceName string, name string, threatIntelligenceReplaceTags ThreatIntelligenceIndicatorModel, options *ThreatIntelligenceIndicatorClientReplaceTagsOptions) (ThreatIntelligenceIndicatorClientReplaceTagsResponse, error)

ReplaceTags - Replace tags added to a threat intelligence indicator. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • name - Threat intelligence indicator name field.
  • threatIntelligenceReplaceTags - Tags in the threat intelligence indicator to be replaced.
  • options - ThreatIntelligenceIndicatorClientReplaceTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.ReplaceTags method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/ReplaceTagsThreatIntelligence.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewThreatIntelligenceIndicatorClient().ReplaceTags(ctx, "myRg", "myWorkspace", "d9cd6f0b-96b9-3984-17cd-a779d1e15a93", armsecurityinsights.ThreatIntelligenceIndicatorModel{
	Etag: to.Ptr("\"0000262c-0000-0800-0000-5e9767060000\""),
	Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
	Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
		ThreatIntelligenceTags: []*string{
			to.Ptr("patching tags")},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armsecurityinsights.ThreatIntelligenceIndicatorClientReplaceTagsResponse{
// 	                            ThreatIntelligenceInformationClassification: &armsecurityinsights.ThreatIntelligenceIndicatorModel{
// 		Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
// 		Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
// 		ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
// 		Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""),
// 		Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
// 		Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
// 			Description: to.Ptr("debugging indicators"),
// 			Confidence: to.Ptr[int32](78),
// 			Created: to.Ptr("2021-04-15T19:51:17.1050923Z"),
// 			CreatedByRef: to.Ptr("aztestConnectors@dataconnector.ccsctp.net"),
// 			DisplayName: to.Ptr("updated indicator"),
// 			ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"),
// 			ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
// 			},
// 			GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
// 			},
// 			KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
// 			},
// 			LastUpdatedTimeUTC: to.Ptr("2021-04-15T19:56:08.828946Z"),
// 			Pattern: to.Ptr("[url:value = 'https://abc.com']"),
// 			PatternType: to.Ptr("url"),
// 			Revoked: to.Ptr(false),
// 			Source: to.Ptr("Azure Sentinel"),
// 			ThreatIntelligenceTags: []*string{
// 				to.Ptr("patching tags")},
// 				ThreatTypes: []*string{
// 					to.Ptr("compromised")},
// 					ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"),
// 				},
// 			},
// 			                        }

Output:

type ThreatIntelligenceIndicatorClientAppendTagsOptions 

type ThreatIntelligenceIndicatorClientAppendTagsOptions struct {
}

ThreatIntelligenceIndicatorClientAppendTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.AppendTags method.

type ThreatIntelligenceIndicatorClientAppendTagsResponse 

type ThreatIntelligenceIndicatorClientAppendTagsResponse struct {
}

ThreatIntelligenceIndicatorClientAppendTagsResponse contains the response from method ThreatIntelligenceIndicatorClient.AppendTags.

type ThreatIntelligenceIndicatorClientCreateIndicatorOptions 

type ThreatIntelligenceIndicatorClientCreateIndicatorOptions struct {
}

ThreatIntelligenceIndicatorClientCreateIndicatorOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.CreateIndicator method.

type ThreatIntelligenceIndicatorClientCreateIndicatorResponse 

type ThreatIntelligenceIndicatorClientCreateIndicatorResponse struct {
	ThreatIntelligenceInformationClassification
}

ThreatIntelligenceIndicatorClientCreateIndicatorResponse contains the response from method ThreatIntelligenceIndicatorClient.CreateIndicator.

func (*ThreatIntelligenceIndicatorClientCreateIndicatorResponse) UnmarshalJSON 

func (t *ThreatIntelligenceIndicatorClientCreateIndicatorResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorClientCreateIndicatorResponse.

type ThreatIntelligenceIndicatorClientCreateOptions 

type ThreatIntelligenceIndicatorClientCreateOptions struct {
}

ThreatIntelligenceIndicatorClientCreateOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Create method.

type ThreatIntelligenceIndicatorClientCreateResponse 

type ThreatIntelligenceIndicatorClientCreateResponse struct {
	ThreatIntelligenceInformationClassification
}

ThreatIntelligenceIndicatorClientCreateResponse contains the response from method ThreatIntelligenceIndicatorClient.Create.

func (*ThreatIntelligenceIndicatorClientCreateResponse) UnmarshalJSON 

func (t *ThreatIntelligenceIndicatorClientCreateResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorClientCreateResponse.

type ThreatIntelligenceIndicatorClientDeleteOptions 

type ThreatIntelligenceIndicatorClientDeleteOptions struct {
}

ThreatIntelligenceIndicatorClientDeleteOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Delete method.

type ThreatIntelligenceIndicatorClientDeleteResponse 

type ThreatIntelligenceIndicatorClientDeleteResponse struct {
}

ThreatIntelligenceIndicatorClientDeleteResponse contains the response from method ThreatIntelligenceIndicatorClient.Delete.

type ThreatIntelligenceIndicatorClientGetOptions 

type ThreatIntelligenceIndicatorClientGetOptions struct {
}

ThreatIntelligenceIndicatorClientGetOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.Get method.

type ThreatIntelligenceIndicatorClientGetResponse 

type ThreatIntelligenceIndicatorClientGetResponse struct {
	ThreatIntelligenceInformationClassification
}

ThreatIntelligenceIndicatorClientGetResponse contains the response from method ThreatIntelligenceIndicatorClient.Get.

func (*ThreatIntelligenceIndicatorClientGetResponse) UnmarshalJSON 

func (t *ThreatIntelligenceIndicatorClientGetResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorClientGetResponse.

type ThreatIntelligenceIndicatorClientQueryIndicatorsOptions 

type ThreatIntelligenceIndicatorClientQueryIndicatorsOptions struct {
}

ThreatIntelligenceIndicatorClientQueryIndicatorsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.NewQueryIndicatorsPager method.

type ThreatIntelligenceIndicatorClientQueryIndicatorsResponse 

type ThreatIntelligenceIndicatorClientQueryIndicatorsResponse struct {
	ThreatIntelligenceInformationList
}

ThreatIntelligenceIndicatorClientQueryIndicatorsResponse contains the response from method ThreatIntelligenceIndicatorClient.NewQueryIndicatorsPager.

type ThreatIntelligenceIndicatorClientReplaceTagsOptions 

type ThreatIntelligenceIndicatorClientReplaceTagsOptions struct {
}

ThreatIntelligenceIndicatorClientReplaceTagsOptions contains the optional parameters for the ThreatIntelligenceIndicatorClient.ReplaceTags method.

type ThreatIntelligenceIndicatorClientReplaceTagsResponse 

type ThreatIntelligenceIndicatorClientReplaceTagsResponse struct {
	ThreatIntelligenceInformationClassification
}

ThreatIntelligenceIndicatorClientReplaceTagsResponse contains the response from method ThreatIntelligenceIndicatorClient.ReplaceTags.

func (*ThreatIntelligenceIndicatorClientReplaceTagsResponse) UnmarshalJSON 

func (t *ThreatIntelligenceIndicatorClientReplaceTagsResponse) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorClientReplaceTagsResponse.

type ThreatIntelligenceIndicatorMetricsClient 

type ThreatIntelligenceIndicatorMetricsClient struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorMetricsClient contains the methods for the ThreatIntelligenceIndicatorMetrics group. Don't use this type directly, use NewThreatIntelligenceIndicatorMetricsClient() instead.

func NewThreatIntelligenceIndicatorMetricsClient 

func NewThreatIntelligenceIndicatorMetricsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ThreatIntelligenceIndicatorMetricsClient, error)

NewThreatIntelligenceIndicatorMetricsClient creates a new instance of ThreatIntelligenceIndicatorMetricsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ThreatIntelligenceIndicatorMetricsClient) List 

func (client *ThreatIntelligenceIndicatorMetricsClient) List(ctx context.Context, resourceGroupName string, workspaceName string, options *ThreatIntelligenceIndicatorMetricsClientListOptions) (ThreatIntelligenceIndicatorMetricsClientListResponse, error)

List - Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - ThreatIntelligenceIndicatorMetricsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorMetricsClient.List method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/CollectThreatIntelligenceMetrics.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewThreatIntelligenceIndicatorMetricsClient().List(ctx, "myRg", "myWorkspace", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ThreatIntelligenceMetricsList = armsecurityinsights.ThreatIntelligenceMetricsList{
// 	Value: []*armsecurityinsights.ThreatIntelligenceMetrics{
// 		{
// 			Properties: &armsecurityinsights.ThreatIntelligenceMetric{
// 				LastUpdatedTimeUTC: to.Ptr("2021-09-01T19:44:44.117403Z"),
// 				PatternTypeMetrics: []*armsecurityinsights.ThreatIntelligenceMetricEntity{
// 					{
// 						MetricName: to.Ptr("url"),
// 						MetricValue: to.Ptr[int32](20),
// 				}},
// 				SourceMetrics: []*armsecurityinsights.ThreatIntelligenceMetricEntity{
// 					{
// 						MetricName: to.Ptr("Azure Sentinel"),
// 						MetricValue: to.Ptr[int32](10315),
// 					},
// 					{
// 						MetricName: to.Ptr("zinga"),
// 						MetricValue: to.Ptr[int32](2),
// 				}},
// 				ThreatTypeMetrics: []*armsecurityinsights.ThreatIntelligenceMetricEntity{
// 					{
// 						MetricName: to.Ptr("compromised"),
// 						MetricValue: to.Ptr[int32](20),
// 				}},
// 			},
// 	}},
// }

Output:

type ThreatIntelligenceIndicatorMetricsClientListOptions 

type ThreatIntelligenceIndicatorMetricsClientListOptions struct {
}

ThreatIntelligenceIndicatorMetricsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorMetricsClient.List method.

type ThreatIntelligenceIndicatorMetricsClientListResponse 

type ThreatIntelligenceIndicatorMetricsClientListResponse struct {
	ThreatIntelligenceMetricsList
}

ThreatIntelligenceIndicatorMetricsClientListResponse contains the response from method ThreatIntelligenceIndicatorMetricsClient.List.

type ThreatIntelligenceIndicatorModel 

type ThreatIntelligenceIndicatorModel struct {
	// REQUIRED; The kind of the entity.
	Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Threat Intelligence Entity properties
	Properties *ThreatIntelligenceIndicatorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ThreatIntelligenceIndicatorModel - Threat intelligence indicator entity.

func (*ThreatIntelligenceIndicatorModel) GetThreatIntelligenceInformation 

func (t *ThreatIntelligenceIndicatorModel) GetThreatIntelligenceInformation() *ThreatIntelligenceInformation

GetThreatIntelligenceInformation implements the ThreatIntelligenceInformationClassification interface for type ThreatIntelligenceIndicatorModel.

func (ThreatIntelligenceIndicatorModel) MarshalJSON 

func (t ThreatIntelligenceIndicatorModel) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorModel.

func (*ThreatIntelligenceIndicatorModel) UnmarshalJSON 

func (t *ThreatIntelligenceIndicatorModel) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorModel.

type ThreatIntelligenceIndicatorProperties 

type ThreatIntelligenceIndicatorProperties struct {
	// Confidence of threat intelligence entity
	Confidence *int32 `json:"confidence,omitempty"`

	// Created by
	Created *string `json:"created,omitempty"`

	// Created by reference of threat intelligence entity
	CreatedByRef *string `json:"createdByRef,omitempty"`

	// Is threat intelligence entity defanged
	Defanged *bool `json:"defanged,omitempty"`

	// Description of a threat intelligence entity
	Description *string `json:"description,omitempty"`

	// Display name of a threat intelligence entity
	DisplayName *string `json:"displayName,omitempty"`

	// Extensions map
	Extensions map[string]any `json:"extensions,omitempty"`

	// External ID of threat intelligence entity
	ExternalID *string `json:"externalId,omitempty"`

	// External last updated time in UTC
	ExternalLastUpdatedTimeUTC *string `json:"externalLastUpdatedTimeUtc,omitempty"`

	// External References
	ExternalReferences []*ThreatIntelligenceExternalReference `json:"externalReferences,omitempty"`

	// Granular Markings
	GranularMarkings []*ThreatIntelligenceGranularMarkingModel `json:"granularMarkings,omitempty"`

	// Indicator types of threat intelligence entities
	IndicatorTypes []*string `json:"indicatorTypes,omitempty"`

	// Kill chain phases
	KillChainPhases []*ThreatIntelligenceKillChainPhase `json:"killChainPhases,omitempty"`

	// Labels of threat intelligence entity
	Labels []*string `json:"labels,omitempty"`

	// Language of threat intelligence entity
	Language *string `json:"language,omitempty"`

	// Last updated time in UTC
	LastUpdatedTimeUTC *string `json:"lastUpdatedTimeUtc,omitempty"`

	// Modified by
	Modified *string `json:"modified,omitempty"`

	// Threat intelligence entity object marking references
	ObjectMarkingRefs []*string `json:"objectMarkingRefs,omitempty"`

	// Parsed patterns
	ParsedPattern []*ThreatIntelligenceParsedPattern `json:"parsedPattern,omitempty"`

	// Pattern of a threat intelligence entity
	Pattern *string `json:"pattern,omitempty"`

	// Pattern type of a threat intelligence entity
	PatternType *string `json:"patternType,omitempty"`

	// Pattern version of a threat intelligence entity
	PatternVersion *string `json:"patternVersion,omitempty"`

	// Is threat intelligence entity revoked
	Revoked *bool `json:"revoked,omitempty"`

	// Source of a threat intelligence entity
	Source *string `json:"source,omitempty"`

	// List of tags
	ThreatIntelligenceTags []*string `json:"threatIntelligenceTags,omitempty"`

	// Threat types
	ThreatTypes []*string `json:"threatTypes,omitempty"`

	// Valid from
	ValidFrom *string `json:"validFrom,omitempty"`

	// Valid until
	ValidUntil *string `json:"validUntil,omitempty"`

	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`
}

ThreatIntelligenceIndicatorProperties - Describes threat intelligence entity properties

func (ThreatIntelligenceIndicatorProperties) MarshalJSON 

func (t ThreatIntelligenceIndicatorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceIndicatorProperties.

func (*ThreatIntelligenceIndicatorProperties) UnmarshalJSON 

func (t *ThreatIntelligenceIndicatorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceIndicatorProperties.

type ThreatIntelligenceIndicatorsClient 

type ThreatIntelligenceIndicatorsClient struct {
	// contains filtered or unexported fields
}

ThreatIntelligenceIndicatorsClient contains the methods for the ThreatIntelligenceIndicators group. Don't use this type directly, use NewThreatIntelligenceIndicatorsClient() instead.

func NewThreatIntelligenceIndicatorsClient 

func NewThreatIntelligenceIndicatorsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*ThreatIntelligenceIndicatorsClient, error)

NewThreatIntelligenceIndicatorsClient creates a new instance of ThreatIntelligenceIndicatorsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*ThreatIntelligenceIndicatorsClient) NewListPager 

func (client *ThreatIntelligenceIndicatorsClient) NewListPager(resourceGroupName string, workspaceName string, options *ThreatIntelligenceIndicatorsClientListOptions) *runtime.Pager[ThreatIntelligenceIndicatorsClientListResponse]

NewListPager - Get all threat intelligence indicators.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - ThreatIntelligenceIndicatorsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/threatintelligence/GetThreatIntelligence.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewThreatIntelligenceIndicatorsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.ThreatIntelligenceIndicatorsClientListOptions{Filter: nil,
	Orderby:   nil,
	Top:       nil,
	SkipToken: nil,
})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.ThreatIntelligenceInformationList = armsecurityinsights.ThreatIntelligenceInformationList{
	// 	Value: []armsecurityinsights.ThreatIntelligenceInformationClassification{
	// 		&armsecurityinsights.ThreatIntelligenceIndicatorModel{
	// 			Name: to.Ptr("27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
	// 			ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/27d963e6-e6e4-e0f9-e9d7-c53985b3bbe8"),
	// 			Etag: to.Ptr("\"00002f2c-0000-0800-0000-5e976a8e0000\""),
	// 			Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
	// 			Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
	// 				Description: to.Ptr("debugging indicators"),
	// 				Confidence: to.Ptr[int32](90),
	// 				Created: to.Ptr("2021-04-15T20:11:57.9666134Z"),
	// 				CreatedByRef: to.Ptr("contoso@contoso.com"),
	// 				DisplayName: to.Ptr("new schema 2"),
	// 				ExternalID: to.Ptr("indicator--8516d567-0daa-4614-8745-e3591e1b48cf"),
	// 				ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
	// 				},
	// 				GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
	// 				},
	// 				KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
	// 				},
	// 				LastUpdatedTimeUTC: to.Ptr("2021-04-15T20:15:11.0746926Z"),
	// 				Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
	// 				PatternType: to.Ptr("url"),
	// 				Revoked: to.Ptr(false),
	// 				Source: to.Ptr("Azure Sentinel"),
	// 				ThreatIntelligenceTags: []*string{
	// 					to.Ptr("new schema")},
	// 					ThreatTypes: []*string{
	// 						to.Ptr("compromised")},
	// 						ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"),
	// 					},
	// 				},
	// 				&armsecurityinsights.ThreatIntelligenceIndicatorModel{
	// 					Name: to.Ptr("e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
	// 					Type: to.Ptr("Microsoft.SecurityInsights/ThreatIntelligence"),
	// 					ID: to.Ptr("/subscriptions/bd794837-4d29-4647-9105-6339bfdb4e6a/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/ThreatIntelligence/e16ef847-962e-d7b6-9c8b-a33e4bd30e47"),
	// 					Etag: to.Ptr("\"00002a2c-0000-0800-0000-5e97683b0000\""),
	// 					Kind: to.Ptr(armsecurityinsights.ThreatIntelligenceResourceKindEnumIndicator),
	// 					Properties: &armsecurityinsights.ThreatIntelligenceIndicatorProperties{
	// 						Description: to.Ptr("debugging indicators"),
	// 						Confidence: to.Ptr[int32](78),
	// 						Created: to.Ptr("2021-04-15T19:51:17.1050923Z"),
	// 						CreatedByRef: to.Ptr("contoso@contoso.com"),
	// 						DisplayName: to.Ptr("updated indicator"),
	// 						ExternalID: to.Ptr("indicator--73be1729-babb-4348-a6c4-94621cae2530"),
	// 						ExternalReferences: []*armsecurityinsights.ThreatIntelligenceExternalReference{
	// 						},
	// 						GranularMarkings: []*armsecurityinsights.ThreatIntelligenceGranularMarkingModel{
	// 						},
	// 						KillChainPhases: []*armsecurityinsights.ThreatIntelligenceKillChainPhase{
	// 						},
	// 						LastUpdatedTimeUTC: to.Ptr("2021-04-15T20:15:11.074903Z"),
	// 						Pattern: to.Ptr("[url:value = 'https://www.contoso.com']"),
	// 						PatternType: to.Ptr("url"),
	// 						Revoked: to.Ptr(false),
	// 						Source: to.Ptr("Azure Sentinel"),
	// 						ThreatIntelligenceTags: []*string{
	// 							to.Ptr("patching tags")},
	// 							ThreatTypes: []*string{
	// 								to.Ptr("compromised")},
	// 								ValidFrom: to.Ptr("2021-04-15T17:44:00.114052Z"),
	// 							},
	// 					}},
	// 				}
}

Output:

type ThreatIntelligenceIndicatorsClientListOptions 

type ThreatIntelligenceIndicatorsClientListOptions struct {
	// Filters the results, based on a Boolean condition. Optional.
	Filter *string
	// Sorts the results. Optional.
	Orderby *string
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
	// Returns only the first n results. Optional.
	Top *int32
}

ThreatIntelligenceIndicatorsClientListOptions contains the optional parameters for the ThreatIntelligenceIndicatorsClient.NewListPager method.

type ThreatIntelligenceIndicatorsClientListResponse 

type ThreatIntelligenceIndicatorsClientListResponse struct {
	ThreatIntelligenceInformationList
}

ThreatIntelligenceIndicatorsClientListResponse contains the response from method ThreatIntelligenceIndicatorsClient.NewListPager.

type ThreatIntelligenceInformation 

type ThreatIntelligenceInformation struct {
	// REQUIRED; The kind of the entity.
	Kind *ThreatIntelligenceResourceKindEnum `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

ThreatIntelligenceInformation - Threat intelligence information object.

func (*ThreatIntelligenceInformation) GetThreatIntelligenceInformation 

func (t *ThreatIntelligenceInformation) GetThreatIntelligenceInformation() *ThreatIntelligenceInformation

GetThreatIntelligenceInformation implements the ThreatIntelligenceInformationClassification interface for type ThreatIntelligenceInformation.

func (ThreatIntelligenceInformation) MarshalJSON 

func (t ThreatIntelligenceInformation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceInformation.

func (*ThreatIntelligenceInformation) UnmarshalJSON 

func (t *ThreatIntelligenceInformation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceInformation.

type ThreatIntelligenceInformationClassification 

type ThreatIntelligenceInformationClassification interface {
	// GetThreatIntelligenceInformation returns the ThreatIntelligenceInformation content of the underlying type.
	GetThreatIntelligenceInformation() *ThreatIntelligenceInformation
}

ThreatIntelligenceInformationClassification provides polymorphic access to related types. Call the interface's GetThreatIntelligenceInformation() method to access the common type. Use a type switch to determine the concrete type. The possible types are: - *ThreatIntelligenceIndicatorModel, *ThreatIntelligenceInformation

type ThreatIntelligenceInformationList 

type ThreatIntelligenceInformationList struct {
	// REQUIRED; Array of threat intelligence information objects.
	Value []ThreatIntelligenceInformationClassification `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of information objects.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

ThreatIntelligenceInformationList - List of all the threat intelligence information objects.

func (ThreatIntelligenceInformationList) MarshalJSON 

func (t ThreatIntelligenceInformationList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceInformationList.

func (*ThreatIntelligenceInformationList) UnmarshalJSON 

func (t *ThreatIntelligenceInformationList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceInformationList.

type ThreatIntelligenceKillChainPhase 

type ThreatIntelligenceKillChainPhase struct {
	// Kill chainName name
	KillChainName *string `json:"killChainName,omitempty"`

	// Phase name
	PhaseName *string `json:"phaseName,omitempty"`
}

ThreatIntelligenceKillChainPhase - Describes threat kill chain phase entity

func (ThreatIntelligenceKillChainPhase) MarshalJSON 

func (t ThreatIntelligenceKillChainPhase) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceKillChainPhase.

func (*ThreatIntelligenceKillChainPhase) UnmarshalJSON 

func (t *ThreatIntelligenceKillChainPhase) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceKillChainPhase.

type ThreatIntelligenceMetric 

type ThreatIntelligenceMetric struct {
	// Last updated indicator metric
	LastUpdatedTimeUTC *string `json:"lastUpdatedTimeUtc,omitempty"`

	// Pattern type metrics
	PatternTypeMetrics []*ThreatIntelligenceMetricEntity `json:"patternTypeMetrics,omitempty"`

	// Source metrics
	SourceMetrics []*ThreatIntelligenceMetricEntity `json:"sourceMetrics,omitempty"`

	// Threat type metrics
	ThreatTypeMetrics []*ThreatIntelligenceMetricEntity `json:"threatTypeMetrics,omitempty"`
}

ThreatIntelligenceMetric - Describes threat intelligence metric

func (ThreatIntelligenceMetric) MarshalJSON 

func (t ThreatIntelligenceMetric) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetric.

func (*ThreatIntelligenceMetric) UnmarshalJSON 

func (t *ThreatIntelligenceMetric) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetric.

type ThreatIntelligenceMetricEntity 

type ThreatIntelligenceMetricEntity struct {
	// Metric name
	MetricName *string `json:"metricName,omitempty"`

	// Metric value
	MetricValue *int32 `json:"metricValue,omitempty"`
}

ThreatIntelligenceMetricEntity - Describes threat intelligence metric entity

func (ThreatIntelligenceMetricEntity) MarshalJSON 

func (t ThreatIntelligenceMetricEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetricEntity.

func (*ThreatIntelligenceMetricEntity) UnmarshalJSON 

func (t *ThreatIntelligenceMetricEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetricEntity.

type ThreatIntelligenceMetrics 

type ThreatIntelligenceMetrics struct {
	// Threat intelligence metrics.
	Properties *ThreatIntelligenceMetric `json:"properties,omitempty"`
}

ThreatIntelligenceMetrics - Threat intelligence metrics.

func (ThreatIntelligenceMetrics) MarshalJSON 

func (t ThreatIntelligenceMetrics) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetrics.

func (*ThreatIntelligenceMetrics) UnmarshalJSON 

func (t *ThreatIntelligenceMetrics) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetrics.

type ThreatIntelligenceMetricsList 

type ThreatIntelligenceMetricsList struct {
	// REQUIRED; Array of threat intelligence metric fields (type/threat type/source).
	Value []*ThreatIntelligenceMetrics `json:"value,omitempty"`
}

ThreatIntelligenceMetricsList - List of all the threat intelligence metric fields (type/threat type/source).

func (ThreatIntelligenceMetricsList) MarshalJSON 

func (t ThreatIntelligenceMetricsList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceMetricsList.

func (*ThreatIntelligenceMetricsList) UnmarshalJSON 

func (t *ThreatIntelligenceMetricsList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceMetricsList.

type ThreatIntelligenceParsedPattern 

type ThreatIntelligenceParsedPattern struct {
	// Pattern type key
	PatternTypeKey *string `json:"patternTypeKey,omitempty"`

	// Pattern type keys
	PatternTypeValues []*ThreatIntelligenceParsedPatternTypeValue `json:"patternTypeValues,omitempty"`
}

ThreatIntelligenceParsedPattern - Describes parsed pattern entity

func (ThreatIntelligenceParsedPattern) MarshalJSON 

func (t ThreatIntelligenceParsedPattern) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceParsedPattern.

func (*ThreatIntelligenceParsedPattern) UnmarshalJSON 

func (t *ThreatIntelligenceParsedPattern) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceParsedPattern.

type ThreatIntelligenceParsedPatternTypeValue 

type ThreatIntelligenceParsedPatternTypeValue struct {
	// Value of parsed pattern
	Value *string `json:"value,omitempty"`

	// Type of the value
	ValueType *string `json:"valueType,omitempty"`
}

ThreatIntelligenceParsedPatternTypeValue - Describes threat kill chain phase entity

func (ThreatIntelligenceParsedPatternTypeValue) MarshalJSON 

func (t ThreatIntelligenceParsedPatternTypeValue) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceParsedPatternTypeValue.

func (*ThreatIntelligenceParsedPatternTypeValue) UnmarshalJSON 

func (t *ThreatIntelligenceParsedPatternTypeValue) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceParsedPatternTypeValue.

type ThreatIntelligenceResourceKindEnum 

type ThreatIntelligenceResourceKindEnum string

ThreatIntelligenceResourceKindEnum - The kind of the threat intelligence entity 

const (
	// ThreatIntelligenceResourceKindEnumIndicator - Entity represents threat intelligence indicator in the system.
	ThreatIntelligenceResourceKindEnumIndicator ThreatIntelligenceResourceKindEnum = "indicator"
)

func PossibleThreatIntelligenceResourceKindEnumValues 

func PossibleThreatIntelligenceResourceKindEnumValues() []ThreatIntelligenceResourceKindEnum

PossibleThreatIntelligenceResourceKindEnumValues returns the possible values for the ThreatIntelligenceResourceKindEnum const type.

type ThreatIntelligenceSortingCriteria 

type ThreatIntelligenceSortingCriteria struct {
	// Column name
	ItemKey *string `json:"itemKey,omitempty"`

	// Sorting order (ascending/descending/unsorted).
	SortOrder *ThreatIntelligenceSortingCriteriaEnum `json:"sortOrder,omitempty"`
}

ThreatIntelligenceSortingCriteria - List of available columns for sorting

func (ThreatIntelligenceSortingCriteria) MarshalJSON 

func (t ThreatIntelligenceSortingCriteria) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ThreatIntelligenceSortingCriteria.

func (*ThreatIntelligenceSortingCriteria) UnmarshalJSON 

func (t *ThreatIntelligenceSortingCriteria) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ThreatIntelligenceSortingCriteria.

type ThreatIntelligenceSortingCriteriaEnum 

type ThreatIntelligenceSortingCriteriaEnum string

ThreatIntelligenceSortingCriteriaEnum - Sorting order (ascending/descending/unsorted). 

const (
	ThreatIntelligenceSortingCriteriaEnumAscending  ThreatIntelligenceSortingCriteriaEnum = "ascending"
	ThreatIntelligenceSortingCriteriaEnumDescending ThreatIntelligenceSortingCriteriaEnum = "descending"
	ThreatIntelligenceSortingCriteriaEnumUnsorted   ThreatIntelligenceSortingCriteriaEnum = "unsorted"
)

func PossibleThreatIntelligenceSortingCriteriaEnumValues 

func PossibleThreatIntelligenceSortingCriteriaEnumValues() []ThreatIntelligenceSortingCriteriaEnum

PossibleThreatIntelligenceSortingCriteriaEnumValues returns the possible values for the ThreatIntelligenceSortingCriteriaEnum const type.

type TiTaxiiCheckRequirements 

type TiTaxiiCheckRequirements struct {
	// REQUIRED; Describes the kind of connector to be checked.
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Threat Intelligence TAXII check required properties.
	Properties *TiTaxiiCheckRequirementsProperties `json:"properties,omitempty"`
}

TiTaxiiCheckRequirements - Threat Intelligence TAXII data connector check requirements

func (*TiTaxiiCheckRequirements) GetDataConnectorsCheckRequirements 

func (t *TiTaxiiCheckRequirements) GetDataConnectorsCheckRequirements() *DataConnectorsCheckRequirements

GetDataConnectorsCheckRequirements implements the DataConnectorsCheckRequirementsClassification interface for type TiTaxiiCheckRequirements.

func (TiTaxiiCheckRequirements) MarshalJSON 

func (t TiTaxiiCheckRequirements) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TiTaxiiCheckRequirements.

func (*TiTaxiiCheckRequirements) UnmarshalJSON 

func (t *TiTaxiiCheckRequirements) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiCheckRequirements.

type TiTaxiiCheckRequirementsProperties 

type TiTaxiiCheckRequirementsProperties struct {
	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`
}

TiTaxiiCheckRequirementsProperties - Threat Intelligence TAXII data connector required properties.

func (TiTaxiiCheckRequirementsProperties) MarshalJSON 

func (t TiTaxiiCheckRequirementsProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TiTaxiiCheckRequirementsProperties.

func (*TiTaxiiCheckRequirementsProperties) UnmarshalJSON 

func (t *TiTaxiiCheckRequirementsProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiCheckRequirementsProperties.

type TiTaxiiDataConnector 

type TiTaxiiDataConnector struct {
	// REQUIRED; The data connector kind
	Kind *DataConnectorKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Threat intelligence TAXII data connector properties.
	Properties *TiTaxiiDataConnectorProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

TiTaxiiDataConnector - Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server

func (*TiTaxiiDataConnector) GetDataConnector 

func (t *TiTaxiiDataConnector) GetDataConnector() *DataConnector

GetDataConnector implements the DataConnectorClassification interface for type TiTaxiiDataConnector.

func (TiTaxiiDataConnector) MarshalJSON 

func (t TiTaxiiDataConnector) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnector.

func (*TiTaxiiDataConnector) UnmarshalJSON 

func (t *TiTaxiiDataConnector) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnector.

type TiTaxiiDataConnectorDataTypes 

type TiTaxiiDataConnectorDataTypes struct {
	// REQUIRED; Data type for TAXII connector.
	TaxiiClient *TiTaxiiDataConnectorDataTypesTaxiiClient `json:"taxiiClient,omitempty"`
}

TiTaxiiDataConnectorDataTypes - The available data types for Threat Intelligence TAXII data connector.

func (TiTaxiiDataConnectorDataTypes) MarshalJSON 

func (t TiTaxiiDataConnectorDataTypes) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnectorDataTypes.

func (*TiTaxiiDataConnectorDataTypes) UnmarshalJSON 

func (t *TiTaxiiDataConnectorDataTypes) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnectorDataTypes.

type TiTaxiiDataConnectorDataTypesTaxiiClient 

type TiTaxiiDataConnectorDataTypesTaxiiClient struct {
	// REQUIRED; Describe whether this data type connection is enabled or not.
	State *DataTypeState `json:"state,omitempty"`
}

TiTaxiiDataConnectorDataTypesTaxiiClient - Data type for TAXII connector.

func (TiTaxiiDataConnectorDataTypesTaxiiClient) MarshalJSON 

func (t TiTaxiiDataConnectorDataTypesTaxiiClient) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnectorDataTypesTaxiiClient.

func (*TiTaxiiDataConnectorDataTypesTaxiiClient) UnmarshalJSON 

func (t *TiTaxiiDataConnectorDataTypesTaxiiClient) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnectorDataTypesTaxiiClient.

type TiTaxiiDataConnectorProperties 

type TiTaxiiDataConnectorProperties struct {
	// REQUIRED; The available data types for Threat Intelligence TAXII data connector.
	DataTypes *TiTaxiiDataConnectorDataTypes `json:"dataTypes,omitempty"`

	// REQUIRED; The polling frequency for the TAXII server.
	PollingFrequency *PollingFrequency `json:"pollingFrequency,omitempty"`

	// REQUIRED; The tenant id to connect to, and get the data from.
	TenantID *string `json:"tenantId,omitempty"`

	// The collection id of the TAXII server.
	CollectionID *string `json:"collectionId,omitempty"`

	// The friendly name for the TAXII server.
	FriendlyName *string `json:"friendlyName,omitempty"`

	// The password for the TAXII server.
	Password *string `json:"password,omitempty"`

	// The lookback period for the TAXII server.
	TaxiiLookbackPeriod *time.Time `json:"taxiiLookbackPeriod,omitempty"`

	// The API root for the TAXII server.
	TaxiiServer *string `json:"taxiiServer,omitempty"`

	// The userName for the TAXII server.
	UserName *string `json:"userName,omitempty"`

	// The workspace id.
	WorkspaceID *string `json:"workspaceId,omitempty"`
}

TiTaxiiDataConnectorProperties - Threat Intelligence TAXII data connector properties.

func (TiTaxiiDataConnectorProperties) MarshalJSON 

func (t TiTaxiiDataConnectorProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TiTaxiiDataConnectorProperties.

func (*TiTaxiiDataConnectorProperties) UnmarshalJSON 

func (t *TiTaxiiDataConnectorProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TiTaxiiDataConnectorProperties.

type TimelineAggregation 

type TimelineAggregation struct {
	// REQUIRED; the total items found for a kind
	Count *int32 `json:"count,omitempty"`

	// REQUIRED; the query kind
	Kind *EntityTimelineKind `json:"kind,omitempty"`
}

TimelineAggregation - timeline aggregation information per kind

func (TimelineAggregation) MarshalJSON 

func (t TimelineAggregation) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TimelineAggregation.

func (*TimelineAggregation) UnmarshalJSON 

func (t *TimelineAggregation) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TimelineAggregation.

type TimelineError 

type TimelineError struct {
	// REQUIRED; the error message
	ErrorMessage *string `json:"errorMessage,omitempty"`

	// REQUIRED; the query kind
	Kind *EntityTimelineKind `json:"kind,omitempty"`

	// the query id
	QueryID *string `json:"queryId,omitempty"`
}

TimelineError - Timeline Query Errors.

func (TimelineError) MarshalJSON 

func (t TimelineError) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TimelineError.

func (*TimelineError) UnmarshalJSON 

func (t *TimelineError) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TimelineError.

type TimelineResultsMetadata 

type TimelineResultsMetadata struct {
	// REQUIRED; timeline aggregation per kind
	Aggregations []*TimelineAggregation `json:"aggregations,omitempty"`

	// REQUIRED; the total items found for the timeline request
	TotalCount *int32 `json:"totalCount,omitempty"`

	// information about the failure queries
	Errors []*TimelineError `json:"errors,omitempty"`
}

TimelineResultsMetadata - Expansion result metadata.

func (TimelineResultsMetadata) MarshalJSON 

func (t TimelineResultsMetadata) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type TimelineResultsMetadata.

func (*TimelineResultsMetadata) UnmarshalJSON 

func (t *TimelineResultsMetadata) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type TimelineResultsMetadata.

type TriggerOperator 

type TriggerOperator string

TriggerOperator - The operation against the threshold that triggers alert rule. 

const (
	TriggerOperatorGreaterThan TriggerOperator = "GreaterThan"
	TriggerOperatorLessThan    TriggerOperator = "LessThan"
	TriggerOperatorEqual       TriggerOperator = "Equal"
	TriggerOperatorNotEqual    TriggerOperator = "NotEqual"
)

func PossibleTriggerOperatorValues 

func PossibleTriggerOperatorValues() []TriggerOperator

PossibleTriggerOperatorValues returns the possible values for the TriggerOperator const type.

type TriggersOn 

type TriggersOn string
const (
	// TriggersOnAlerts - Trigger on Alerts
	TriggersOnAlerts TriggersOn = "Alerts"
	// TriggersOnIncidents - Trigger on Incidents
	TriggersOnIncidents TriggersOn = "Incidents"
)

func PossibleTriggersOnValues 

func PossibleTriggersOnValues() []TriggersOn

PossibleTriggersOnValues returns the possible values for the TriggersOn const type.

type TriggersWhen 

type TriggersWhen string
const (
	// TriggersWhenCreated - Trigger on created objects
	TriggersWhenCreated TriggersWhen = "Created"
	// TriggersWhenUpdated - Trigger on updated objects
	TriggersWhenUpdated TriggersWhen = "Updated"
)

func PossibleTriggersWhenValues 

func PossibleTriggersWhenValues() []TriggersWhen

PossibleTriggersWhenValues returns the possible values for the TriggersWhen const type.

type URLEntity 

type URLEntity struct {
	// REQUIRED; The kind of the entity.
	Kind *EntityKind `json:"kind,omitempty"`

	// Url entity properties
	Properties *URLEntityProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

URLEntity - Represents a url entity.

func (*URLEntity) GetEntity 

func (u *URLEntity) GetEntity() *Entity

GetEntity implements the EntityClassification interface for type URLEntity.

func (URLEntity) MarshalJSON 

func (u URLEntity) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type URLEntity.

func (*URLEntity) UnmarshalJSON 

func (u *URLEntity) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type URLEntity.

type URLEntityProperties 

type URLEntityProperties struct {
	// READ-ONLY; A bag of custom fields that should be part of the entity and will be presented to the user.
	AdditionalData map[string]any `json:"additionalData,omitempty" azure:"ro"`

	// READ-ONLY; The graph item display name which is a short humanly readable description of the graph item instance. This property
	// is optional and might be system generated.
	FriendlyName *string `json:"friendlyName,omitempty" azure:"ro"`

	// READ-ONLY; A full URL the entity points to
	URL *string `json:"url,omitempty" azure:"ro"`
}

URLEntityProperties - Url entity property bag.

func (URLEntityProperties) MarshalJSON 

func (u URLEntityProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type URLEntityProperties.

func (*URLEntityProperties) UnmarshalJSON 

func (u *URLEntityProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type URLEntityProperties.

type Ueba 

type Ueba struct {
	// REQUIRED; The kind of the setting
	Kind *SettingKind `json:"kind,omitempty"`

	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Ueba properties
	Properties *UebaProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Ueba - Settings with single toggle.

func (*Ueba) GetSettings 

func (u *Ueba) GetSettings() *Settings

GetSettings implements the SettingsClassification interface for type Ueba.

func (Ueba) MarshalJSON 

func (u Ueba) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Ueba.

func (*Ueba) UnmarshalJSON 

func (u *Ueba) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Ueba.

type UebaDataSources 

type UebaDataSources string

UebaDataSources - The data source that enriched by ueba. 

const (
	UebaDataSourcesAuditLogs     UebaDataSources = "AuditLogs"
	UebaDataSourcesAzureActivity UebaDataSources = "AzureActivity"
	UebaDataSourcesSecurityEvent UebaDataSources = "SecurityEvent"
	UebaDataSourcesSigninLogs    UebaDataSources = "SigninLogs"
)

func PossibleUebaDataSourcesValues 

func PossibleUebaDataSourcesValues() []UebaDataSources

PossibleUebaDataSourcesValues returns the possible values for the UebaDataSources const type.

type UebaProperties 

type UebaProperties struct {
	// The relevant data sources that enriched by ueba
	DataSources []*UebaDataSources `json:"dataSources,omitempty"`
}

UebaProperties - Ueba property bag.

func (UebaProperties) MarshalJSON 

func (u UebaProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type UebaProperties.

func (*UebaProperties) UnmarshalJSON 

func (u *UebaProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type UebaProperties.

type UserInfo 

type UserInfo struct {
	// The object id of the user.
	ObjectID *string `json:"objectId,omitempty"`

	// READ-ONLY; The email of the user.
	Email *string `json:"email,omitempty" azure:"ro"`

	// READ-ONLY; The name of the user.
	Name *string `json:"name,omitempty" azure:"ro"`
}

UserInfo - User information that made some action

func (UserInfo) MarshalJSON 

func (u UserInfo) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type UserInfo.

func (*UserInfo) UnmarshalJSON 

func (u *UserInfo) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type UserInfo.

type ValidationError 

type ValidationError struct {
	// The number of the record that has the error.
	RecordIndex *int32 `json:"recordIndex,omitempty"`

	// READ-ONLY; A list of descriptions of the error.
	ErrorMessages []*string `json:"errorMessages,omitempty" azure:"ro"`
}

ValidationError - Describes an error encountered in the file during validation.

func (ValidationError) MarshalJSON 

func (v ValidationError) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type ValidationError.

func (*ValidationError) UnmarshalJSON 

func (v *ValidationError) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type ValidationError.

type Version 

type Version string

Version - The version of the source control. 

const (
	VersionV1 Version = "V1"
	VersionV2 Version = "V2"
)

func PossibleVersionValues 

func PossibleVersionValues() []Version

PossibleVersionValues returns the possible values for the Version const type.

type Watchlist 

type Watchlist struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Watchlist properties
	Properties *WatchlistProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

Watchlist - Represents a Watchlist in Azure Security Insights.

func (Watchlist) MarshalJSON 

func (w Watchlist) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Watchlist.

func (*Watchlist) UnmarshalJSON 

func (w *Watchlist) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Watchlist.

type WatchlistItem 

type WatchlistItem struct {
	// Etag of the azure resource
	Etag *string `json:"etag,omitempty"`

	// Watchlist Item properties
	Properties *WatchlistItemProperties `json:"properties,omitempty"`

	// READ-ONLY; Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
	ID *string `json:"id,omitempty" azure:"ro"`

	// READ-ONLY; The name of the resource
	Name *string `json:"name,omitempty" azure:"ro"`

	// READ-ONLY; Azure Resource Manager metadata containing createdBy and modifiedBy information.
	SystemData *SystemData `json:"systemData,omitempty" azure:"ro"`

	// READ-ONLY; The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
	Type *string `json:"type,omitempty" azure:"ro"`
}

WatchlistItem - Represents a Watchlist item in Azure Security Insights.

func (WatchlistItem) MarshalJSON 

func (w WatchlistItem) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistItem.

func (*WatchlistItem) UnmarshalJSON 

func (w *WatchlistItem) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistItem.

type WatchlistItemList 

type WatchlistItemList struct {
	// REQUIRED; Array of watchlist items.
	Value []*WatchlistItem `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of watchlist item.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

WatchlistItemList - List all the watchlist items.

func (WatchlistItemList) MarshalJSON 

func (w WatchlistItemList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistItemList.

func (*WatchlistItemList) UnmarshalJSON 

func (w *WatchlistItemList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistItemList.

type WatchlistItemProperties 

type WatchlistItemProperties struct {
	// REQUIRED; key-value pairs for a watchlist item
	ItemsKeyValue map[string]any `json:"itemsKeyValue,omitempty"`

	// The time the watchlist item was created
	Created *time.Time `json:"created,omitempty"`

	// Describes a user that created the watchlist item
	CreatedBy *UserInfo `json:"createdBy,omitempty"`

	// key-value pairs for a watchlist item entity mapping
	EntityMapping map[string]any `json:"entityMapping,omitempty"`

	// A flag that indicates if the watchlist item is deleted or not
	IsDeleted *bool `json:"isDeleted,omitempty"`

	// The tenantId to which the watchlist item belongs to
	TenantID *string `json:"tenantId,omitempty"`

	// The last time the watchlist item was updated
	Updated *time.Time `json:"updated,omitempty"`

	// Describes a user that updated the watchlist item
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`

	// The id (a Guid) of the watchlist item
	WatchlistItemID *string `json:"watchlistItemId,omitempty"`

	// The type of the watchlist item
	WatchlistItemType *string `json:"watchlistItemType,omitempty"`
}

WatchlistItemProperties - Describes watchlist item properties

func (WatchlistItemProperties) MarshalJSON 

func (w WatchlistItemProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistItemProperties.

func (*WatchlistItemProperties) UnmarshalJSON 

func (w *WatchlistItemProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistItemProperties.

type WatchlistItemsClient 

type WatchlistItemsClient struct {
	// contains filtered or unexported fields
}

WatchlistItemsClient contains the methods for the WatchlistItems group. Don't use this type directly, use NewWatchlistItemsClient() instead.

func NewWatchlistItemsClient 

func NewWatchlistItemsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*WatchlistItemsClient, error)

NewWatchlistItemsClient creates a new instance of WatchlistItemsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*WatchlistItemsClient) CreateOrUpdate 

func (client *WatchlistItemsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, watchlistItem WatchlistItem, options *WatchlistItemsClientCreateOrUpdateOptions) (WatchlistItemsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Creates or updates a watchlist item. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - Watchlist Alias
  • watchlistItemID - Watchlist Item Id (GUID)
  • watchlistItem - The watchlist item
  • options - WatchlistItemsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistItemsClient.CreateOrUpdate method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/CreateWatchlistItem.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewWatchlistItemsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "highValueAsset", "82ba292c-dc97-4dfc-969d-d4dd9e666842", armsecurityinsights.WatchlistItem{
	Etag: to.Ptr("0300bf09-0000-0000-0000-5c37296e0000"),
	Properties: &armsecurityinsights.WatchlistItemProperties{
		ItemsKeyValue: map[string]any{
			"Business tier":  "10.0.2.0/24",
			"Data tier":      "10.0.2.0/24",
			"Gateway subnet": "10.0.255.224/27",
			"Private DMZ in": "10.0.0.0/27",
			"Public DMZ out": "10.0.0.96/27",
			"Web Tier":       "10.0.1.0/24",
		},
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.WatchlistItem = armsecurityinsights.WatchlistItem{
// 	Type: to.Ptr("Microsoft.SecurityInsights/Watchlists/WatchlistItems"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/82ba292c-dc97-4dfc-969d-d4dd9e666842"),
// 	Etag: to.Ptr("0300bf09-0000-0000-0000-5c37296e0000"),
// 	Properties: &armsecurityinsights.WatchlistItemProperties{
// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-11-15T04:58:56.0748363+00:00"); return t}()),
// 		CreatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		IsDeleted: to.Ptr(false),
// 		ItemsKeyValue: map[string]any{
// 			"Business tier": "10.0.2.0/24",
// 			"Data tier": "10.0.2.0/24",
// 			"Gateway subnet": "10.0.255.224/27",
// 			"Private DMZ in": "10.0.0.0/27",
// 			"Public DMZ out": "10.0.0.96/27",
// 			"Web Tier": "10.0.1.0/24",
// 		},
// 		TenantID: to.Ptr("4008512e-1d30-48b2-9ee2-d3612ed9d3ea"),
// 		Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-11-16T16:05:20+00:00"); return t}()),
// 		UpdatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		WatchlistItemID: to.Ptr("82ba292c-dc97-4dfc-969d-d4dd9e666842"),
// 		WatchlistItemType: to.Ptr("watchlist-item"),
// 	},
// }

Output:

func (*WatchlistItemsClient) Delete 

func (client *WatchlistItemsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientDeleteOptions) (WatchlistItemsClientDeleteResponse, error)

Delete - Delete a watchlist item. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - Watchlist Alias
  • watchlistItemID - Watchlist Item Id (GUID)
  • options - WatchlistItemsClientDeleteOptions contains the optional parameters for the WatchlistItemsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/DeleteWatchlistItem.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewWatchlistItemsClient().Delete(ctx, "myRg", "myWorkspace", "highValueAsset", "4008512e-1d30-48b2-9ee2-d3612ed9d3ea", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*WatchlistItemsClient) Get 

func (client *WatchlistItemsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlistItemID string, options *WatchlistItemsClientGetOptions) (WatchlistItemsClientGetResponse, error)

Get - Gets a watchlist, without its watchlist items. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - Watchlist Alias
  • watchlistItemID - Watchlist Item Id (GUID)
  • options - WatchlistItemsClientGetOptions contains the optional parameters for the WatchlistItemsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/GetWatchlistItemById.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewWatchlistItemsClient().Get(ctx, "myRg", "myWorkspace", "highValueAsset", "3f8901fe-63d9-4875-9ad5-9fb3b8105797", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.WatchlistItem = armsecurityinsights.WatchlistItem{
// 	Name: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/Watchlists/WatchlistItems"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576"),
// 	Etag: to.Ptr("\"f2089bfa-0000-0d00-0000-601c58b42021\""),
// 	Properties: &armsecurityinsights.WatchlistItemProperties{
// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T12:27:32.3783333-08:00"); return t}()),
// 		CreatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		EntityMapping: map[string]any{
// 		},
// 		IsDeleted: to.Ptr(false),
// 		ItemsKeyValue: map[string]any{
// 			"Header-1": "v1_1",
// 			"Header-2": "v1_2",
// 			"Header-3": "v1_3",
// 			"Header-4": "v1_4",
// 			"Header-5": "v1_5",
// 		},
// 		TenantID: to.Ptr("3f8901fe-63d9-4875-9ad5-9fb3b8105797"),
// 		Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T12:27:32.3783333-08:00"); return t}()),
// 		UpdatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		WatchlistItemID: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"),
// 		WatchlistItemType: to.Ptr("watchlist-item"),
// 	},
// }

Output:

func (*WatchlistItemsClient) NewListPager 

func (client *WatchlistItemsClient) NewListPager(resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistItemsClientListOptions) *runtime.Pager[WatchlistItemsClientListResponse]

NewListPager - Gets all watchlist Items.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - Watchlist Alias
  • options - WatchlistItemsClientListOptions contains the optional parameters for the WatchlistItemsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/GetWatchlistItems.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewWatchlistItemsClient().NewListPager("myRg", "myWorkspace", "highValueAsset", &armsecurityinsights.WatchlistItemsClientListOptions{SkipToken: nil})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.WatchlistItemList = armsecurityinsights.WatchlistItemList{
	// 	Value: []*armsecurityinsights.WatchlistItem{
	// 		{
	// 			Name: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/Watchlists/WatchlistItems"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/Watchlists/highValueAsset/WatchlistItems/fd37d325-7090-47fe-851a-5b5a00c3f576"),
	// 			Etag: to.Ptr("\"f2089bfa-0000-0d00-0000-601c58b42021\""),
	// 			Properties: &armsecurityinsights.WatchlistItemProperties{
	// 				Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T12:27:32.3783333-08:00"); return t}()),
	// 				CreatedBy: &armsecurityinsights.UserInfo{
	// 					Name: to.Ptr("john doe"),
	// 					Email: to.Ptr("john@contoso.com"),
	// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 				},
	// 				EntityMapping: map[string]any{
	// 				},
	// 				IsDeleted: to.Ptr(false),
	// 				ItemsKeyValue: map[string]any{
	// 					"Header-1": "v1_1",
	// 					"Header-2": "v1_2",
	// 					"Header-3": "v1_3",
	// 					"Header-4": "v1_4",
	// 					"Header-5": "v1_5",
	// 				},
	// 				TenantID: to.Ptr("3f8901fe-63d9-4875-9ad5-9fb3b8105797"),
	// 				Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2021-02-04T12:27:32.3783333-08:00"); return t}()),
	// 				UpdatedBy: &armsecurityinsights.UserInfo{
	// 					Name: to.Ptr("john doe"),
	// 					Email: to.Ptr("john@contoso.com"),
	// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 				},
	// 				WatchlistItemID: to.Ptr("fd37d325-7090-47fe-851a-5b5a00c3f576"),
	// 				WatchlistItemType: to.Ptr("watchlist-item"),
	// 			},
	// 	}},
	// }
}

Output:

type WatchlistItemsClientCreateOrUpdateOptions 

type WatchlistItemsClientCreateOrUpdateOptions struct {
}

WatchlistItemsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistItemsClient.CreateOrUpdate method.

type WatchlistItemsClientCreateOrUpdateResponse 

type WatchlistItemsClientCreateOrUpdateResponse struct {
	WatchlistItem
}

WatchlistItemsClientCreateOrUpdateResponse contains the response from method WatchlistItemsClient.CreateOrUpdate.

type WatchlistItemsClientDeleteOptions 

type WatchlistItemsClientDeleteOptions struct {
}

WatchlistItemsClientDeleteOptions contains the optional parameters for the WatchlistItemsClient.Delete method.

type WatchlistItemsClientDeleteResponse 

type WatchlistItemsClientDeleteResponse struct {
}

WatchlistItemsClientDeleteResponse contains the response from method WatchlistItemsClient.Delete.

type WatchlistItemsClientGetOptions 

type WatchlistItemsClientGetOptions struct {
}

WatchlistItemsClientGetOptions contains the optional parameters for the WatchlistItemsClient.Get method.

type WatchlistItemsClientGetResponse 

type WatchlistItemsClientGetResponse struct {
	WatchlistItem
}

WatchlistItemsClientGetResponse contains the response from method WatchlistItemsClient.Get.

type WatchlistItemsClientListOptions 

type WatchlistItemsClientListOptions struct {
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
}

WatchlistItemsClientListOptions contains the optional parameters for the WatchlistItemsClient.NewListPager method.

type WatchlistItemsClientListResponse 

type WatchlistItemsClientListResponse struct {
	WatchlistItemList
}

WatchlistItemsClientListResponse contains the response from method WatchlistItemsClient.NewListPager.

type WatchlistList 

type WatchlistList struct {
	// REQUIRED; Array of watchlist.
	Value []*Watchlist `json:"value,omitempty"`

	// READ-ONLY; URL to fetch the next set of watchlists.
	NextLink *string `json:"nextLink,omitempty" azure:"ro"`
}

WatchlistList - List all the watchlists.

func (WatchlistList) MarshalJSON 

func (w WatchlistList) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistList.

func (*WatchlistList) UnmarshalJSON 

func (w *WatchlistList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistList.

type WatchlistProperties 

type WatchlistProperties struct {
	// REQUIRED; The display name of the watchlist
	DisplayName *string `json:"displayName,omitempty"`

	// REQUIRED; The search key is used to optimize query performance when using watchlists for joins with other data. For example,
	// enable a column with IP addresses to be the designated SearchKey field, then use this
	// field as the key field when joining to other event data by IP address.
	ItemsSearchKey *string `json:"itemsSearchKey,omitempty"`

	// REQUIRED; The provider of the watchlist
	Provider *string `json:"provider,omitempty"`

	// The content type of the raw content. Example : text/csv or text/tsv
	ContentType *string `json:"contentType,omitempty"`

	// The time the watchlist was created
	Created *time.Time `json:"created,omitempty"`

	// Describes a user that created the watchlist
	CreatedBy *UserInfo `json:"createdBy,omitempty"`

	// The default duration of a watchlist (in ISO 8601 duration format)
	DefaultDuration *string `json:"defaultDuration,omitempty"`

	// A description of the watchlist
	Description *string `json:"description,omitempty"`

	// A flag that indicates if the watchlist is deleted or not
	IsDeleted *bool `json:"isDeleted,omitempty"`

	// List of labels relevant to this watchlist
	Labels []*string `json:"labels,omitempty"`

	// The number of lines in a csv/tsv content to skip before the header
	NumberOfLinesToSkip *int32 `json:"numberOfLinesToSkip,omitempty"`

	// The raw content that represents to watchlist items to create. In case of csv/tsv content type, it's the content of the
	// file that will parsed by the endpoint
	RawContent *string `json:"rawContent,omitempty"`

	// The filename of the watchlist, called 'source'
	Source *string `json:"source,omitempty"`

	// The sourceType of the watchlist
	SourceType *SourceType `json:"sourceType,omitempty"`

	// The tenantId where the watchlist belongs to
	TenantID *string `json:"tenantId,omitempty"`

	// The last time the watchlist was updated
	Updated *time.Time `json:"updated,omitempty"`

	// Describes a user that updated the watchlist
	UpdatedBy *UserInfo `json:"updatedBy,omitempty"`

	// The status of the Watchlist upload : New, InProgress or Complete. Pls note : When a Watchlist upload status is equal to
	// InProgress, the Watchlist cannot be deleted
	UploadStatus *string `json:"uploadStatus,omitempty"`

	// The alias of the watchlist
	WatchlistAlias *string `json:"watchlistAlias,omitempty"`

	// The id (a Guid) of the watchlist
	WatchlistID *string `json:"watchlistId,omitempty"`

	// The type of the watchlist
	WatchlistType *string `json:"watchlistType,omitempty"`
}

WatchlistProperties - Describes watchlist properties

func (WatchlistProperties) MarshalJSON 

func (w WatchlistProperties) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type WatchlistProperties.

func (*WatchlistProperties) UnmarshalJSON 

func (w *WatchlistProperties) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type WatchlistProperties.

type WatchlistsClient 

type WatchlistsClient struct {
	// contains filtered or unexported fields
}

WatchlistsClient contains the methods for the Watchlists group. Don't use this type directly, use NewWatchlistsClient() instead.

func NewWatchlistsClient 

func NewWatchlistsClient(subscriptionID string, credential azcore.TokenCredential, options *arm.ClientOptions) (*WatchlistsClient, error)

NewWatchlistsClient creates a new instance of WatchlistsClient with the specified values.

  • subscriptionID - The ID of the target subscription.
  • credential - used to authorize requests. Usually a credential from azidentity.
  • options - pass nil to accept the default values.

func (*WatchlistsClient) CreateOrUpdate 

func (client *WatchlistsClient) CreateOrUpdate(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, watchlist Watchlist, options *WatchlistsClientCreateOrUpdateOptions) (WatchlistsClientCreateOrUpdateResponse, error)

CreateOrUpdate - Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can go up to 500 MB. The status of processing such large file can be polled through the URL returned in Azure-AsyncOperation header. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - Watchlist Alias
  • watchlist - The watchlist
  • options - WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate method.
Example (CreatesOrUpdatesAWatchlist)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/CreateWatchlist.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewWatchlistsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "highValueAsset", armsecurityinsights.Watchlist{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Properties: &armsecurityinsights.WatchlistProperties{
		Description:    to.Ptr("Watchlist from CSV content"),
		DisplayName:    to.Ptr("High Value Assets Watchlist"),
		ItemsSearchKey: to.Ptr("header1"),
		Provider:       to.Ptr("Microsoft"),
		Source:         to.Ptr("watchlist.csv"),
		SourceType:     to.Ptr(armsecurityinsights.SourceTypeLocalFile),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Watchlist = armsecurityinsights.Watchlist{
// 	Name: to.Ptr("highValueAsset"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.WatchlistProperties{
// 		Description: to.Ptr("Watchlist from CSV content"),
// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.7746089+00:00"); return t}()),
// 		CreatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		DisplayName: to.Ptr("High Value Assets Watchlist"),
// 		IsDeleted: to.Ptr(false),
// 		ItemsSearchKey: to.Ptr("header1"),
// 		Provider: to.Ptr("Microsoft"),
// 		Source: to.Ptr("watchlist.csv"),
// 		SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile),
// 		TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"),
// 		Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57+00:00"); return t}()),
// 		UpdatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		WatchlistAlias: to.Ptr("highValueAsset"),
// 		WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"),
// 		WatchlistType: to.Ptr("watchlist"),
// 	},
// }

Output:
Example (CreatesOrUpdatesAWatchlistAndBulkCreatesWatchlistItems)

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/CreateWatchlistAndWatchlistItems.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewWatchlistsClient().CreateOrUpdate(ctx, "myRg", "myWorkspace", "highValueAsset", armsecurityinsights.Watchlist{
	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	Properties: &armsecurityinsights.WatchlistProperties{
		Description:         to.Ptr("Watchlist from CSV content"),
		ContentType:         to.Ptr("text/csv"),
		DisplayName:         to.Ptr("High Value Assets Watchlist"),
		ItemsSearchKey:      to.Ptr("header1"),
		NumberOfLinesToSkip: to.Ptr[int32](1),
		Provider:            to.Ptr("Microsoft"),
		RawContent:          to.Ptr("This line will be skipped\nheader1,header2\nvalue1,value2"),
		Source:              to.Ptr("watchlist.csv"),
		SourceType:          to.Ptr(armsecurityinsights.SourceTypeLocalFile),
	},
}, nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Watchlist = armsecurityinsights.Watchlist{
// 	Name: to.Ptr("highValueAsset"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.WatchlistProperties{
// 		Description: to.Ptr("Watchlist from CSV content"),
// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.7746089+00:00"); return t}()),
// 		CreatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		DisplayName: to.Ptr("High Value Assets Watchlist"),
// 		IsDeleted: to.Ptr(false),
// 		ItemsSearchKey: to.Ptr("header1"),
// 		Provider: to.Ptr("Microsoft"),
// 		Source: to.Ptr("watchlist.csv"),
// 		SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile),
// 		TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"),
// 		Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57+00:00"); return t}()),
// 		UpdatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		WatchlistAlias: to.Ptr("highValueAsset"),
// 		WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"),
// 		WatchlistType: to.Ptr("watchlist"),
// 	},
// }

Output:

func (*WatchlistsClient) Delete 

func (client *WatchlistsClient) Delete(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientDeleteOptions) (WatchlistsClientDeleteResponse, error)

Delete - Delete a watchlist. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - Watchlist Alias
  • options - WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/DeleteWatchlist.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
_, err = clientFactory.NewWatchlistsClient().Delete(ctx, "myRg", "myWorkspace", "highValueAsset", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}

Output:

func (*WatchlistsClient) Get 

func (client *WatchlistsClient) Get(ctx context.Context, resourceGroupName string, workspaceName string, watchlistAlias string, options *WatchlistsClientGetOptions) (WatchlistsClientGetResponse, error)

Get - Gets a watchlist, without its watchlist items. If the operation fails it returns an *azcore.ResponseError type.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • watchlistAlias - Watchlist Alias
  • options - WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/GetWatchlistByAlias.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewWatchlistsClient().Get(ctx, "myRg", "myWorkspace", "highValueAsset", nil)
if err != nil {
	log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Watchlist = armsecurityinsights.Watchlist{
// 	Name: to.Ptr("highValueAsset"),
// 	Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"),
// 	ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"),
// 	Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
// 	Properties: &armsecurityinsights.WatchlistProperties{
// 		Description: to.Ptr("Watchlist from CSV content"),
// 		Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.7746089+00:00"); return t}()),
// 		CreatedBy: &armsecurityinsights.UserInfo{
// 			Name: to.Ptr("john doe"),
// 			Email: to.Ptr("john@contoso.com"),
// 			ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 		},
// 		DefaultDuration: to.Ptr("P1279DT12H30M5S"),
// 		DisplayName: to.Ptr("High Value Assets Watchlist"),
// 		IsDeleted: to.Ptr(false),
// 		ItemsSearchKey: to.Ptr("header1"),
// 		Labels: []*string{
// 			to.Ptr("Tag1"),
// 			to.Ptr("Tag2")},
// 			Provider: to.Ptr("Microsoft"),
// 			Source: to.Ptr("watchlist.csv"),
// 			SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile),
// 			TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"),
// 			Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57+00:00"); return t}()),
// 			UpdatedBy: &armsecurityinsights.UserInfo{
// 				Name: to.Ptr("john doe"),
// 				Email: to.Ptr("john@contoso.com"),
// 				ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
// 			},
// 			WatchlistAlias: to.Ptr("highValueAsset"),
// 			WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"),
// 			WatchlistType: to.Ptr("watchlist"),
// 		},
// 	}

Output:

func (*WatchlistsClient) NewListPager 

func (client *WatchlistsClient) NewListPager(resourceGroupName string, workspaceName string, options *WatchlistsClientListOptions) *runtime.Pager[WatchlistsClientListResponse]

NewListPager - Gets all watchlists, without watchlist items.

Generated from API version 2022-09-01-preview

  • resourceGroupName - The name of the resource group. The name is case insensitive.
  • workspaceName - The name of the workspace.
  • options - WatchlistsClientListOptions contains the optional parameters for the WatchlistsClient.NewListPager method.
Example

Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e24bbf6a66cb0a19c072c6f15cee163acbd7acf7/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/examples/watchlists/GetWatchlists.json 

cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
	log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurityinsights.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
	log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewWatchlistsClient().NewListPager("myRg", "myWorkspace", &armsecurityinsights.WatchlistsClientListOptions{SkipToken: nil})
for pager.More() {
	page, err := pager.NextPage(ctx)
	if err != nil {
		log.Fatalf("failed to advance page: %v", err)
	}
	for _, v := range page.Value {
		// You could use page here. We use blank identifier for just demo purposes.
		_ = v
	}
	// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// page.WatchlistList = armsecurityinsights.WatchlistList{
	// 	Value: []*armsecurityinsights.Watchlist{
	// 		{
	// 			Name: to.Ptr("highValueAsset"),
	// 			Type: to.Ptr("Microsoft.SecurityInsights/Watchlists"),
	// 			ID: to.Ptr("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/watchlists/highValueAsset"),
	// 			Etag: to.Ptr("\"0300bf09-0000-0000-0000-5c37296e0000\""),
	// 			Properties: &armsecurityinsights.WatchlistProperties{
	// 				Description: to.Ptr("Watchlist from CSV content"),
	// 				Created: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:54.7746089+00:00"); return t}()),
	// 				CreatedBy: &armsecurityinsights.UserInfo{
	// 					Name: to.Ptr("john doe"),
	// 					Email: to.Ptr("john@contoso.com"),
	// 					ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 				},
	// 				DefaultDuration: to.Ptr("P1279DT12H30M5S"),
	// 				DisplayName: to.Ptr("High Value Assets Watchlist"),
	// 				IsDeleted: to.Ptr(false),
	// 				ItemsSearchKey: to.Ptr("header1"),
	// 				Labels: []*string{
	// 					to.Ptr("Tag1"),
	// 					to.Ptr("Tag2")},
	// 					Provider: to.Ptr("Microsoft"),
	// 					Source: to.Ptr("watchlist.csv"),
	// 					SourceType: to.Ptr(armsecurityinsights.SourceTypeLocalFile),
	// 					TenantID: to.Ptr("f686d426-8d16-42db-81b7-ab578e110ccd"),
	// 					Updated: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-28T00:26:57+00:00"); return t}()),
	// 					UpdatedBy: &armsecurityinsights.UserInfo{
	// 						Name: to.Ptr("john doe"),
	// 						Email: to.Ptr("john@contoso.com"),
	// 						ObjectID: to.Ptr("2046feea-040d-4a46-9e2b-91c2941bfa70"),
	// 					},
	// 					WatchlistAlias: to.Ptr("highValueAsset"),
	// 					WatchlistID: to.Ptr("76d5a51f-ba1f-4038-9d22-59fda38dc017"),
	// 					WatchlistType: to.Ptr("watchlist"),
	// 				},
	// 		}},
	// 	}
}

Output:

type WatchlistsClientCreateOrUpdateOptions 

type WatchlistsClientCreateOrUpdateOptions struct {
}

WatchlistsClientCreateOrUpdateOptions contains the optional parameters for the WatchlistsClient.CreateOrUpdate method.

type WatchlistsClientCreateOrUpdateResponse 

type WatchlistsClientCreateOrUpdateResponse struct {
	Watchlist
	// AzureAsyncOperation contains the information returned from the Azure-AsyncOperation header response.
	AzureAsyncOperation *string
}

WatchlistsClientCreateOrUpdateResponse contains the response from method WatchlistsClient.CreateOrUpdate.

type WatchlistsClientDeleteOptions 

type WatchlistsClientDeleteOptions struct {
}

WatchlistsClientDeleteOptions contains the optional parameters for the WatchlistsClient.Delete method.

type WatchlistsClientDeleteResponse 

type WatchlistsClientDeleteResponse struct {
	// AzureAsyncOperation contains the information returned from the Azure-AsyncOperation header response.
	AzureAsyncOperation *string
}

WatchlistsClientDeleteResponse contains the response from method WatchlistsClient.Delete.

type WatchlistsClientGetOptions 

type WatchlistsClientGetOptions struct {
}

WatchlistsClientGetOptions contains the optional parameters for the WatchlistsClient.Get method.

type WatchlistsClientGetResponse 

type WatchlistsClientGetResponse struct {
	Watchlist
}

WatchlistsClientGetResponse contains the response from method WatchlistsClient.Get.

type WatchlistsClientListOptions 

type WatchlistsClientListOptions struct {
	// Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element,
	// the value of the nextLink element will include a skiptoken parameter that
	// specifies a starting point to use for subsequent calls. Optional.
	SkipToken *string
}

WatchlistsClientListOptions contains the optional parameters for the WatchlistsClient.NewListPager method.

type WatchlistsClientListResponse 

type WatchlistsClientListResponse struct {
	WatchlistList
}

WatchlistsClientListResponse contains the response from method WatchlistsClient.NewListPager.

type Webhook 

type Webhook struct {
	// A flag to instruct the backend service to rotate webhook secret.
	RotateWebhookSecret *bool `json:"rotateWebhookSecret,omitempty"`

	// Unique identifier for the webhook.
	WebhookID *string `json:"webhookId,omitempty"`

	// Time when the webhook secret was updated.
	WebhookSecretUpdateTime *string `json:"webhookSecretUpdateTime,omitempty"`

	// URL that gets invoked by the webhook.
	WebhookURL *string `json:"webhookUrl,omitempty"`
}

Webhook - Detail about the webhook object.

func (Webhook) MarshalJSON 

func (w Webhook) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaller interface for type Webhook.

func (*Webhook) UnmarshalJSON 

func (w *Webhook) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface for type Webhook.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.